Cisco Blogs


Cisco Blog > Security

NCSAM TIP #14: Password Management

The problem

Passwords for computer authentication are as old as multiuser computers, and are not the best form of authentication we have. Certificates are better, but harder to manage. So, for most purposes we are stuck with passwords.

Many people deal with the proliferation of passwords either by using very weak passwords or using the same password in multiple places. The obvious downfall is that if one site gets compromised, you may lose many accounts.

Another problem is using computers you don’t trust. Sometimes you are traveling and need to access your bank from an Internet cafe or hotel computer, which may have keystroke loggers.

The root of the problem is reliance on human memory. Luckily, every time we need a computer password, we have a great memory tool at our fingertips.

Read More »

Tags: ,

Cisco Releases IPS Signature to Detect Alleged German Government Trojan

Earlier today we released IPS Signatures 39866-0 and 39866-1 as part of the S603 update to our Cisco Services for IPS customers. These signatures detect or block network traffic associated with the “R2D2 trojan” allegedly used by German authorities to surveil individuals of interest. Originally discovered and announced by the Chaos Computer Club in Germany, this software contains functionality to install software, monitor and remotely control any computer it is installed upon.

This is not the first time Cisco Security Intelligence Operations has reported on this software. We released a public Malware Alert on 10/13 and discussed it in our weekly Cyber Risk Report. The following caption is from the Cyber Risk Report entry:

Read More »

Tags: , ,

NCSAM Tip #13: Understanding Operational Security Metrics

Many people often think that information and network security is just about technology and how reliable or sophisticated these technologies are. Additionally, many people ask why after spending tons of money on network and security gear, their network still gets hacked, information is lost and business continuity is disrupted. For example, often questions like these run through their minds: “Am I not buying the right security products?  Am I not configuring or deploying them correctly? Do I have the right staff to run my network?

Read More »

Tags: ,

NCSAM Tip #12: Cover Your Company’s Assets When Traveling

As the economy stutters forward and more corporations and businesses begin to lift travel restrictions for employees, more laptops will be traveling, too. National Cyber Security Awareness Month is a good time to rethink an inexpensive, low-tech solution to securing potentially millions of dollars worth of intellectual property and corporate brand protection.

Perhaps you are one of the lucky ones finally able to attend a professional conference. You’ve packed your bags and your laptop, brushed up your industry jargon, made sure the coffee pot is turned off and the cat is fed, and backed out of your driveway to make a happy trip to the airport.

Wait!

Read More »

Tags: ,

NCSAM Tip #11: Security Awareness Where You Live, Work, and Play

With the ever-evolving cyberspace landscape, our reliance on information is at an all-time high. Along with that reliance, comes an increasing focus on our devices. We can all relate to the common, daily scene of people so deeply entrenched in a mobile device chat session that they are almost oblivious to the outside world. This security awareness tip focuses on the boundary outside of that device and how situational awareness can affect security. Securing the physical boundary outside of that computer, laptop, or mobile device can often pay big dividends and thwart attacks. Below is a checklist of physical security awareness items you can add to your toolbox:

Read More »

Tags: ,