Cisco Blogs


Cisco Blog > Security

Wireless Security Yesterday, Today and Tomorrow

Ten years ago, I remember driving around my neighborhood with a laptop, wireless card, and an antenna looking at the Service Set Identifiers (SSID) of all the open wireless networks. Back then, a home user’s packets often flew through the air unencrypted with nary a thought to who might be listening.

 

Cisco-wifi-components_small1

As a protocol, Wireless Fidelity (WiFi), has continually improved (IEEE 802.11) and today it is the preferred communication channel for a multitude of home devices including video game consoles, cameras, streaming video devices, mobile phones, tablets, and list goes on. As October is National Cyber Security Awareness Month, we outline typical WiFi risks and share sensible precautions.

Family-on-laptop-300x199In my last three homes, the Internet Service Provider (ISP) installation technician arrived with a cable modem that included four Ethernet ports and native WiFi default enabled. In each case, the technician explained that I could manage the cable modem through the settings webpage. When I inquired about management authentication credentials all of the technicians told me that passwords were not enabled by default, which naturally caused some consternation due to the obvious security implications.

It turns out that most ISPs will provide a modem without WiFi capabilities upon request. You can also request that a WiFi enabled modem be converted to bridge mode which will allow you to attach and manage your own WiFi access point (AP) without worrying about conflicts. Read More »

Tags: , , , , , ,

SUMMARY – Martin Roesch on Sourcefire Becoming Part of Cisco

Cisco Security has announced the closing of the acquisition of Sourcefire.  Sourcefire founder and CTO (and creator of Snort®) Martin Roesch posted to Sourcefire’s blog this morning to share the news:

“I can tell you with certainty that this is a great match for Sourcefire, for Cisco and, ultimately, for our customers, partners and open source communities” said Roesch.  “From a technology perspective, after having dedicated 15 years to Snort and then to Sourcefire, it’s personally gratifying to be part of building this strong foundation.”

Roesch, now vice president and chief architect of Cisco’s Security Business Group, is excited for the new opportunities presented.  “It’s the new model of security I’ve been talking about for some time.  Now working as part of the Cisco team, led by Chris Young, we can accelerate execution of this vision and make this even more impactful.”

This is just the first exciting news about the acquisition.  As Roesch states in his post, “expect more great things as we continue down this path as ONE team.”

Read the full post: http://blog.sourcefire.com/Post/2013/10/08/1381233600-one-team–sourcefire-is-now-part-of-cisco/

Tags: , , , ,

SUMMARY Chris Young: Cisco Closes Sourcefire Acquisition; Delivers Threat-Centric Security Model

Chris Young, SVP of Cisco’s Security Business Group, posted an official announcement this morning on Cisco’s The Platform blog heralding the close of the Sourcefire acquisition.

 “I am excited to announce that Cisco has completed the acquisition of Sourcefire. With this acquisition, we take a significant and exciting step in our journey to define the future of security. As one company, we offer an unbeatable combination that will greatly accelerate our mission of delivering a new, threat-centric security model”, said Young.

Young also goes in-depth regarding the new capabilities immediately available to current Cisco customers as well as what the acquisition means for Cisco Security roadmap:

  • Leverage current ASA and FirePOWER hardware for future solutions
  • Give Cisco customers immediate access to Sourcefire’s NGIPS, NGFW, and AMP solutions
  • Committing to support open-source projects like Snort, ClamAV, and others
  • Broader solution sets incorporating the newly acquired technologies

This year, Cisco has increased investment in security innovation to provide market-leading threat-focused capabilities.

Young also promised Cisco Security will focus on a “threat-centric” security model moving forward – which means a priority focus on the threats themselves versus policy or controls. “Through our threat-centric model,” he said “we will provide broad coverage across all potential attack vectors, rapidly adjust to and learn from new attack methods, and implement that intelligence back into the infrastructure after each attack.”

Read the full post with all the exciting details here:  http://blogs.cisco.com/news/cisco-closes-sourcefire-acquisition-delivers-threat-centric-security-model

Tags: , , , ,

Razzle Dazzle v2.0

During World War I, British artist and navy officer Norman Wilkinson proposed the use of “Dazzle Camouflage” on ships. The concept behind Dazzle Camouflage, as Wilkinson explained, was to “paint a ship with large patches of strong colour in a carefully thought out pattern and colour scheme …, which will so distort the form of the vessel that the chances of successful aim by attacking submarines will be greatly decreased.” The Dazzle Camouflage was not intended to hide the presence of the ships themselves, but instead was created to hide the ships size, shape, direction, and speed from would-be attackers.

dazzle_camo
Razzle Dazzle Camouflage applied to a ship

Read More »

Tags: , , , , , , ,

Big Security—Mining Mountains of Log Data to Find Bad Stuff

Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move?

The dilemma of the “next move” is that you can only discover an attack either as it’s happening, or after it’s already happened. In most cases, it’s the latter, which justifies the need for a computer security incident response team (CSIRT). Brandon Enright, Matthew Valites, myself, and many other security professionals constitute Cisco’s CSIRT. We’re the team that gets called in to investigate security incidents for Cisco. We help architect monitoring solutions and strategies and enable the rest of our team to discover security incidents as soon as possible. We are responsible for monitoring the network and responding to incidents discovered both internally by our systems or reported to us externally via csirt-notify@cisco.com.

Securing and monitoring a giant multinational high-speed network can be quite a challenge. Volume and diversity, not complexity, are our primary enemies when it comes to incident response. We index close to a terabyte of log data per day across Cisco, along with processing billions of NetFlow records, millions of intrusion detection alarms, and millions of host security log records. This doesn’t even include the much larger data store of authentication and authorization data for thousands of people. Naturally, like all large corporations, dedicated attackers, hacking collectives, hacktivists, and typical malware/crimeware affect Cisco. Combine these threats with internally sourced security issues, and we’ve got plenty of work cut out for us.

Read More »

Tags: , , , , , , , , , ,