Security

Remote Access is Essential for Business Continuity - We Must Bridge the Gap

2009-11-23T07:45:37+00:00

The Bay Bridge, connecting San Francisco to Oakland, California, carries approximately 280,000 vehicles per day. Many of those vehicles are transporting employees to their workplaces in the greater San Francisco-San Jose-Oakland area, which is why those of us who work at Cisco headquarters in San Jose were directly affected or know someone who was by the bridge’s recent and unexpected shutdown. This debacle, caused by failing and falling bridge beams, left thousands of workers stranded, backed up in traffic, or forced to find alternate means of getting to work, such as circuitous commutes, ferries, or public transit. Others found alternate means of working.

Employees with remote access capabilities and those whose jobs do not require full-time, in-person presences could telecommute during the bridge closing. Although this does not seem like a revolutionary notion in our day and age of anywhere, anytime work and with wireless access in every airport, hotel, and coffee shop, are most organizations gearing up all of their essential employees with the capabilities to work remotely? Can businesses ensure business-as-usual during major interruptions, such as severe weather, widespread employee illness, or bridge closings? New data suggests they can not.

Making Sense of Complex Digital Evidence

2009-11-19T17:45:37+00:00

We learned from this past week’s Cyber Risk Report that inane Facebook status updates may in fact have value after all. Rodney Bradford mildly teased his pregnant girlfriend in front of his friends on the social networking site: “On the phone with this fat chick… where my IHOP.” If there was any chance that his “fat chick” was going to be upset about being left out of Rodney’s trip to get some pancakes, or even for being called “fat chick”, I’m betting she’ll give him a pass on this one.

Using this Facebook posting to corroborate an alibi, Rodney’s attorneys were able to convince the district attorney’s office to dismiss an armed robbery case against Bradford. Based on timestamp evidence provided by Facebook, and further alibis provided by Bradford’s family, the DA’s office was certain that Rodney could not have gotten from Harlem to Brooklyn in time to commit the robbery that took place one minutes after he made his now-famous posting.

Do We Need a Global CERT?

2009-11-17T16:21:41+00:00

The idea of a global CERT has been proposed multiple times in the course of several years. And while it has not always been proposed in the same form, the concept is the same nonetheless. The idea is very simple—we need a global CERT (Computer Emergency Response Team) to coordinate all other CERTs in the world.

Let us examine this idea through a dialog between two imaginary people, Mr. Pro and Mr. Con, who will debate some issues related to a global CERT, or G-CERT as we will call it for short. We will start the discussion by asking Mr. Pro to explain the benefit of a G-CERT.

Unintentional Insider Attacks

2009-11-12T16:42:12+00:00

In this week’s Cyber Risk Report, we noted a recent article on CSO Online that mentions a rise in internal security incidents that are caused unintentionally or non-maliciously by employees. Employees, especially younger ones that have a lifelong connection to computers and the Internet, are becoming more involved with technologies and Internet resources in the workplace. As a result, companies are finding that their security policies, and in some cases their perimeters, are being breached by workers who are determined to access files, media, websites, or communities that are considered off-limits. Organizations and their security teams are challenged by the rise in disobedience and disdain for established policy. How can they be stopped?

Cyber Security, or What You Will

2009-11-09T14:10:52+00:00

One of the recurring themes of 2009 for information security professionals has been the term “cyber”—whether used in the context of cyber security, cyberspace, cyber threats, cyber command, or even cyber war. Cyber traces its roots back to the Greek word kybernetes, meaning “governor,” and was picked up in 1948 by writer Norbert Wiener for his book on control sciences and electronic communications, and further extrapolated in 1984 by novelist William Gibson in his book Neuromancer. The term causes no small amount of consternation among industry purists who find the word imprecise and vague. Cyber security, after all, is little more than a shiny new name for what has long been known as information assurance, information security, or critical infrastructure assurance. If there is a reason for the term sticking in the current vernacular, and for simultaneously driving people crazy, it may be attributable to its sci-fi derivation, which evokes nefarious government “Big Brother” images.

