Cisco Blogs


Cisco Blog > Government

Thoughts on the cybersecurity task force

A Republican task force recently released a limited set of near-term recommendations for cybersecurity legislation that emphasized voluntary standards instead of regulation. Interesting. Several words jump out at me in that sentence. “Voluntary standards”, “near-term”, “not regulated”. I paraphrase.

Seems to me that something as important as a task force that was put together should be working on an overall strategy to address cybersecurity rather than trying to patch holes in the dike. Read More »

Tags: , , , , , , , ,

NCSAM Tip #10: Cloud Security for Everyone

Cloud services. You may or may not think about them, but they are no longer a talk of the future. Some of you probably listen to Rhapsody and Rdio, which are cloud-based streaming music services. Others perhaps use a cloud-based compression service Onavo to shrink your smartphone data and your monthly bill. Storage (Dropbox), email, social media, banking, location-based services (GPS), just to name some, all at your fingertips. For small and mid-size businesses, there’s a wide range of cloud services including productivity, finance, and accounting. For many companies and organizations, cloud adoption is on top of their priority list.

Before we continue to ride the cloud at lightning speed, shall we pause a moment to reflect on the risks? After all, there are many things that can threaten our data and services. To learn more about the current threat landscape, watch a rich and compelling on-demand webcast by Patrick Gray, principal security strategist at Cisco. Here are some specific concerns and action to take.

Read More »

Tags: , , , ,

How Safe is Your Phone System?

When considering security, make sure you’re protecting the data on your phones, too

In July 2011, the world saw just how vulnerable voicemail systems can be when a phone hacking scandal took down the News of the World newspaper and created a huge public backlash against News Corp. and its CEO Rupert Murdoch. Reporters were illegally intercepting voicemail messages left for the British Royal Family, celebrities, British soldiers, and others in their quest to scoop stories. Public figures’ voicemail messages aren’t likely to reveal product secrets, credit card numbers, or confidential business strategies, but your employees’ voicemails can. Voicemail systems can be configured insecurely and easily hacked—if you don’t take the right precautions.

Whether you have an analog or IP-based phone system, your company’s private voicemails are vulnerable. Most voicemail systems require only a simple four-digit personal identification number (PIN) to protect a user’s voicemail, and hackers have a few different methods for figuring out those numbers and gaining access to voice mailboxes, including caller-ID spoofing, and social engineering.

The good news is that deleted voicemail messages can’t be hacked. Therefore, the easiest and most effective step you can take in securing your voicemail system is encouraging your employees to delete sensitive messages as soon as they’ve listened to them.

Read More »

Tags: , , , ,

NCSAM Tip #9: Anonymity Online — Profile Management for Personal Safety

Social networking sites like Facebook are great tools for connecting with friends and keeping up-to-date with the good and bad things that are going on in your social circles. Unfortunately, the kind and amount of personal information that makes for great social networking can be used by people with bad intentions to cause real, physical harm. Sound far-fetched? After a referee made a controversial call in a baseball game, someone with his same name received threats meant for the ref. Today’s security awareness tip is about profile management: developing habits that help you to stay in control of the information that’s available about you online, to keep you safe in the real world.

Read More »

Tags: ,

NCSAM Tip #8: Patch Verification with MBSA and Cisco IOS Software Checker

For Cyber Security Awareness Month I’d like to address patching; more specifically, verifying patches in your environment. Patching is a big part of any security policy. It’s also very important to verify that the patches and updates deployed have actually been installed. Whether you have one host or thousands, using a tool to scan your environment to verify those patches can save a lot of time and serve as a check on your patch processes.

There are some very good vulnerability scanners out there that can help locate and identify vulnerabilities and missing patches, but many are complex and expensive. I’d like to talk about two free and simple tools you can use to check that systems in your environments have secure configurations and are running up-to-date software.
Read More »

Tags: ,