I recently traveled to the annual Gartner Security & Risk Management Summit in lovely National Harbor, Maryland with over 2,000 IT Security executives. There was a lot of buzz around Secure BYOD (bring your own device), and most of the major security vendors (including Cisco who I represented) had a story of some sort. Amidst this BYOD buzz, during a session, a man rose his hand and said:
“There is SO much talk about BYOD but I have not heard the industry definition, is there one? It seems it has many meanings to organizations struggling with it and to vendors trying to respond to it.”
This is a very fair question and remark. Most see BYOD as people bringing their own personal device to the office with access to all work-related applications while using it for personal life. Some organizations may say they do NOT have a BYOD policy because they only allow corporate sanctioned devices, but one could argue that is a BYOD policy that says “no personal devices”. A significant take-way was email is still the killer application for organizations to be mobile. I’m not sure my teenage daughter will agree with that, but she is not working for anyone yet.
Although all mobile devices are open to threats, it seems some may be more vulnerable than others – such as Android devices with the OS fragmentation and a more open application store then Apple IOS devices. Further discussions with attendees suggested that there are many stakeholders in crafting the BYOD policy from HR, legal, networking, marketing & sales, and many times IT security is not brought to the table early enough. This can make the BYOD effort even more confusing for the IT security professional. Policy is the common ground for stakeholders to align. Once policy is determined, the network becomes the best vector to set and enforce it with both visibility and control. Russell Rice, Director @ Cisco spoke about the value of a policy-governed network in a standing room only session. You can view his presentation below, and read the white paper on the topic:
Read More »
In the recently posted research paper “Off-Path TCP Sequence Number Inference Attack: How Firewall Middleboxes Reduce Security“, Zhiyun Qian and Z. Morley Mao from the University of Michigan discuss a method to try to infer the sequence numbers in use by a TCP connection – and if successful, how to try to hijack the connection and inject data on it in order to, as an example, steal credentials to web sites (banking, social networking, etc.)
Before talking further about their research, I would like to talk a bit about the Maginot Line. The Maginot Line was a line of fortifications located in France, established after World War I, and roughly following France’s borders with Germany and Italy. The idea behind it: in case of another war with Germany, the line would hold the enemy attacks, giving the French Army the chance to regroup and counterattack. The problem: the line only extended so far up North. So during World War II, and instead of attacking the line from the East, the German army completely bypassed it – by attacking Belgium first and then flanking the line.
So a lot of resources were allocated to set-up defenses for a very specific attack scenario – but that scenario never happened, as an easier way was found to bypass the defenses. And the mere fact of allocating so many resources to counter a specific threat significantly reduced the number of resources available to protect against other threats.
The method posited by Qian and Mao on their research paper strongly reminds me of the assumptions made by the French while building the Maginot Line.
Read More »
Tags: Attack, research, security, TCP
Over the years, numerous cryptographic algorithms have been developed and used in many different protocols and functions. Cryptography is by no means static. Steady advances in computing and in the science of cryptanalysis have made it necessary to continually adopt newer, stronger algorithms, and larger key sizes. Older algorithms are supported in current products to ensure backward compatibility and interoperability. However, some older algorithms and key sizes no longer provide adequate protection from modern threats and should be replaced.
Over the years, some cryptographic algorithms have been deprecated, “broken,” attacked, or proven to be insecure. There have been research publications that compromise or affect the perceived security of almost all algorithms by using reduced step attacks or others (known plaintext, bit flip, and more). Additionally, every year advances in computing reduce the cost of information processing and data storage to retain effective security. Because of Moore’s law, and a similar empirical law for storage costs, symmetric cryptographic keys must grow by 1 bit every 18 months. For an encryption system to have a useful shelf life and securely interoperate with other devices throughout its life span, the system should provide security for 10 or more years into the future. The use of good cryptography is more important now than ever before because of the very real threat of well-funded and knowledgeable attackers.
Next Generation Encryption (NGE) technologies satisfy the security requirements described above while using cryptographic algorithms that scale better. For more information on Legacy, Acceptable, Recommended and NGE algorithms that should be avoided or used in your networks, you can refer to our latest Whitepaper.
Tags: cryptography, data_encryption, encryption, security
Criminals continue to evolve as does the threat landscape. Their targets are your business assets and disrupting the availability of your business operations. Why you ask? Well, it depends on what you have to offer and its value, or who you may have negatively provoked. The risk, impact, and amount of exposure will vary from incident to incident. Some questions to think about. Read More »
Tags: cisco live, Cisco Live 2012, Cisco Security, cisco security lab, Cyber Aikido, lab, security, security lab
Mobility enables the extension of IT resources and application availability to anytime, anyplace, any way. Initially people thought that the “mobility movement” was just hype; however, it is definitely a reality, as it has become ubiquitous with efficiency. All of these new devices and social applications are bringing potential security risks to the enterprise and public sector organizations. The threat landscape ranges from potential data leakage to lost and stolen devices that may contain corporate and private information.
The question now is how can we address the customers’ challenge of enhancing productivity without compromising network security. Cisco’s AnyConnect Secure Mobility Client and the Cisco ASA 5500 Series Adaptive Security Appliances enable desktop and mobile users to connect to the corporate network, giving access to the network from any device based on comprehensive secure access policies. Cisco AnyConnect Secure Mobility Client works in conjunction with Cisco’s IronPort Web security appliance, the Cisco ASA appliance, and also provides integration with ScanSafe, an in-the-cloud Web security solution.
Read More »
Tags: Adaptive Security Appliance, any device, anyconnect, ASA, byod, byod security, Cisco ASA, cisco live, Cisco Live 2012, Cisco Security, cisco security lab, lab, mobility, mobility security, networkers, ScanSafe, secure mobility, security, security lab