Cisco Blogs


Cisco Blog > Security

TMA? Get Some Relief from Acronym Overload

I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.

Network Infrastructure

AAAAuthentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.

ACL/tACL/iACL/VACL/PACLAccess Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.

FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.

IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it  should be maintained using Cisco’s IPS subscription service.

DNSSECDomain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »

Tags: , , , , , , , , ,

Identity and Device Aware IT Platforms Make Life Easier

Life is generally a lot easier when you have all the facts.  Especially if those facts are actually accurate.  Nowhere does this ring more true than in the life of an IT professional.

Often times a day in an IT shop is a lot like that grade school game of telephone where information gets passed down the line but gets distorted (or is just plain wrong) because no single player has the complete context.  This scenario gets played out everyday in the IT infrastructure where siloed operations, monitoring and policy platforms only work from the information they possess.  But that information is generally just a snapshot viewed through the bias of that system’s siloed purview.  As a result, mistakes get made, security is substandard or perhaps even dysfunctional, and everything from configuration to event management and investigation takes far longer than it should.  Net-net – time is wasted, costs increase, and many things still don’t work that well.  Read More »

Tags: , , , , , ,

Have You Registered for Centralize Policy, Control and Enforcement May 15th?

Activate the IT Transformation with Unified Access: Part 4 --  Centralized Policy, Control, and Enforcement 

Wednesday, May 15, 2013  10am-11am PDT     |       Register Now

Don’t miss the next in line of our five-part Unified Access Webinar Series  on May 15th to hear how organizations in education and healthcare rely on Cisco Identity Services Engine (ISE) to provide the identity enforcement and secure access control that allow employees, contractors, students, faculty, and guests (choose the user) to use their own devices on the network. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

See How Organizations Use Cisco ISE to Centralize Policy and Secure Access

Activate the IT Transformation with Unified Access: Part 4 --  Centralized Policy, Control, and Enforcement 

Wednesday, May 15, 2013  10am-11am PDT     |       Register Now

With more users and devices being added to your network every day, unified access and central policy control have become critical needs. Your organization isn’t alone.

Attend our next live workshop  on May 15th to hear how organizations in education and healthcare rely on Cisco Identity Services Engine (ISE) to provide the identity enforcement and secure access control that allow employees, contractors, students, faculty, and guests (choose the user) to use their own devices on the network. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

MDM and Cisco’s ISE?

May 7, 2013 at 10:03 am PST

Mobile Device Management or MDM is ideal for addressing many challenges inherent to our ‘Bring your own Device’ culture. MDM can help enforce policy for mobile devices but when you look closer, you begin to realize it does not solve everything. The challenge is when we ask our MDM technology to make policy decisions out of context.

Cisco’s Identity Services Engine (ISE) offers centralized policy and network intelligence as an MDM compliment for a complete security solution

This is where Cisco comes in with ISE or the Identity Services Engine. We did a Fundamentals of ISE awhile back that still serves as a great backdrop for getting your head around it. ISE is frequently lauded for its ability to provide a single repository for all the potentially complex rules and regulations we need on our network. The point right now however is ensuring we know where ISE begins/ends in reference to MDM. Neither can act completely alone and accomplish everything most customers are hoping for in a BYOD solution especially. But where do we begin and end?

Read More »

Tags: , , , , , , ,