Cisco Blogs


Cisco Blog > Security

Summary: Extended By Popular Demand: The Cisco IoT Security Grand Challenge

June 16, 2014 at 8:49 am PST

Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge. The response has been so great that we’ve decided to extend the deadline by two more weeks -- so you now have until July 1st, 2014 to make your submission! Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!

Read the full blog for more information.

Tags: , , , , , , , , , , ,

New Standards May Reduce Heartburn Caused by the Next Heartbleed

Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group

Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice.

Those dealing with this issue on a day-to-day basis know it’s not enough to just patch the OpenSSL software library. Organizations also need to revoke and reissue digital certificates for their Heartbleed-vulnerable sites. If your certificates were stored in a Trust Anchor Module (TAM), they are still safe. Otherwise, a few additional steps should be taken to ensure you and your customers are secure:
Read More »

Tags: , , , , ,

Windows Server DNS Cache: How to Use the Command Line Inspection of Microsoft Windows DNS Cache

This post explains how to inspect the contents of windows DNS cache. Inspection can be used to check DNS entries, revealing if any malicious websites are being visited.

A Domain Name Server’s (DNS) cache of DNS records can be inspected to determine if your network is interacting with suspicious or malicious internet sites. To perform this task, perform the following:

For Windows 2003 and prior versions, you must install Windows Support Tools. Once installed, inspect and export the DNS cache using the command prompt (cmd.exe) window.

For Windows 2008 and later, The Windows PowerShell is a more advanced version of Windows Support Tools and is installed by default. Use the PowerShell window or run the PowerShell Script from the command prompt window to inspect and export the DNS cache.

How to Inspect the Cache from the CMD Prompt

Windows 2003 and Prior Using dnscmd

  1. From the support tools directory (\Program Files (x86)\Support Tools), run the following command to display the DNS cache output in the CMD window.
  2. To redirect the DNS cache output to a file, use the following command:
    • C:\Program Files (x86)\Support Tools>dnscmd /zoneprint ..cache > c:\cache_output.txt

Read More »

Tags: , ,

Dimension Data Series #3: Closing the Gap Between the Secure Mobility Vision and Real-World Implementation

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address closing the gap between secure mobility vision and real-world implementation. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security is here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies is here.

There is a gap between the vision for secure mobility and the real-world implementation.

How do we know a gap exists? A recent Dimension Data Secure Mobility Survey report indicates 79% of IT leaders believe mobility is a top priority and 69% of those surveyed already have a mobility roadmap in place. The vision looks good, right? However, only 29% of those implementing their roadmap have tested their core applications, and only 32% have conducted a security audit of the applications.

Today, IT is faced with the challenge of providing any user from any location on any device access to any of the corporate applications, all while keeping assets and users secure. These perimeters add up to a complex equation and it’s contributing to this gap in IT leaders’ approach to vision and action for mobility deployments. How can IT and business leaders work to address this disparity?

Listed below are a few steps that should be considered to help turn the secure mobility vision into a reality. Taking a careful assessment of what mobility can offer and applying these steps can make the difference between a successful implementation and being derailed by unforeseen problems.

Read More »

Tags: , , , , ,

6 Healthcare IT Transitions: The Hackers delight

May 4, 2014 at 10:15 pm PST

From FDA (Food and Drug Administration) to FBI (Federal bureau of Investigations), they see a core issue bubbling up: The vulnerability of Healthcare systems to cyber-attacks. Both agencies have issued an advisory in this regard in the last 1 year.

Source: DataLossDB.org

Source: DataLossDB.org -- Healthcare amounts to 17% of incidents in 2013

FDA Advisory was focused on medical devices and hospital networks, while the FBI’s communication is focused on hackers attempting to hack personal medical records and health insurance data and even goes to calling out the gaps in resiliency to cyber-attacks as compared with other sectors such as financial and retail sectors.

In addition, looking at statistics from datalossdb.org, Health Care sector has consistently been in the top 3 sectors that have had the most incidents.

But the question is, why now?

This is where the correlation with the Health Care IT transition time lines adds up. It’s the other side of Health Care IT transitions that we looked at in the previous part (At the security cross roads of Healthcare reforms and IoE – 6 Health Care IT Transitions) of this blog series – the threat that have emerged from open anywhere, anytime, any device access which has enabled convenience and transformational experience to patients and care teams.

Let’s see an example of the changing dynamics of some of these transitions from a Hackers perspective by analyzing one of these transitions: Transition from Paper charts to EMR and enabling anywhere anytime, any device access to my care teams and my patients.

Health Care IT Transitions and their Security Implications 1-3 of 6

Health Care IT Transitions and their Security Implications (1-3 of 6)

Read More »

Tags: , , , , , ,