Cisco Blogs


Cisco Blog > Security

Identity Intermediaries and the NSTIC

This is part of an ongoing series on the National Strategy for Trusted Identities in Cyberspace.  The introduction to this series can be found here.

A couple of months ago, I spoke with a security researcher at a conference about the NSTIC.  He questioned the need for an intermediary to manage users’ identity information; he asked why we don’t just do this at the user’s endpoint, eliminating the need for the user to trust an external party.  This is a good place to begin a discussion about the NSTIC architecture.

Read More »

Tags: , ,

It Crawled Out of the Sandbox

Security and functionality have lived on opposite ends of the spectrum since the dawn of time. The door with no lock has always been easier to use than something with multiple chains and dead bolts. Of course, the unlocked door has always been easier to open for those who may want to do bad things.

Read More »

Tags: ,

Introducing the Cisco IOS Software Checker

A new tool called the Cisco IOS Software Checker is now available on the Cisco Security Intelligence Operations (SIO) portal.  This tool introduces a feature that has been long-requested from our customers and will make Cisco product security information much easier to consume and digest.

Security Advisories that are published by the Cisco Product Security Incident Response Team (PSIRT) provide detailed information about security vulnerabilities in Cisco products, including mitigations, affected products and vulnerable and fixed versions of software. Security Advisories affecting Cisco IOS include a table that provides a list of affected Cisco IOS release trains and fixed versions for those trains. Our customers have long asked us for ways to simplify identification of affected software in this table, and so we have developed the Cisco IOS Software Checker for this very purpose. This tool leverages our internal databases to easily provide affected software information without requiring you to manually process the fixed software table.

Read More »

Tags: ,

iPhone Location Tracking: Important, Even if it Doesn’t Matter to You

Apple’s iOS mobile device operating system has recently come under fire in the media for tracking user location, recoverable from device backups of a file called consolidated.db. As we discussed in the Cyber Risk Report, even though Apple has disclosed location tracking via their Privacy Policy, significant commentary online suggests that users are surprised to learn how it is accomplished. The researchers whose efforts have brought this location tracking to wide attention were aware that forensics experts knew about it, but developed their tool to bring this to a wider attention. By all accounts, they have succeeded in raising awareness; what remains is to understand what should be done from here.

Update: Apple responded with a press release on April 27, 2011

Read More »

Tags: , ,

IPv6 Security Testing

In the previous installment of our series of IPv6 security posts, we covered some of the basic things you need to consider when securing your IPv6 network. In this post, we’ll talk about some of the things to consider when performing security testing on your IPv6 product or network. This testing is useful whether you are developing an IPv6 application or simply deploying IPv6 on your network.

Increased Setup Time

Start with an IPv6 environment in which most people do not have a lot of experience. Next throw in the typical dual stack configurations, and it is almost guaranteed that any IPv6 security testing that you perform is likely to take longer than it took you in your IPv4 environment. With dual stack configurations, both IPv4 and IPv6 are viable traffic paths. Therefore, just making sure that your test traffic is actually using IPv6 is one of the first hurdles you will face. So when developing your schedules for performing IPv6 security testing, always allow a little extra time to account for those problems that will almost certainly appear.

Read More »

Tags: , ,