Many Cisco customers with an interest in product security are aware of our security advisories and other publications issued by our Product Security Incident Response Team (PSIRT). That awareness is probably more acute than usual following the recent Cisco IOS Software Security Advisory Bundled Publication on September 25. But many may not be aware of the reasoning behind why, when, and how Cisco airs its “dirty laundry.”
Our primary reason for disclosing vulnerabilities is to ensure customers are able to accurately assess, mitigate, and remediate the risk our vulnerabilities may pose to the security of their networks.
In order to deliver on that promise, Cisco has has made some fundamental and formative decisions that we’ve carried forward since our first security advisory in June 1995.
Read More »
Tags: advisories, Cisco Security, incident response, IOS, ncsam-2013, psirt, vulnerability
In the previous installment of the onePK series, you received a crash course on Cisco’s onePK. In this article, you’ll take the next step with a fun little exposé on onePK’s C API. You will learn how to write a simple program to reach out and connect to a network element. This is staple onePK functionality and is the foundation upon which most onePK applications are built.
The following short program “ophw” (onePK Hello World), is a fully functional onePK application that will connect to a network element, query its system description, and then disconnect. It doesn’t do anything beyond that, but it does highlight some lynchpin onePK code: network element connection and session handle instantiation. This is the foundational stuff every onePK application needs before useful work can get done. Read More »
Tags: Cisco, cisco ios, Cisco Security, cisco sio, IOS, ncsam-2013, network security, One Platform Kit, onePK, open source, secure software, security
It’s that time of year again—consider this post your friendly T-7 notice to start preparing for the final Cisco IOS Software Security Advisory Bundled Publication of 2013! As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0. Cisco security publications that disclose vulnerabilities scoring lower than 7.0 are described in our Cisco Security Vulnerability Policy. Read More »
Tags: Cisco, IOS, ios bundle, psirt, security, vulnerability
In their highly anticipated announcement this week, Apple introduced two new phones, the iPhone 5C and iPhone 5S, and confirmed that iOS 7 would be released on September 18th. Techies like myself took note that iOS 7 will include quite a number of new features. We at Cisco want to help you understand what iOS 7 means for your network, so here’s a quick blog to sum it up:
How does iOS 7 impact your wireless networks?
Soon your employees and guests will be upgrading to IOS 7. Did you know up to 20% of traffic to mobile devices is software upgrades, application updates and synchronizing your devices via the cloud? Cisco’s Application Visibility and Control technology can help you identify and tame these applications and is available on the routers, Wireless LAN and visible via Prime Infrastructure. In addition, Cisco’s ISR can cache these updates to reserve valuable and expensive WAN bandwidth. More details about protecting the WAN is available in another blog.
If you leverage a Captive Portal, you will experience a change in behavior. Apple has enhanced the Captive Network Assistant (CNA) functionality iOS 7 making it more robust. Cisco has proactively developed and tested a new version of wireless LAN controller code to interoperate with Apple’s new implementation while ensuring a seamless experience for all other clients.
Finally iOS 7 also has significant security and manageability enhancements to improve productivity for the enterprise.
What do you need to do in order to optimize for iOS 7? Read More »
Tags: 7.5 release, aireOS, Apple, captive portal, Cisco, code, controller code, IOS, IOS XE, ios7, network, wireless, wlan
Cisco’s One Platform Kit (onePK) is a fantastic toolkit for building custom applications that interact with your Cisco routers and switches. Using onePK, you can build automation directly into the network and extend all sorts of functionality using Cisco devices. The first in a three-part blog series, this article will introduce onePK to the reader, explain what it is, how it can be useful, and will show how to configure onePK on a router. The second and third installments will walk the reader through a simple security-relevant application using the C API. Important to note is that we’ll be covering the 0.6.0 version of onePK features and service sets. At the time of this writing, the toolkit is still in Controlled Availability and as such, is still in active development, and the API could change before it is released into General Availability. However, even in the face of API evolutionism, this article will provide you with a solid jumping-off point for your plunge into the wondrous world of onePK.
OK, Just What is onePK?
OnePK is a Cisco IOS Software feature and a set of programming libraries enabling an application programmer to build powerful applications that tightly integrate and interact with Cisco devices. onePK is available to you via a well-documented and unified API, currently offered in C and Java with Python in active development. It is currently in pre-release and is available only on request. Details on how to obtain onePK are provided below. Read More »
Tags: Cisco, cisco ios, Cisco Security, cisco sio, IOS, One Platform Kit, onePK, secure software, security