Cisco Blogs


Cisco Blog > Security

Help! I Need to Respond to All These Cisco IOS Software Vulnerabilities and I Cannot Scale!!!

October 23, 2012 at 7:32 am PST

No software is immune to security vulnerabilities. The time between the discovery and disclosure of security vulnerabilities and the availability of an exploit is getting shorter. This imposes pressures on network security professionals and information technology (IT) managers to quickly respond to security vulnerabilities or apply mitigation in their network. Many organizations are struggling to keep up-to-date with the constant release of new vulnerabilities and software fixes. At the same time, they are under pressure to provide near 100% availability of key business services and systems.

Note: Cisco has a very robust vulnerability management process. This process is described in detail at Cisco’s Security Vulnerability Policy. The Cisco Product Security Incident Response Team (PSIRT) manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks.

As an example, every time Cisco discloses a security vulnerability for Cisco IOS Software (or any given product), network security administrators have to identify affected devices and (in numerous cases) upgrade such devices. These activities can take hours, days, or even weeks depending on the size of the organization. For instance large enterprises and organizations may have thousands of routers and switches that need to be assessed for the impact of any given vulnerability.

Read More »

Tags: , , ,

If you can do it in UCS Manager GUI, you can do it in UCS Manager API!

August 2, 2012 at 9:11 am PST

If I have said it once, I have said it at least a thousand times. No figure of speech here, completely one hundred percent literal. What have I said? “If you can do it in UCS Manager GUI, you can do it in UCS Manager API!” Whatever “it” is.

When do I say this? Whenever I talk about the UCS Manager to customers or coworkers, there is almost always the question, “Can this be done via the API?” To which I always reply “If you can do it in the GUI you can do it in the API.” Not sure if that is grammatically correct, but my point is made. That is the power and the ease of the UCS XML API.

The UCS Manager graphical interface is built on the XML API. When developing a script and you’re not sure how to do the action, what the call is, what the correct parameters are, etc… Just look at how the UCS Manager does it and you’re good. How do you look at how UCS Manager does it? Use Wireshark or some other packet capture tool and see what’s going on, what is getting passed from the UCS Manager client to UCS Manager. Done, no secrets, no convolution, no obfuscation.

Read More »

Tags: , , ,

UCS PowerTool One Liners

July 11, 2012 at 1:00 pm PST

This will probably be my shortest blog ever! Perhaps it is really a bloglet, whatever the case here’s what I’m doing. A question was posted in the Technical Discussions forum of the UCS section of the Cisco Developer Network

I have an environment consisiting of 20+ chassis … I’d like to be able to get the number of open blade slots on each of these.

I’m sure there has to be a command i can put together for this.

Any ideas?

Here’s my response:

Read More »

Tags: , , , , ,

The Missing Manual: CVRF 1.1 Part 2 of 2

This post is a continuation of The Missing Manual: CVRF 1.1 Part 1 of 2.

Praxis: Converting an existing document to CVRF

Now it’s time for some XML! Let’s take what you’ve learned and manually convert the Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities security advisory into a CVRF document. Please note that this process is meant to be instructive and somewhat of a stream-of-consciousness-narrative of how to manually build your first CVRF document. It is expected that, by and large, this process would itself be automated and CVRF document producers would have in-house code to parse their own documents and emit CVRF.
Read More »

Tags: , , , ,

Cisco’s Latest Networking Innovations: Bringing Intelligent Networks to Industrial Automation

Today, Cisco announced the Industrial Ethernet (IE) 2000 switch series which will help customers build intelligent networks for industrial automation by delivering highly secure, scalable connectivity from plant floor to enterprise network.

Cisco’s IE2000 switch series provides:
- consistent network services between industrial networks and enterprise business applications
- integrated security
- better manageability
- highly secure remote access and monitoring of automated systems
- intelligent energy management with visibility into machine performance to help customers better manage costs.

The IE2000 industrial switch also interoperates across corporate and manufacturing floor networks in a cost-effective manner to deliver video and corporate applications to manufacturing plant floor.

The IE2000 switch series is key product from our Connected Industries business unit.  According to Maciej Kranz, vice president and general manager of Cisco’s Connected Industries business unit, “Major sectors of the economy are undergoing a transformation driven by new requirements around production and factory automation, traffic management, data analytics and machine-to-machine communication.  Cisco’s Connected Industries business unit was created to help customers realize the benefits of the transition to Ethernet and IP across the operational technology segments including manufacturing plants, transportation infrastructure and vehicles.”

Many of you have highlighted machine-to-machine (M2M) communications as a key consideration for organizations over the next few years.  Cisco’s own Visual Networking Index (VNI) showed that, by 2016, there will be nearly 2 billion machine-to-machine wireless connections.  This includes everything from in-car GPS systems to asset tracking systems in manufacturing and other sectors.

The result is a need to more tightly connect and integrate devices, machines and vehicles with traditional enterprise networks.  This “Industrialization of the Internet,” as Cisco calls it, will accelerate the networking industry beyond the IT and service provider (SP) networks in industries such as manufacturing and transportation.

Any industry analysts interested in more information on Cisco’s innovations for industrial automation, please contact me for details of our upcoming session with Maciej Kranz and the Connected Industries team.  This will include a more detailed overview of this announcement, more background on the Connected Industries business unit and the opportunity for Q&A.

Tags: , , , , , , , , , , , , ,