Cisco Blogs


Cisco Blog > Security

NCSAM Tip #3: What You Should Consider to be a Secure Password

Passwords are the prevalent means of authentication. Even though there have been many complementary authentication mechanisms and schemes, passwords are used almost everywhere that a user wants to prove that he knows a secret that only he is supposed to know. On the other hand, if someone else can guess that password, along with the username (often easy to find), then he could pretend he is the user and do all sorts of things on his behalf. We have seen multiple examples of corporate executives having their personal email accounts hijacked. We have seen celebrities having their Twitter accounts stolen and posting things they would never do. We also have seen studies that show that a vast majority of users still use standard and pretty easy password to guess.

It is common knowledge that passwords need to be hard to guess; that is a requirement. Andy Balinsky’s post describes some guideliness about choosing numeric passwords (aka for handheld devices). In the same context, David McGrew’s post provides a script that can generate random keys that can be used for pre-shared key authentication. Electronic user passwords are a little different because they involve letters and completely depend on the user (system checks are usually also employed). Users need to be able to chose and remember them in order to use them when needed. But the “hard to guess” and the “easy to remember” requirements don’t go well together and that is the basic challenge.

Read More »

Tags: , ,

NCSAM Tip #2: Keeping Your Software Up-to-Date

As software manufacturers fix security vulnerabilities they will often release new versions of their software for their users. This is a good thing and aims to protect us from many potential online threats, such as trojans that steal our personal information, or scareware that serves no legitimate purpose. However, it begs the question: How do we users learn of this newer software so that we can be protected?

Like most things, the answer is, of course: it depends. ;)

Read More »

Tags: ,

NCSAM Tip #1: Social Networking Safety

October 3, 2011 at 5:00 am PST

In today’s Cyber Security Awareness Month Tip of the Day we revisit a past post to once again focus on the fact that millions of individuals are victims of their own carelessness by freely posting information such as vacation plans and family photos on social networks, and by storing Personally Identifiable Information (PII) such as medical records and financial information on mobile devices. Users are sometimes not sufficiently educated when it comes to what types of information should be shared, and with whom they should be sharing this information.

Read More »

Tags: , , , ,

Cisco Joins the National Cyber Security Awareness Month Party

September 30, 2011 at 6:00 am PST

While the thoughts of many of us may turn to (American) football, Halloween, and raking leaves (at least those of us on the East Coast of the U.S.), the turning of the calendar page to October also means something else to all of us in the cyber security world.  October, 2011 marks the eighth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security, in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). Read More »

Tags: ,

Cisco IOS Security Advisory Bundle – It’s That Time Again

September 28, 2011 at 9:15 am PST

Once again it’s time for Cisco’s semi-annual Cisco IOS Software Security Advisory Bundled Publication. Today’s edition of the bundle contains a total of nine IOS-related advisories and one non-IOS advisory for the Cisco Unified Communications Manager (CUCM) family of products. Included in the 10 Security Advisories are a total of 19 Cisco Bug IDs, each one representing an individual vulnerability.

Read More »

Tags: , , ,