The Impact of E-Surveillance on Information Security in India

2009-11-04T22:18:20+00:00

The unabated proliferation of Information Technology has had significant impact on the manner in which organizations conduct their business, effectively rendering geographical boundaries redundant. This impact has been particularly notable in developing countries such as India, which has witnessed a meteoric rise in the use of Information Technology and Information Technology services over the past few years. While immensely contributing to the nation’s economy, this growth has unfortunately also served as an invaluable tool for terrorism and other anti-national activities. Consequently, citing the best interests of the security and safety of its citizens, the government of India has amended its Information Technology Act (2000), which has recently passed into law.

Cisco SIO Delivering Training at Black Hat DC 2010 - Round 2

2009-11-02T12:09:42+00:00

A few months back at Black Hat USA 2009 a few members of Cisco Security Intelligence Operations (SIO) delivered our first, of what is expected to be many, training sessions to conference attendees. Well, here we are three months later with Black Hat DC 2010 just around the corner and we (Cisco SIO) are back on the agenda again to deliver our hands-on Detecting & Mitigating Attacks Using Your Network Infrastructure training session. One small change for round 2 though, John Stuppi will be joining us as an instructor for our training session in Arlington, VA. Welcome aboard John - oh if he only knew what he was getting himself into. ☺

As described in a previous blog post by one of my fellow instructors and esteemed Cisco Security blogger, Tim Sammut, we will be informing and teaching attendees about the built-in features, solutions, and capabilities that exist in devices within your network infrastructure and how to make practical and effective use of the devices to monitor, detect, prevent, and trigger responses to attacks and threats.

Internet Safety for Kids and Parents

2009-10-30T18:13:33+00:00

Cisco is committed to working with the public sector, partners, and customers to ensure cyber security from the workplace to the home. The month of October is National Cyber Security Awareness Month, and as it comes to an end we thought we’d share a short video from Cisco CSO John N. Stewart where he provides tips on Internet safety for kids and parents to protect themselves online.

When it comes to 21^st century education, parents and kids have an important role. Recently, Cisco took that message to Piedmont Middle School in San Jose, CA, with the help of the characters from The Realm.

Considering the Risks and Rewards of Social Media

2009-10-29T18:56:40+00:00

Social media continues to pervade cultures around the globe, and the usefulness and popularity of social media sites and services has been demonstrated in some impressive ways. The power and reach of social media outlets has empowered individuals to make their voice heard around the world in an instant, most often unfiltered and unrestrained. The extent of social media’s influence on individuals’ lives has pulled it into organizations, many of which have embraced these new technologies and sought to leverage them for profit.

Still, the application of blogs, videos, real-time status updates, and online collaboration are cause for concern, in no small part because of the concentration of power in the hands of the individual employing them. Organizations continue to struggle with whether to allow employees to participate in these networks, how to enforce policies, and how to adjust to all that the networks have to offer—even for industries that are built in large part around individual identities, like the entertainment studios discussed in this week’s Cyber Risk Report.

Common Errors Causing DKIM Verification Failures

2009-10-26T12:26:02+00:00

Cisco recently upgraded its email infrastructure to use our IronPort email security appliances to apply and verify DomainKeys Identified Mail (DKIM) signatures on outgoing and incoming email. We had previously been using a prototype implementation of DKIM that we had begun early in the process of standardizing DKIM. In the process, they made available to me some information on DKIM signature verification successes and failures. While we had previously published information on DKIM signature verification showing the increasing deployment of DKIM signing, this is the first time that we have had comprehensive information on signatures that fail to verify. The study involved about 14.2 million messages with DKIM signatures, 5.33% of which failed to verify. The messages came from 16,797 different domains, 10,968 (65%) of which had 100% verification rates and 2,899 of which failed consistently.