Cisco Blogs


Cisco Blog > Security

NCSAM Tip #19: Secure Your Wireless Network!

Just because you are not paranoid, does not mean they are not out to get you!

Real World Consequences:

Let me set the scene, your home with your family sitting on the couch watching TV. When all of the sudden a whole swarm of SWAT officers come busting through your front door on a no knock warrant. You and your family are separated, and you are forced to the ground at gunpoint with the officers screaming at you about your disgusting ways, shouting “We know WHAT YOU ARE, PEDOFILE!”

But that will never happen to you right? You don’t ever visit those types of websites, the very thought of such things turns your stomach. That is just what a resident of Buffalo, New York thought earlier this year, until it happened to him and his wife. Now as it turns out he was completely innocent, but that fact did not save him from having his door broken down or having a weapon held on him while he was being detained and his house searched by the FBI and the Buffalo Police. (And no they did not pay to fix his door.)

Read More »

Tags: , ,

Duct Tape and Chewing Gum Isn’t Enough: Cloud and Virtual Environments Require Specialized Security

October 26, 2011 at 12:12 pm PST

By now, just about everybody who works in any area of IT knows that moving multiple workloads into one physical server optimizes server usage, minimizes procurement and operational costs, and increases overall efficiency of the network. As a result, virtualization technology remains one of the hottest topics in IT today, due to its overwhelming benefits to organizations of all sizes. Read More »

Tags: , , , , , ,

NCSAM Tip #18: Password Strength

Using passwords longer than 14 characters resets the Windows LANMAN hash to an invalid value, preventing attacks against these weak hashes that can recover most passwords in less than half an hour.

Read More »

Tags: ,

Next Generation Encryption

A transition in cryptographic technologies is underway. New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements. Many of the algorithms that are in extensive use today cannot scale well to meet these needs. RSA signatures and DH key exchange are increasingly inefficient as security levels rise, and CBC encryption performs poorly at high data rates. An encryption system such as an IPsec Virtual Private Network uses many different component algorithms, and the level of security that it provides is limited by the lowest security level of each of those components. What we need is a complete algorithm suite in which each component provides a consistently high level of security and can scale well to high throughput and high numbers of connections. The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. More on these algorithms below, but first, some good news: the new ISR Integrated Services Module brings these next-generation encryption (NGE) technologies to IPsec Virtual Private Networks, providing a security level of 128 bits or more. These technologies are future proof: the use of NGE enables a system to meet the security requirements of the next decade, and to interoperate with future products that leverage NGE to meet scalability requirements. NGE is based on IETF standards, and meets the government requirements for cryptography stipulated in FIPS-140.

NGE uses new crypto algorithms because they will scale better going forward. This is analogous to the way that jets replaced propeller planes; incremental improvements in propeller-driven aircraft are always possible, but it was necessary to adopt turbojets to achieve significant advances in speed and efficiency.

Read More »

Tags: , , , ,

NCSAM Tip#17: Stay Safe Online — Security at Home

October 25, 2011 at 7:33 am PST

When we discuss security as an integral part of our cyber life, it is important that we take sufficient care that the home network and the devices that are used at home are secured. There are several areas at home in which we use Internet and IP-enabled devices. These include your home network (wired & wireless), personal computing devices, smart phones, official computing devices, network-enabled printers, and other smart appliances. While we look at security, all of these devices need to be reviewed for security best practices to ensure that the risk of an attacker penetrating or compromising these devices is reduced. This post concentrates on securing three main entities in a home network.

Read More »

Tags: ,