Cisco Blogs


Cisco Blog > Security

Ask the Data Center Expert, Partner Edition: Southeast Asia and the Rapidly Changing Landscape

The following are excerpts from an interview with Wong IK Ming, Director, eSURIA MENTARI SYSTEMS SDN BHD.

From halfway around the globe in fabulous Singapore, I was delighted to have the chance to interview Wong IK Ming, a Cisco Certified Partner covering Southeast Asian nations, to get his perspectives on data center security opportunities.

Tell me about your customers. What are their most pressing problems?

eSURIA caters mostly for the public sector but we are now extending our services to include Oil and Energy. Our customers have to adhere to new and emerging government mandates around data privacy and sovereignty. This requires a combination of strong governance processes mapped to sound technical controls and a design that is future proof, for example ensuring unified policy, dynamic and logical segmentation. Security must be thought out from the beginning—from the application to the edge of the cloud. I’ve seen a couple of instances of community clouds where security has not been thought through and it’s a matter of time before a security incident occurs.

As a partner, what benefits do you see for Cisco’s approach to data center security?

Our customers are fast adopting new infrastructure models and having the Cisco Validated Designs is a huge benefit because it enables us to attest to the technical soundness of the overall solution and to present security as an integrated element as opposed to a separate element. It also enables us to build these into the overall services templates that we provide with confidence that the necessary testing has taken place. I look forward to seeing more of these validated designs. For example, a validated security blueprint for Microsoft private cloud applications with Cisco UCS.

Read More »

Tags: , , , , , , , ,

Real World DNS Abuse: Finding Common Ground

Prologue

The Domain Name System (DNS) is the protocol leveraged within the Internet´s distributed name and address database architecture. Originally implemented to make access to Internet-based resources human-friendly, DNS quickly became critical infrastructure in the intricate behind-the-scenes mechanics of the Internet, second only to routing in its importance. When DNS becomes inaccessible, the functionality of many common Internet-based applications such as e-mail, Web browsing, and e-commerce can be adversely affected—sometimes on a wide scale. This short blog post will explore some real-world examples of DNS abuse. I would like to welcome and thank Andrae Middleton for joining me as a co-author and presenting his expertise on this article.

There are a few different types of DNS attacks: cache poisoning, hijacking attacks, and denial of service (DoS) attacks (which primarily include reflection and amplification). In the news as of late are widespread and focused DoS attacks. Cisco Security Intelligence Operations (SIO), with its distributed sensors, is able observe and measure various aspects of the global DNS infrastructure. What follows are two vignettes detailing recent Internet DNS DoS attacks against the Internet’s DNS infrastructure. We will see that, though the attacks are different, the results are similar and the countermeasures and mitigations are the same.

Read More »

Tags: , , ,

The Day I Lost My Mobile with Sensitive Corporate Data

November 26, 2012 at 8:18 am PST

It was a dark, cold, and scary night when I returned from dinner with friends and noticed that my mobile phone was missing. It had corporate sensitive data such as emails, calendar events, and documents, as well as personal data (including pictures, videos and other documents). Well, let me be honest with you, I didn’t really lose my phone. However, many cell phones, tablets, and other gadgets are lost or stolen on a daily basis. The problem of stolen mobile devices is huge. According to a report from the Federal Communications Commission (FCC) earlier this year, about 40 percent of robberies in Washington, D.C., New York, and other major cities now involve mobile devices. The FCC has teamed up with the nation’s top wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint, to develop a database of stolen mobile devices.

Allowing employees to access corporate email, critical business applications and data makes workers more productive and effective. Finding just the right balance when allowing easy access to the applications that users need to be more productive, while maintaining the integrity and security of enterprise resources, will give your organization a competitive advantage.

Stolen and lost devices are among the many challenges of mobile device security.

Read More »

Tags: , , , , ,

Live Broadcast: John N. Stewart to Discuss Cyber Security for the Holiday Season

The National Retail Federation predicts that Holiday Shopping this year will grow to $586.1 billion, with a record percentage of those purchases occurring online and from mobile devices.

As more shoppers make purchases online and on their mobile devices, Cyber Monday is fast becoming Mobile Monday, opening up a variety of new threats and challenges for shoppers. And even after the shopping is done, consumers need to take care when they open their presents and turn on new devices for the first time, and know what to expect when they bring their purchases to work or school in early January.

Join us on Wednesday, Nov. 28 at 10:00 AM PT for a live discussion with John N. Stewart, SVP and Chief Security Officer of Global Government and Corporate Security at Cisco. John will address topics ranging from how to stay safe while shopping online, tips for securely setting up gifts you receive, and how to safely bring new devices into work and school in the new year.

Read More »

Tags: , , , ,

November 20th Webinar: Protecting Industrial Control Systems Using Cisco IPS

We invite you to join us for a webinar scheduled for 20 November 2012 where we’ll discuss how to protect Industrial Control Systems using Cisco Intrusion Prevention Systems (IPS).

Industrial control systems is the term used to identify several types of control systems, including supervisory control and data acquisition (SCADA) systems, process control systems (PCSs), and other smaller control system types, such as programmable logic controllers (PLCs), used in critical infrastructure such as power plants, oil and gas pipelines, electrical power distribution, and manufacturing facilities.

Historically these control systems were kept separate from the corporate network.  Because of this isolation they were traditionally difficult to break into because of their separation for health and safety reasons.

More recently, control systems may be running Windows or Linux, using the Internet Protocol (IP) to communicate, giving direct access to SCADA networks via the Internet. Wireless and Bluetooth capabilities allow remote management and diagnosis. These connections to the outside create a massive challenge from a security perspective for the following reasons:

Read More »

Tags: , , ,