Cisco Blogs


Cisco Blog > Internet of Everything

Forget Looking in the Mirror, It’s Your Digital Image That Truly Matters

It’s great to stay in shape at the gym and pick out stylish clothes. But more and more, the personal image that really counts is digital.

That’s because the Internet of Everything (IoE) era demands new ways of looking at, well, just about everything. And everything includes you. In an expanding universe of new connections, each of us needs to ask, just where do I fit? And how am I being viewed?

In short, what is my digital persona?

The ways in which we are seen online have assumed acute importance in recent years, and that only stands to increase. Therefore, our digital personas have to be cultivated and maintained, just as we care for our images in the physical world.

In career terms, for example, you may be known in your daily work life as a good leader. But the physical world has limited reach.  If there is no evidence of that in the digital world, you will be in trouble, especially if you happen to be looking for a new job. Recruiters, of course, know that they can do an instant search and start compiling your digital profile within seconds. If you say you’re an expert or a good manager, your digital persona had better back it.

According to some recent research, job recruiters are turning more and more to Facebook, which by some measures is becoming even more impactful for employment purposes than LinkedIn. So, if the personal social media site can actually trump the professional social media site, think twice before you post those Spring Break photos.

As the consumerization of IT extends ever further into the workplace — via personal devices, social media, and so forth — the blurring of the personal and the professional will only continue.  As a result, everyone must be aware that personal actions have an impact comparable to professional achievements. And the digital trail that you leave behind every day influences how you are perceived in the marketplace.

Read More »

Tags: , , , , , , , , , ,

Steganographic Key Leakage Through Payload Metadata

Steganography is the ancient art of invisible communication, where the goal is to hide the very fact that you are trying to hide something. It adds another layer of protection after cryptography, because encrypted message looks like gibberish and everyone immediately notices that you want to hide something. Steganography embeds the (encrypted) secret message into an innocuous looking object such that the final communication looks perfectly normal. The “analog” form of steganography is the art of writing with invisible ink. The digital version hides the message by a subtle modification of the cover object. Probably the most researched area in digital steganography uses digital images as a cover media into which the message is inserted. The oldest (and very detectable) technique replaces the least significant bit (of each colour channel) with the communicated message. Shown below, the first picture is the cover object and the second one is the stego object.

cover

stego_2

Read More »

Tags: , , , ,

Enhance Your Security Investment with Security Optimization Service

Many organizations have the same challenges when it comes to security: blurring boundaries, more and more organized cybercrimes, difficulty in finding and retaining technical talent, and keeping up-to-date with the latest security threats and tools.

In my inaugural blog, I’d like to tell you about one useful offering: the Security Optimization Service (SOS) from Cisco Services. The service can help you keep current with what is happening in the industry and in your security fabric on an ongoing basis.

Your corporate security infrastructure fabric should be treated as a dynamic living and breathing ecosystem of policy, framework, hardware, software, applications, people, and processes, with errors, omissions, and commissions all inclusive.

Ongoing care, maintenance, optimization, change support, and user education is critical to get more out of your investments and future planning. This is the philosophy behind Cisco SOS.

Read More »

Tags: , , ,

Safeguarding Privacy in the Internet of Things

Jason KohnBy Jason Kohn,  Contributing Columnist

You can’t open a web browser these days without coming across a story on the Internet of Things (IoT), and the ways that connected, autonomous devices will revolutionize every industry. There’s a reason for the hype: Cisco forecasts 50 billion connected devices by 2020, with the potential to create more than $14 trillion in value for global businesses over the next decade.

But IoT also heralds another revolution, in the degree to which individual behavior can be tracked and analyzed. While much of IoT focuses on verticals like manufacturing, energy exploration, and industrial applications, where the massive data generated by fine-grained monitoring is almost entirely beneficial, IoT will also touch on a broad range of consumer devices. From transportation to home automation to connected medical devices, machines will be monitoring the behavior of individuals more than at any time in human history. This raises a number of serious questions about consumer privacy and information security.  Read More »

Tags: , , , , , ,

SNMP: Spike in Brute-force Attempts Recently Observed

Simple Network Monitoring Protocol (SNMP) has been widely deployed as an important network management tool for decades, is a key component of scalable network device management, and is configurable in nearly all network infrastructure devices sold today. As with any management protocol, if not configured securely, it can be leveraged as an opening for attackers to gain access to the network and begin reconnaissance of network infrastructure. In the worst case, if read-write community strings are weak or not properly protected, attackers could directly manipulate device configurations.

Cisco has recently seen a spike in brute-force attempts to access networking devices configured for SNMP using the standard ports (UDP ports 161 and 162). Attacks we’ve observed have been going after well known SNMP community strings and are focused on network edge devices. We have been working with our Technical Assistance Center (TAC) to assist customers in mitigating any problems caused by the brute-force attempts.

While there’s nothing new about brute-force attacks against network devices, in light of these recent findings, customers may want to revisit their SNMP configurations and ensure they follow security best practices, including using strong passwords and community strings and using ACLs to restrict access to trusted network management endpoints.

Cisco has published a number of best practices documents for securing the management plane, including SNMP configuration:

Tags: , , , , ,