Cisco Blogs


Cisco Blog > Security

Consider the Best Approach for Your BYOD Mobility Environment

MDM Today and the Future

Mobile devices have quickly become a mainstay in enterprise environments and continue to be consumer driven, and yet they find their way into our day-to-day business lives. As these new devices are being brought into the work environment by employees, enterprise IT is increasingly being forced to accommodate for business use. This is not new news. We observe this pattern through our customers today and live this phenomenon within our own everyday work environment at Cisco. Here at Cisco, employees have the flexibility to choose their device and to securely connect to voice, video and data services from anywhere under an Any Device policy. Cisco manages over 64,000 mobile devices today.

Read More »

Tags: , , , , , , , , , , ,

Securing a BYOD Environment Requires Deployment Flexibility

April 4, 2013 at 9:00 am PST

When Cisco integrated our Identity Services Engine (ISE) platform with leading mobile device management (MDM) systems, it was clear from the start that we had struck a chord among IT administrators trying to wrestle with the onslaught of employee-owned mobile devices accessing their networks. First and foremost for IT organizations was gaining visibility to all mobile devices — rogue or authorized — that were present on the wireless network. Cisco ISE delivered that capability, providing IT staff with a detailed view of what types of mobile devices were on the network. Coupling that with ISE’s native BYOD enrollment capabilities or the active management capabilities of MDM platforms — as well as network intelligence from the Cisco Wireless Network — was key to gaining full control over this Wild West of mobile devices

Read More »

Tags: , , , , , , , , , , , , , ,

Security Geeks and Wonks Unite!

Are we heading to a day of reckoning, where the forces of cyber crime overwhelm and erase the good things that information technology delivers? If we head down our current path of incremental, individualized approaches to cyber security, the answer is “Yes.” But I’m enough of an optimist to think that if the IT and security geeks and wonks of the world can unite, share information, work hard, and not worry about who gets the credit, we stand a fighting chance. Read More »

Tags: , , , ,

Apache Darkleech Compromises

Dan Goodin, editor at Ars Technica, has been tracking and compiling info on an elusive series of website compromises that could be impacting tens of thousands of otherwise perfectly legitimate sites. While various researchers have reported various segments of the attacks, until Dan’s article, no one had connected the dots and linked them all together.

Dubbed “Darkleech,” thousands of Web servers across the globe running Apache 2.2.2 and above are infected with an SSHD backdoor that allows remote attackers to upload and configure malicious Apache modules. These modules are then used to turn hosted sites into attack sites, dynamically injecting iframes in real-time, only at the moment of visit.

Because the iframes are dynamically injected only when the pages are accessed, this makes discovery and remediation particularly difficult. Further, the attackers employ a sophisticated array of conditional criteria to avoid detection:

  • Checking IP addresses and blacklisting security researchers, site owners, and the compromised hosting providers;
  • Checking User Agents to target specific operating systems (to date, Windows systems);
  • Blacklisting search engine spiders;
  • Checking cookies to “wait list” recent visitors;
  • Checking referrer URLs to ensure visitor is coming in via valid search engine results. Read More »

Tags: , , , , , ,

I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?

April 2, 2013 at 6:00 am PST

“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?”

This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don’t panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

Read More »

Tags: , , , , , , , , , , , ,