Cisco Blogs


Cisco Blog > Education

#HigherEdThursdays – Cybersecurity for Higher Education: Is your network protected?

Cybersecurity is a hot topic and a major concern for all organizations.  No one is immune, and indeed, higher education institutions can fall victim to large breaches as well.  In fact, according to PrivacyRights.org, below are a few examples from the last 6 months:

Date Name

Records Lost

22-Apr-14 Iowa State University

29,780

27-Mar-14 The University of Wisconsin-Parkside

15,000

20-Mar-14 Auburn University

Unknown

6-Mar-14 North Dakota State University

290,000

26-Feb-14 Indiana University

146,000

19-Feb-14 University of Maryland

309,079

27-Nov-13 Maricopa County Community College District

2,490,000

Theft, intellectual property loss, and loss of individual’s personal data affect all organizations in varying degrees.  While higher education institutions face many of the same challenges as government and commercial organizations, they also have worries that are unique to their environments. Some of the higher education specific cybersecurity topics include:

  • Data Privacy & Security – Colleges posses the Personal Identifying Information (PII) of their students AND students parents, faculty and alumni – the numbers add up quickly.  In addition to the usual PII, this can also include: medical, financial, academic and other data.
  • Device Mobility – The average student currently has 3 devices and this is expected to grow to 5 devices in the next few years.
  • Application Protection & Control – Education specific applications have become a target for bad actors and file sharing sites cause concern of digital rights violations in Higher Education.
  • Digital Learning & Assessment – On-line classes and testing provide one-to-one learning opportunities, more choice, and cost reduction in Higher Education.  It must be secure
  • Protecting Intellectual Capital – Research universities have become a prime target for intellectual property theft.   They risk loosing valuable data and the possibility of losing grant funding.

Threats have become more sophisticated and protecting the enterprise with these topics in mind needs to be more sophisticated also.  It is no longer enough to harden access to the network and think you are OK.  Because the bad guys trying to steal your data are using so many different types of attack, effective defense requires a multi-level approach.

Cisco recently acquired SourceFire, and we have adopted their frequent question to customers: “If you knew you were going to be breached, what would you do differently?”  The 2014 Cisco Annual Security Report studied the web traffic of corporate networks and every one had connections to domains that are known malware threat sites or threat vectors – an indication that bad things are on every one of these networks and likely on most networks.  Think about the question again – what would YOU do differently?  That is what we all should be doing.

We recommend looking at the Attack Continuum of  “Before, During, and After” with the following actions for each phase:

  • Before an attack you want to harden your network, to enforce security policies with controlled, segmented access to resources.
  • During an attack you want to defend your network by detecting the threats and blocking them from getting in.
  • After an attack you want to contain the threat, determine the scope of the problem, remediate the damage, and get back to educating students.

The conventional perimeter protections such as firewalls, intrusion prevention, and anti-virus are still part of a good defense in depth framework, but more is now needed.  We offer many parts of the solution, of course, and have experts who work with universities to address their specific security needs. But no matter who you work with, please look carefully at what you can do differently to protect your students and your institution from these new, advanced threats.

Our upcoming whitepaper will focus on some of these trends, challenges and strategies for higher education. You can register to receive the whitepaper as well as a compilation of all the #HigherEdThursdays blog series upon completion.  Reserve your copy now.

Happy #HigherEdThursdays!

Tags: , , , , ,

New Standards May Reduce Heartburn Caused by the Next Heartbleed

Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group

Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice.

Those dealing with this issue on a day-to-day basis know it’s not enough to just patch the OpenSSL software library. Organizations also need to revoke and reissue digital certificates for their Heartbleed-vulnerable sites. If your certificates were stored in a Trust Anchor Module (TAM), they are still safe. Otherwise, a few additional steps should be taken to ensure you and your customers are secure:
Read More »

Tags: , , , , ,

Protect Yourself Against the Next Security Flaw in the Cloud—Understand Shadow IT

Recently, a bug in Internet Explorer made it possible for hackers to take over a user’s computer causing government agencies to suggest using a different browser. The Heartbleed flaw opened the door for encrypted data to be intercepted. These latest challenges highlight one thing inherent to any application—whether on premise or in the cloud—it is not if but when the next flaw or bug will present exposure risks to your business. The key is to be prepared with a solid response strategy.

In two short years, 50% of Global 1000 companies will have customer data in the cloud according to Gartner. With more and more critical information moving to the cloud, IT needs to understand how cloud providers are responding to protect their data and users when these security challenges present themselves. For cloud services that IT is aware of, businesses can establish service level agreements and other safeguards to protect the integrity of their information.

Read More »

Tags: , , ,

Cisco, Linux Foundation, and OpenSSL

The recent OpenSSL Heartbleed vulnerability has shown that technology leaders must work together to secure the Internet’s critical infrastructure. That’s why Cisco is proud to be a founding supporter of the Linux Foundation initiative announced yesterday (April 24th).

The initiative will fund open source projects that are critical to core computing and Internet functions, and Cisco sees security technologies as a fundamental infrastructure component. The first project being considered for funding is OpenSSL. As a longtime contributor to open source and user, we’ve offered code and intellectual property to enhance OpenSSL. We’ve also provided patches and testing results to help address vulnerabilities. Today’s announcement takes that commitment a step further.

We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open source communities like OpenSSL. By working together as an industry, we can expect greater security, stability, and robustness for components that are critical to the Internet.

For more Cisco-specific information on the Heartbleed vulnerability, please visit our event response page and Security Advisory. You may also be interested in our April 23 webinar titled, Heartbleed: Assessing and Mitigating Your Risk.

Tags: , , , , , ,

Cisco IPS Signature Coverage for OpenSSL Heartbleed Issue

The Cisco IPS Signature Development team has released 4 signature updates in the past week. Each of the updates contains either modifications to existing signatures or additional signatures for detection of attacks related to the OpenSSL Heartbleed issue. I’m going to take a moment to summarize the signature coverage.

To best utilize your Cisco IPS to protect against the OpenSSL Heartbleed issue:

  • Update your sensors to signature update pack S788.
  • Enable and activate sub-signatures /3 and /4 for signature 4187, leaving /0, /1, and /2 disabled and retired (by default, signature 4187 is disabled and retired across all sub-signatures).
  • Sub-signatures /3 and /4 are set at a severity of Informational and Low, respectively, and will not drop traffic by default. If after monitoring the sensor alerts, you are comfortable dropping traffic inline based on those alerts, you will need to add an action of “deny-packet” to each signature.

Further detail regarding the released signatures:
Read More »

Tags: , , , ,