Cisco Blogs


Cisco Blog > Partner

New Advancements in Borderless Networks: Connect from Anywhere, at Anytime

Remember the days when going to work meant being stuck at your desk, working on a desktop PC? Thankfully, the proliferation of laptops, tablets, and mobile devices, along with a robust network to support connectivity, has enabled all of us to be on the go and working, at the same time.

With new innovations in Borderless Networks, which are being announced today, an organization’s ability to securely connect anyone, anywhere, with their preferred device, while delivering a high quality experience even to the most resource-intensive multimedia applications, has become even stronger.

So how will these new innovations change the workplace even more? Watch this video to find out, and to learn more details on the enhancements.

Luckily, most of us don’t have a boss like that one in the video. And using our smartphones, we can get some work done on the beach! (Ok, maybe).

As for how the new the Borderless Networks innovations will have an impact—they will deliver solutions in three areas: Security, Management, and Multimedia.

Here are the details, and what the new innovations will mean for our partners: Read More »

Tags: , , , , , , , ,

Score One for the Good Guys

With each passing day, security reports – including Cisco’s – describe accounts of computers that are used in botnet attacks. Each computer, unwittingly, is infected with malware and controlled by remote unseen hands, foreign or domestic, and with little to no care for the computer’s owner. Simply put, the computer is no longer exclusively under the owner’s control; nor is the data or the privacy of the owner. Unchecked, botnets grow in variety, frequency, complexity, and capability.

Traditionally, dynamic teams, composed of private citizens and law enforcement, devise ways to contain the effects of a botnet and, if possible, shut it down in some way, such as:

  • Releasing signatures to anti-virus vendors in the hopes that AV will clean some of the infected machines
  • Disrupting the Command and Control channel, so that the infected computers are no longer receiving instructions
  • Just attempting to stay one step ahead of the malware through DNS, detection, or blocking access lists

In nearly each circumstance, new approaches are developed to keep the botnet variants from succeeding.

Add another creative approach to the mix based in the rule of law.

Read More »

Tags: ,

In between the numbers – Pay Me Now or Pay Me (More) Later

April 14, 2011 at 8:17 pm PST

Maybe it’s because I grew up in the Midwest.   But I just don’t like writing checks to lawyers.

 I’ve lots of friends in the legal profession, and all are lovely people (well, most of them, anyway).

 But as the pragmatic sort, it pains me to spend money to resolve something that might have been settled at a lesser price well before.

 Which leads me to the topic of PCI.

 Just reviewed a 2010 study from the data security experts at The Ponemon Institute that looked at the post-incident cost of data breaches.  Forget, for a moment, the brand humiliation, the CEO news conferences, the critical whiplash in the blogosphere and throughout Facebook.  Ignore, for a moment, that research suggests that 30% of consumers who were victimized by retailer data breaches promise never to patronize the offending brand again.

 The Ponemon research found that 42% of all data breach incidents led to the involvement of a third party (there to provide additional, independent investigation, resolve disputes, and soak up consulting fees.)

 The average cost of that third party involvement in the United States was $1.52 million, with final resolution costs ranging from $750,000 to upwards of $31 million.   That’s on top of lost business estimated at $4.47M per incident.

 Total:  $6M.  Perhaps not fatal to a billion-dollar business, but not a check I’d like to request.

 Yes, I know that active, careful PCI compliance is no guarantee.   And that active, careful PCI compliance doesn’t put revenue on the top line.  And that there’s ongoing confusion about PCI for mobile.  And everyone thinks it’s all too expensive.  And on and on and on.

 But I also know this:  active, careful compliance reduces risk.  Significantly. 

 And that the price of risk is not just a bruised brand. 

 ##

Tags: , , , , , ,

10 Ways to Improve Your Business’s Facebook Security

Brought to you by the Cisco Innovators Program

Small businesses are a growing fan base for Facebook. Seventy percent of U.S. local small businesses interested in online marketing now use Facebook for marketing, up from 50 percent one year ago, according to a February report by MerchantCircle. Many businesses consider Facebook their best friend for low-cost brand marketing. Some also enable shopping on their pages, using Storefront, Payvment, or another ecommerce application.

Read More »

Tags: , ,

Cisco Investigation for TCP Split-Handshake Issue Reported by NSS

Updated May 9th: After a thorough investigation of the TCP Split Handshake issue raised by NSS Labs, Cisco has confirmed that the Cisco ASA firewall is not susceptible to this issue. In all test cases examined, the ASA operates as expected, providing protection in its default configuration against the Split-Handshake as defined in the original TCP Split Handshake paper. As a result, the Cisco PSIRT closed this investigation on May 4th.

Cisco appreciates the extended engagement and data provided by NSS Labs as we’ve worked through these scenarios. During two recent visits to NSS Labs, Cisco was presented with a number of scenarios, including new test cases that deviated from the original Split-Handshake scenario. The Cisco PSIRT collected traces and provided feedback to NSS Labs on all scenarios. In each case, Cisco demonstrated successful network protection through the default ASA configuration or the implementation of firewall policies that are fully supported, documented and used pervasively in enterprise deployments.

As always vulnerability reports should continue to be reported to the PSIRT organization (psirt@cisco.com). Cisco customers are encouraged to contact their account manager with any questions.


Recently there’s been some activity in the press regarding an NSS Labs report on potential vulnerabilities in Next-Generation Firewalls (NGFW). The Cisco Adaptive Security Appliance (ASA) was one of the products mentioned as vulnerable to these attacks. Based on the investigation of this issue to date, the data indicates that Cisco customers are not exposed to this issue. As always, should the vulnerability be confirmed the Cisco Product Security Incident Response Team (PSIRT) will investigate, drive remediation and disclose per our normal communication channels. (PSIRT Vulnerability Policy)

On April 12th, NSS Labs published a report regarding vulnerabilities on a number of firewalls, including Cisco’s ASA product line. The full report has a hefty $3500 price tag, but NSS does provide a free (with registration) “Remediation Guide,” for users of these firewalls.

The NSS Labs Remediation Guide incorrectly lists the Cisco ASA as vulnerable to the TCP Split Handshake attack, and also mentions that there are no steps available to customers to mitigate or remediate this attack.

Following an investigation over the course of several months, involving well over a dozen Cisco engineers from various teams and working in conjunction with NSS Labs, no vulnerability of this nature has been observed on Cisco products. The following products have been investigated:

  • Cisco ASA
  • Cisco IOS Firewall
  • Cisco Intrusion Protection (IPS) Appliances

It’s important to note that the NSS Labs report focuses only on one attack called the TCP Split Handshake, which is a third means to initiate TCP sessions that combines features of both the three-way handshake and the simultaneous-open connection.

However, the goal of this post isn’t to discuss the technical details of TCP handshakes, but rather to present what Cisco has done and is doing to investigate the impact to our products and protect our customers.

Read More »

Tags: , ,