Cisco Blogs


Cisco Blog > Security

Design & Implementation Guide: What’s In a Name?

This may seem to some a rhetorical question, right? It’s in the name! A guide that describes the design and implementation of a system or solution. That seems simple enough. Cisco Design and Implementation Guides (DIGs) can be found in the Cisco Design Zone. Many of these designs are Cisco Validated Designs (CVDs) that include internal or external testing, some are reference designs, and some are visionary architectures or best practices documented by experienced engineers.

As a Network Architect, I came to Cisco to develop CVDs and accelerate business solutions beyond just the “marketecture” vision. I wanted to prove how products and systems can be used to create end-to-end solutions that work better together, more than just the sum of their parts, solving real-world business problems.

Read More »

Tags: , , , , , ,

If You Didn’t Care About HIPAA Before, You May Need to Now

The HIPAA Omnibus Final Rule, released January 2013, greatly expands the number of organizations that must comply with HIPAA beyond the known ‘Covered Entities.’

The Final Rule expands the definition of a Business Associate to include an organization that ‘creates, receives, transmits or maintains’ PHI. Adding the term ‘maintains’ into the definition makes a big difference and will include a lot more businesses than before. The Department of Health and Human Services (HHS) estimates that 250,000 – 500,000 additional entities will be considered a Business Associate and therefore must comply with HIPAA. Read More »

Tags: , , , , ,

Network Threat Defense at Black Hat 2013

Join us at Black Hat 2013 in Las Vegas this July, for our two-day hands-on Network Threat Defense, Countermeasures, and Controls course. Courses will be offered on July 27-28 and July 29-30, and attendees will learn and perform two network security roles. First, as a Security Practitioner, you’ll learn to secure and harden network infrastructure devices, and second, as a Security Incident Response Investigator, you must correctly detect, classify, and mitigate threats attacking a network by configuring and deploying advanced network threat defenses and countermeasures. Learning these roles will help you prepare for and respond to real world threats such as the recent Financial ServicesSpamHaus, and OpUSA Denial of Service Attacks. Read More »

Tags: , , , , , , ,

Network World’s Top VPN Choice: Cisco ASA and AnyConnect

Network World recently completed a competitive review of the leading Virtual Private Networking (VPN) products and the Cisco® Adaptive Security Appliance (ASA) and AnyConnect™.  With a long history of providing market-leading remote access VPN capabilities and optimal usability, Cisco is honored to receive this recognition from Network World based on their hands-on product testing.  Read More »

Tags: , , , , ,

Foundational Network Traffic Collection and Analysis Setup

This introductory post explains how one of Cisco’s security research groups established a network data collection capability for large amounts of network traffic. This capability was necessary to support research into selected aspects of the Domain Name Service (DNS), but it can be adapted for other purposes.

DNS exploitation is frequently the means by which malicious actors seek to disrupt the normal operation of networks. This can include DNS Cache Poisoning, DNS Amplification Attacks and many others. A quick search at cisco.com/security yields a lot of content published, indicating both the criticality and exposures associated with DNS.

Our research required the ability to collect DNS data and extract DNS attributes for various analytical purposes. For this post, I’ll focus on collection capabilities regarding DNS data. Read More »

Tags: , , , ,