Cisco Blogs


Cisco Blog > Security

Live Broadcast: John N. Stewart to Discuss Cyber Security for the Holiday Season

The National Retail Federation predicts that Holiday Shopping this year will grow to $586.1 billion, with a record percentage of those purchases occurring online and from mobile devices.

As more shoppers make purchases online and on their mobile devices, Cyber Monday is fast becoming Mobile Monday, opening up a variety of new threats and challenges for shoppers. And even after the shopping is done, consumers need to take care when they open their presents and turn on new devices for the first time, and know what to expect when they bring their purchases to work or school in early January.

Join us on Wednesday, Nov. 28 at 10:00 AM PT for a live discussion with John N. Stewart, SVP and Chief Security Officer of Global Government and Corporate Security at Cisco. John will address topics ranging from how to stay safe while shopping online, tips for securely setting up gifts you receive, and how to safely bring new devices into work and school in the new year.

Read More »

Tags: , , , ,

November 20th Webinar: Protecting Industrial Control Systems Using Cisco IPS

We invite you to join us for a webinar scheduled for 20 November 2012 where we’ll discuss how to protect Industrial Control Systems using Cisco Intrusion Prevention Systems (IPS).

Industrial control systems is the term used to identify several types of control systems, including supervisory control and data acquisition (SCADA) systems, process control systems (PCSs), and other smaller control system types, such as programmable logic controllers (PLCs), used in critical infrastructure such as power plants, oil and gas pipelines, electrical power distribution, and manufacturing facilities.

Historically these control systems were kept separate from the corporate network.  Because of this isolation they were traditionally difficult to break into because of their separation for health and safety reasons.

More recently, control systems may be running Windows or Linux, using the Internet Protocol (IP) to communicate, giving direct access to SCADA networks via the Internet. Wireless and Bluetooth capabilities allow remote management and diagnosis. These connections to the outside create a massive challenge from a security perspective for the following reasons:

Read More »

Tags: , , ,

AnyConnect 3.0 for Android Product Announcement

Following up on my last note about BYOD at Cisco, I wanted to update you on the latest numbers here at Cisco. As Sheila Jordan had pointed out here, we have surpassed the 20% tablet penetration among our workforce and mobile devices continue to grow at a rate of 1,000 each month. I highly recommend you doing a quick read on her six steps of approaching device deluge. Meanwhile, the latest IDC report (Aug 8, 2012) reaffirms the 2-horse race in the smartphone world. Android and iOS powered 85% of all smartphones shipped in the second quarter of 2012 (2Q2012).

Maintaining our market leadership in supporting the broadest set of Operating Systems (desktop and mobile) and Web Browsers, Cisco Security is excited to announce the availability of AnyConnect 3.0 for Android (Download here). As in the past, we have worked with the market leading Android device makers along with supporting the Android VPN Framework (AVF) to ensure the latest AnyConnect functionality. These new features are now available on any Android device running on version 4.0 (Ice Cream Sandwich) or higher (including Jelly Bean).

SOME KEY FEATURES OF ANYCONNECT 3.0 FOR ANDROID:

  • Intel Android (IA): The Android VPN Framework (AVF) image is now compatible with x86 Intel Android devices.
  • IPsec IKEv2: AnyConnect users can connect via IPsec IKEv2 connections to their corporate Cisco ASA in addition to SSL (TLS or DTLS). (Requires ASA 9.0+)
  • Suite B Cryptography: AnyConnect users who need NSA’s recommended Suite B Cryptography will be now able to do so from their mobile devices. (Requires ASA 9.0 and AnyConnect Premium Licenses.)
  • Untrusted Certificate Warnings: Reduces Man-in-the-Middle attack risk by rejecting untrusted certificates by default and requiring end-users to acknowledge risks before connecting to a gateway with an untrusted certificate.
  • SCEP Proxy: AnyConnect users can enroll their mobile device with an internal Certificate Authority (CA) Server, using SCEP without opening up the CA Server directly to external threats. (To embed the identity of the mobile endpoint in the certificate request, Mobile Host Scan must be utilized, which is an AnyConnect Premium License feature).
  • FIPS 140-2 Compliant: AnyConnect users now have access to the latest FIPS 140-2 cryptographic compliant module to meet industry compliance/mandates.

Read More »

Tags: , , , , ,

BYOD Presentations at Cisco Live Cancun 2012

November 15, 2012 at 4:31 pm PST

I just returned from Cancun after delivering a BYOD seminar, as part of Cisco Live Mexico 2012. Bring your own device (BYOD) was a hot topic at Cisco Live in Cancun. There were several in-depth presentations regarding the architecture, design, implementation, and troubleshooting of all the technologies related to BYOD. I had the pleasure and opportunity to deliver a presentation related to remote access VPN implementations related to BYOD, as part of an 8-hour seminar:

  • TECRST-2020 -- Bring Your Own Device -- Architectures, Design and Operation.

Other BYOD-related sessions delivered this week were:

  • BRKEWN-2020 -- Securely Managing the BYOD Phenomena
  • BRKCOC-1567 -- Inside Cisco IT: BYOD… Coping with the Explosion of Mobile Devices in the Enterprise

Imran Bashir provided a detailed introduction about BYOD and the key considerations when implementing BYOD solutions and technologies in your environment. He then went into the details about the Cisco BYOD solution and the integration with the Mobile Device Management (MDM) solutions from other vendors and partners. This was followed by product demonstrations for device on-boarding, profiling, posture/compliance check and the integration with MDM third-party solutions.

Read More »

Tags: ,

Return of the DDoS Attack

One of the greatest threats to Internet service is Distributed Denial of Service (DDoS) attacks which can paralyze ISPs and disrupt traffic to and from targeted websites. For years now, DDoS attacks have dropped down the IT security priority list as topics such as IP theft took center stage.

Recently however, DDoS attacks targeting organizations of all types have sharply increased. Afflicted organizations had daily operations disrupted and servers compromised, with attacks increasing in sophistication and damage impact. The next waves of attacks will likely be even more complex and damaging.

The DDoS revival reminds us that as threats continue to evolve, organizations must strengthen their security infrastructure and management practices to improve the timeliness and effectiveness of incident response.

Tags: , , , ,