Cisco Blogs

Cisco Blog > Security

Online Shopping: A Classic Case of Convenience vs Security

It is certainly a new day and age for many aspects of today’s society. One prominent sector that continues to lead by example in this area is the Internet, more specifically the online shopping environment. Note that online shopping is not a simple matter of go to a website, click “buy,” and checkout. That would be too simple. Ironically the purchase aspect itself tends to be the simplest matter here. The crux of the experience begins with the search and research phase. What exactly does one need/want? Is there a particular brand in mind? Is there a popular alternative? The convenience of asking and gathering answers to these questions and many more begin the journey, and thanks to the power and slew of resources the Internet provides, shoppers are able to search common products, brands, uses, verify details such as durability, ease of use and more based on the numerous rating systems, applications, web 2.0 solutions, social networking, and the ongoing phenomena that continue to evolve. So what does this mean? What does this have to do with security? Quite simply, all of this equates to more TIME on the Internet. Furthermore, the continued rise in scam and theft activities during the holidays is an additional means for concern. As mentioned in a recent Cyber Risk Report Law enforcement and government agencies continue to search and seize counterfeit and fraudulent websites. This includes counterfeit merchandise in addition to fraudulent website domains. More time spent on the Internet means there is more potential for exposure to threats and vulnerabilities. Simple math right? That said, let’s look at some numbers to provide valued context…….

Read More »


Cisco Releases the 2011 Annual Security Report

Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.

Read More »

Tags: , , , , , , , , ,

The .KID Top Level Domain

As a new father and a security professional, it terrifies me to think of my daughter roaming freely around the Internet. However, I feel like restricting her completely will cut off a valuable avenue for education.

Recently, it seems in the media there has been a push to move websites that contain adult content into the .xxx sponsored top level domain (sTLD) in order to easily classify them. While I understand the reasoning for this, there is definitely a large spectrum of additional content which, in my opinion, is unsuitable for children and disallowing access to this sTLD would not provide an adequately restricted environment.

Read More »

Tags: , ,

Social Security Number Sharing: Is Your Social Security Number “Yours”?

It’s happening every day. People are inadvertently sharing one of the most personal and private pieces of information, the infamous social security number (SSN). For Jonathan Barnett, the unbelievable became a reality when he discovered that nearly 50 names were connected to his SSN. The irony is that his credit report and social security earnings records are clean. The nation’s creditors, employers, and many others depend on this identity system predicated on SSNs.

Read More »

Social Engineering: Did you Capture the Flag (CTF)?

The Cyber Risk Report for November 7 through 13 covered the second consecutive Social Engineering Capture the Flag event that was organized by Defcon 19 (a prominent industry “underground” security conference). The event proposes a challenge to competitors with the focus of leveraging social engineering tactics to successfully obtain key company information from a list of prospective companies, with the ultimate goal (based on the past two years) of raising awareness of the threat impact social engineering has on organizations. Furthermore, the competition highlights the common tactics and aspects that social engineers employ. As this year’s competition drew to a close, the Social Engineering CTF Results Report (which provides a debrief of the event, outcomes, and lessons learned) puts an emphasis on the techniques utilized, and the reasons why the respective techniques ultimately succeeded or failed.

Read More »

Tags: ,