Cisco Blogs


Cisco Blog > Security

A Weekly Dose of Cyber Security Awareness

In any given week, one doesn’t need to look very far to be reminded of the events and issues that can surface anytime, anywhere, and to anyone. Given their modes of occurrence, range of diverse levels, technical, non-technical, and globally, wouldn’t it be convenient to have a brief synopsis and analysis of the events and issues? A weekly publication from Cisco, the Cyber Risk Report, is available now to give you the awareness and insight related to these security events and issues. The Cyber Risk Report provides a lot of information that conveys thought-provoking analyses and perspective.

Why the Cyber Risk Report Matters

There are several benefits of this publication. The report provides current information on multiple topics saving you time from sifting through all of the media outlets. It can minimize your blind spots and broaden your understanding of the nature of the factors contributing to the weekly events being reported. It is not uncommon for these issues and events to surface simply because the victims have not seen them coming. The bad guys are betting on this. Is this the only source of knowledge needed? Of course not, but the Cyber Risk Report is certainly a great resource to gain insight and keep a pulse on the constantly evolving security landscape.

What the Cyber Risk Report Offers

The Cyber Risk Report contains a summary and analyses of events and issues that transpired in the week leading up to its publication. Every week a specialized team of Cisco security analysts meets to create its content based on a review of several information sources. This content is organized into categories that I have highlighted in red as shown in the snapshot below.

CRR_Sample

Figure 1: Cyber Risk Report Example

Read More »

Tags: , , , , , ,

Cybersecurity Awareness Month: Unsampled Netflow – Why it’s Important for Cybersecurity

Quick question for IT leaders -- can the switches on your network report 100% unsampled netflow?  If they can’t, there may be elusive cybersecurity threats hiding within your network. Yes, inside your network.

Every week, I hear stories of intellectual property (IP) loss and personal identifying information (PII) being compromised. This is due in part to many agencies still approaching cybersecurity the way they always have -- guarding the edges to keep threats out. But that’s not enough anymore. With malware now being custom-written to bypass the perimeter, external drives plugged in, and the ever-present possibility of tricked or malicious insiders, monitoring inside the network is now one of the most effective ways to find and eliminate threats.

Read More »

Tags: , , ,

Summary: Friend or Foe? When IoT Helps You Get Hacked by Your Security

August 14, 2013 at 5:00 am PST

Businesses of all types and sizes stand to benefit greatly from the Internet of Things (IoT), with a wealth of intelligence for planning, management, policy, and decision-making that will help them maximize productivity and efficiency while minimizing costs. However, if not properly protected by integrating it with a solid network security solution, the consequences can be devastating. Read More »

Tags: , , , , , , , ,

Network Solutions Customer Site Compromises and DDoS

July 17, 2013 at 10:03 am PST

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.

According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.

response_time

Response time in ms (GMT -8:00)

Read More »

Tags: , , , , , ,

TMA? Get Some Relief from Acronym Overload

I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.

Network Infrastructure

AAAAuthentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.

ACL/tACL/iACL/VACL/PACLAccess Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.

FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.

IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it  should be maintained using Cisco’s IPS subscription service.

DNSSECDomain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »

Tags: , , , , , , , , ,