The raw, edgy nature of social media is part of its charm, and its value. As Cisco’s global threat analyst, I often look at my Twitter feed in the morning before I check mainstream media sites because it provides quick, frequently expert, irreverent analysis on breaking news. In fact, my own concerns about press freedom and objectivity stemming from concentration of mass media ownership arguably strengthens the case for a lively, unregulated social media space. It can serve as a fact checker and whistle blower on traditional news sources. In societies where news outlets may be closely monitored or controlled by the state, social media may provide the only online outlet for uncensored public opinion.
Unfortunately, social media is frequently inaccurate or misleading, with the potential for real-world damage. It isn’t hard to imagine a scenario in which a terrorist coordinates on-the-ground attacks with misleading tweets with the intent to clog roads or phone lines, or send people into the path of danger. Several recent incidents underscore the ease with which social media rumors can compound the impact of real events.
Read More »
Tags: cyber-security-month-2012, security, social media, Social Network
A primary concern of any network administrator when configuring new IOS features is the potential impact the enabling of new features will have on router performance including CPU utilization and memory usage.
It is fully expected that the layering of additional features, in this case BGP security features, will undoubtedly have an adverse impact on the available memory of an IOS router. But, based on our testing, the results were not quite what we expected… Read More »
Tags: BGP, Border Gateway Protocol, router security, security
Recently I was evaluating the security of an application sandbox and I needed a way to inject some kind of interface into the sandboxed application in order to explore the possibilities available from that context. The main objective was to be able to easily explore file and system call access to determine what was allowed/denied. I decided the most suitable interface I could use for this exploration would be the Python interactive shell.
The first step I needed to take was to get the Python library (libpython) loaded into the address space of the target application. The easiest way that I could think to do this was to utilize the call command in the Gnu Debugger (GDB). GDB’s call command performs a debugee procedure call by injecting a new thread into the debugee and controlling the startup state. Since GDB already performs the necessary steps, I could take advantage of this by issuing the command:
Read More »
Tags: application sandbox, python, security
No matter how you prepare, you never know how or when it will begin. The phone rings and sixty seconds later a sense of dread emerges. It grows slowly, peaking just as you hang up the phone. Sitting back in your chair, you take a deep breath and turn your mind to all the customers, executives, and journalists who will soon know what you know.
You and I both have a sense of the work involved in managing customer-impacting data exposures, privacy breaches, or malicious attacks. These are high pressure, high profile incidents that demand the very best response team—a team that includes technical and non-technical expertise.
Working as I do with Cisco security and incident response teams, I sit alongside some great people who understand the value of having a professional communicator at the table. With a technical response underway, the communicator can do what they do best—summarize the topic, identify impacted audiences, assess their needs, and craft the required messaging. Regardless of their department—public relations, employee communications, customer communications, or marketing—these people will be critical to sustaining customer relationships and protecting your organization’s reputation.
Read More »
Tags: cyber security month, cyber-security-month-2012, National Cyper Security Awareness Month, security
We are in the middle of several major market trends and transitions, including mobility, cloud and virtualization. Security is at the center of these massive transitions, and our customers tell us that they want simplicity and seamlessly integrated solutions for their network architectures. These industry disruptions require new thinking to create innovative technological solutions that will solve our customers’ biggest problems.
Enter Bret Hartman.
Bret has joined Cisco as the new Chief Technology Officer (CTO) for the Security Technology Group, which encompasses all of Cisco’s core security products. For Cisco, Bret will define our overall security technology strategy, particularly as it relates to how security technology integrates across the network infrastructure. Ensuring that our strategy transitions into value-added customer solutions will be critical as we move to an integrated security architecture that leverages the network.
Read More »
Tags: bret hartman, chief technology officer, Chris Young, cloud, cto, EMC, RSA, security, virtualization