Cisco Blogs


Cisco Blog > Security

The Maginot Line and the TCP Sequence Number Inference Attack

In the recently posted research paper “Off-Path TCP Sequence Number Inference Attack: How Firewall Middleboxes Reduce Security“, Zhiyun Qian and Z. Morley Mao from the University of Michigan discuss a method to try to infer the sequence numbers in use by a TCP connection -- and if successful, how to try to hijack the connection and inject data on it in order to, as an example, steal credentials to web sites (banking, social networking, etc.)

Before talking further about their research, I would like to talk a bit about the Maginot Line. The Maginot Line was a line of fortifications located in France, established after World War I, and roughly following France’s borders with Germany and Italy. The idea behind it: in case of another war with Germany, the line would hold the enemy attacks, giving the French Army the chance to regroup and counterattack. The problem: the line only extended so far up North. So during World War II, and instead of attacking the line from the East, the German army completely bypassed it – by attacking Belgium first and then flanking the line.

So a lot of resources were allocated to set-up defenses for a very specific attack scenario – but that scenario never happened, as an easier way was found to bypass the defenses. And the mere fact of allocating so many resources to counter a specific threat significantly reduced the number of resources available to protect against other threats.

The method posited by Qian and Mao on their research paper strongly reminds me of the assumptions made by the French while building the Maginot Line.

Read More »

Tags: , , ,

What is a Mobile Device Anymore?

It used to be easy—mobile devices were brick-like devices that we carried with us to make phone calls.  Not anymore. Now we have smartphones, tablets, eReaders, and other devices that we bring everywhere and can’t seem to live without. No longer are we using them just for phone calls. In fact, they are now mobile computers, books, entertainment stations, game consoles, and social tools, in addition to our communications hubs. And, because Wi-Fi has become a prevalent way for many of these devices to connect to the Internet, they’re no longer strictly “mobile,” from a network perspective.

To learn more about what consumers are doing with their mobile devices, and how and where they are using them, the Cisco Internet Business Solutions Group (IBSG) recently conducted a survey of U.S. mobile users. Following are our top three findings related to mobile devices: Read More »

Tags: , , , , , , , , , , ,

Personalizing VNI Service Adoption Forecast Research

With today’s announcement of the latest Visual Networking Index (VNI) research, I’m excited to kick-off a guest blogging series that will highlight the stories behind the complementary VNI Service Adoption Forecast.  This research predicts the future worldwide end user adoption for 27 services across residential, mobile and business categories.

These services range from SMS, mobile banking, location-based services, online gaming, consumer VoIP, mobile video, and many more. While this makes for interesting predictions on where technology will take us, it only generated more questions in my mind.

Read More »

Tags: , , , ,

NOAA: How Networks are Used in Climate Research

By Jason Kohn, Contributing Columnist

Like many of us, scientific researchers tend to be creatures of habit. This includes research teams working for the National Oceanic and Atmospheric Administration (NOAA), the U.S. government agency charged with measuring the behavior of oceans, atmosphere, and weather.

Read More »

Tags: , , , , , ,

BYOD: No Longer a Four-Letter Word to Enterprise IT Leaders?

Until now, it’s been assumed that enterprise IT leaders probably view the current BYOD (“Bring Your Own Device”) movement with about the same enthusiasm as a farmer awaiting the next locust invasion.

A recent survey from the Cisco Internet Business Solutions Group (IBSG), however, indicates that BYOD may no longer be a “four-letter word” in enterprise IT departments. In fact, the study of 600 U.S. enterprise IT leaders—all from companies of 1,000 or more employees—shows that, if anything, BYOD now has a predominantly positive reputation in U.S. enterprise IT circles. Read More »

Tags: , , , , , , , , , , , ,