Today, we are more interconnected than ever before. Not only do we use the Internet to stay connected, informed and engaged, but also we rely on it for all of our day-to-day needs. We rely heavily on the Internet for everything from submitting taxes, to applying for student loans, to following traffic signals, to even powering our homes.
Acknowledging the importance of cyber security, President Obama designated October as National Cyber Security Awareness Month to engage and educate public and private sector partners to raise awareness about cyber security and improve the resiliency of the nation in the event of a cyber incident.
Government and corporate leaders overwhelmingly identify cyber security and associated trust issues as one of their top IT concerns. Use of network-based technologies such as mobility, collaboration and virtualization are increasing, as are related threats. Securing business infrastructure and data relies on solutions and secure systems from “trusted” vendors, a relationship founded on the reputation of the vendor, its people, its processes and its technology.
Cisco is dedicated to protecting organizations from threats including malicious modification or substitution of technology, misuse of intellectual property, supply chain disruption and counterfeit products. As the most trustworthy vendor in the world, Cisco delivers architectures built on secure software and hardware that is backed by a highly secure supply chain. By providing trustworthy and assured network platforms, Cisco enables government organizations and enterprises to confidently secure their business infrastructure, data and information from attacks.
The verdict is in — and it is all about security. Recent research from The Economist notes that security is the top concern for mobility and BYOD. Organizations want to embrace BYOD but want control to ensure secure access to the network. Chuck Robbins, Cisco Senior Vice President, wrote a blog entry that underscores what we hear almost daily in conversations with our customers and partners. The organizations we speak to have mobility policies that range from no personal devices allowed at all (which is really not BYOD), to policies that permit all personal devices with restricted access, and still others that allow all devices with differentiated access based on the device type, user, and posture.
Some common differentiation access use cases may include:
Allow my sales force to access the proposal portal remotely from their iPads but do not allow them access to the finance database.
Do not allow any jail broken device, whether personal or corporate-owned, because there is a high probability it has been infected with malware. A device is considered jail broken when the user gains root access to the operating system, allowing applications or extensions to be downloaded that are not available in the Apple Application store, which increases the risk of malware infection.
Automatically check to see if the device has pin-lock and disk encryption (basic device security), grant the device the appropriate access. If not, it will be diverted with the non-compliance explanation.
Another interesting observation is many of our higher education customers are starting to see eight devices per user versus the three devices noted. Watch out! The next workforce has some real potential to influence the new workplace.
Stay tuned -- later this year we look forward to sharing with you some further insight on mobile workers and their perceptions and behaviors regarding security. For example, how many folks download sensitive data on their personal smartphone? Or when an alert or pop-up warning occurs on their personal device what do they do? How many engage in risky behavior? Who is security aware? If you are a mobile device worker it would be great to hear your understanding of the security of your personal device in the new workplace.
No software is immune to security vulnerabilities. The time between the discovery and disclosure of security vulnerabilities and the availability of an exploit is getting shorter. This imposes pressures on network security professionals and information technology (IT) managers to quickly respond to security vulnerabilities or apply mitigation in their network. Many organizations are struggling to keep up-to-date with the constant release of new vulnerabilities and software fixes. At the same time, they are under pressure to provide near 100% availability of key business services and systems.
As an example, every time Cisco discloses a security vulnerability for Cisco IOS Software (or any given product), network security administrators have to identify affected devices and (in numerous cases) upgrade such devices. These activities can take hours, days, or even weeks depending on the size of the organization. For instance large enterprises and organizations may have thousands of routers and switches that need to be assessed for the impact of any given vulnerability.
Recently I was working on reverse engineering a 16-bit MS-DOS binary to better understand a network transport protocol used for modem communication in some software I was looking at. I was using the IDA Pro tool for this purpose.
However, to my dismay, after looking at the string table and finding a string that seemed relevant to the particular section of code which I was interested in, I noticed that none of the strings in the string table contained cross reference information, and I was therefore unable to easily jump to the instructions in which it was used.
Upon further analysis, I determined that the reason the cross reference information for the strings in the table was not populated is because the strings resided in the data segment and referenced using the ds segment register.
Ask anyone in the information security field they will tell you:
Security is not fair. There is essentially an unlimited supply of attackers that can test your defenses with impunity until they eventually succeed.
As a member of the Cisco Computer Security Incident Response Team (CSIRT) I’ve seen this asymmetry up close, so I can tell you that good security is really hard. Besides the normal security practices like deploying firewalls, IDS sensors, antivirus (AV), and Web Security Appliances, CSIRT is increasingly looking to the network as a data source. We have been collecting NetFlow for years but we have always wanted additional context for the flow data. While it is true that the Internet is built on TCP/IP, Internet services—both good and bad—are found by name using the Domain Name System (DNS). For years infosec has been network-address-centric and the attackers have adapted. Today it is very common to see malware command and control (C&C) use domain generation algorithms (DGAs), Peer-to-Peer (P2P), or even fast-flux DNS to evade IP address-based detection and blocking. It has become absolutely clear that to keep up with the latest attacks and attackers you must have a view into the DNS activity on your network.
CSIRT has been struggling with limited DNS information for a while now, so I am pleased to say we finally have comprehensive visibility into the DNS activity on our network. Before I dive into how we tackled this problem I should back up and explain a bit more about DNS…