In a world where people are always on the go, it’s only natural that employees will use their own mobile platforms more often for collaboration. However, the increase in the Bring Your Own Device (BYOD) trend for collaboration purposes brings about a number of security concerns in the workplace.
There are multiple capabilities that go into delivering an enterprise-class BYOD solution. The recent attention around the National Security Agency (NSA) surveillance leak may have organizations across the globe reevaluating their strategies when it comes to BYOD security, but there are tools to minimize threats, such as: user authentication, network access control, and remote data wipe
We understand the need for an emphasis on security and have developed the tools to minimize the threat when it comes to your organizations’ BYOD strategy. Please take a look at our CTO of Collaboration, Laurent Philonenko’s recent No Jitter article about the many options and factors to consider when planning your BYOD security strategy.
Tags: byod, collaboration, Laurent Philonenko, no jitter, security
I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.
AAA: Authentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.
ACL/tACL/iACL/VACL/PACL: Access Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.
FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.
IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it should be maintained using Cisco’s IPS subscription service.
DNSSEC: Domain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »
Tags: byod security, Cisco Security, cybersecurity, HIPAA Compliance, incident response, MDM, PCI Compliance, pci-dss, security, vulnerability
Having just returned home to New Jersey from Cisco Live US in Orlando, Florida, I thought I’d share my experiences as a Network Security Engineer both attending and presenting at this year’s conference.
There were approximately 20,000 attendees at this year’s conference, which I believe set a new Cisco Live attendance record! Considering the huge size of the conference, which rivals game day attendance at some small market Major League Baseball teams, I was amazed at the efficiency and organization of the conference—from the session logistics to the World of Solutions “happy hours” and the Customer Appreciation Event held at Universal Studios!
While listening to the various keynote speeches, most notably those from John Chambers, Padmasree Warrior, Rob Lloyd, and Edzard Overbeek, it’s clear that Security, is “Top of Mind” for the Cisco Leadership Team.
Out of the roughly 625 sessions, there were approximately 100 sessions and labs focused on security, including a few below, which were presented by some of my fantastic and extremely bright peers within the Security organization. Sessions and labs included relevant topics such as network threat defense, IPv6, threat mitigation, and intrusion prevent and signature development. Read More »
Tags: Black Hat USA, cisco live, Cisco Live 2013, Cisco Security, cisco sio, DDoS, IPv6, security
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant changes and updates. At the same time, over 100 HIPAA audits concluded in 2012. The Office of Civil Rights (OCR) released initial analysis of these audits in May 2013. The HIPAA Omnibus Final Rule and 2012 HIPAA audit results may influence how you run your network in the future. Here are nine network considerations that could impact your network and IT processes.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Ignorance is not bliss
- Your business associate(s) must be tracked
- Breach discovery times: know your discovery tolerance
Each of these considerations will be explored in a nine-part blog series, posted on the healthcare blogs site.
Tags: healthcare, HIPAA, security
With Cisco Live! in Orlando on the horizon, we are kicking off the news cycles and technology innovation a little early. Today we’re teaming with our friends at Citrix to announce the expansion of our virtual networking portfolio and provide clarity around our strategy for application delivery controller solutions.
There are two key elements of this strategy:
First, Cisco will begin reselling and supporting a customized version of the popular Citrix NetScaler virtual application delivery controller (ADC) as part of our Cloud Network Services portfolio. Branded Citrix NetScaler 1000V, the Cisco version of the product will be fully supported by the Cisco Technical Assistance Center. We will begin selling the NetScaler 1000V when available in Q3 CY 2013.
Secondly, Cisco and Citrix have worked on joint development to tightly couple the NetScaler ADC into Cisco’s virtual networking framework. This joint development includes integration of NetScaler 1000V with the Cisco Nexus 1100 Cloud Services Platform, and the Nexus 1000V services integration technology, vPath.
Cisco’s Cloud Network Services strategy bridges IT to application architects, and with this Citrix NetScaler 1000V announcement, we integrate virtual applications to Cisco Unified Fabric, delivering scalable, reliable application services to users.
Why is NetScaler 1000V the right solution now?
Advances in cloud computing, data center consolidation, mobility and big data are imposing new demands on the network, along with a drive for greater network simplification and automation.
As virtual networking and programmable overlay networks evolve to meet these challenges, an equal evolution needs to take place in Layer 4-7 application networking services and security to support widespread virtualization, application mobility, cloud architectures and network orchestration.
Cisco’s solution to this challenge is Cloud Network Services, a portfolio of integrated, application-aware network services and security offerings designed for virtual and cloud environments. The Cloud Network Services framework eliminates the obstacles of physical service appliances to accommodate the requirements of virtual applications and cloud deployments, such as:
- Limited scalability of physical services in fixed locations
- Inconsistent application performance based on workload location relative to services
- Difficulty in inserting security and network services into virtual networks
- Lack of control over services and policies for applications deployed at cloud service providers
The NetScaler 1000V virtual ADC
NetScaler 1000V fills an important void in Cisco’s virtual product architecture for an application delivery controller solution to give applications critical performance enhancements, offload application servers, and to help guarantee quality of service and improve end user experience. These requirements are growing exponentially with the increases in bring-your-own-device (BYOD), client mobility, and cloud migration.
Virtual services can be more flexibly deployed to cloud service providers without modification, while relying on the same infrastructure and policies that they might have with corresponding physical appliances in their on-premises data centers. With NetScaler 1000V, customers can have consistency across their physical, virtual and cloud infrastructures, along with the Citrix NetScaler physical appliances.
The Cisco Cloud Services Platform
With the evolution to Cloud Network Services as the Layer 4-7 framework for virtual and cloud networks, organizations are increasingly looking for a flexible platform to deploy these virtual service nodes rather than use existing application servers. Cisco has created the Nexus 1100 Cloud Services Platform to address this need.
The Nexus 1100 Cloud Services Platform is a series of UCS-based appliances dedicated to running Cloud Network Service nodes. In addition to the virtual services listed above, the Nexus 1100 runs the management platforms for the virtual network, the Virtual Security Module (VSM), and the Data Center Network Manager (DCNM) application. The Cloud Services Platform can be dynamically configured to allocate its virtual CPUs to each service as needed based on current application and performance requirements. Current models of the Nexus 1100 series include the Nexus 1110-S and 1110-X.
vPath: The Secret Sauce to Enabling Services in Virtual and Cloud Networks
vPath is a component of the Cisco Nexus 1000V virtual switch which directs traffic to appropriate virtual service nodes, such as firewalls or ADCs, in the right order for each application, independent of the topology of the network or the location of the network services. This allows for greater application mobility and more reliable service delivery. NetScaler 1000V will be integrated into the Cloud Network Services framework via vPath and will be a key differentiator against other ADC products.
As part of the Cisco-Citrix collaboration in next generation data center and cloud architectures, the Citrix NetScaler MPX line of high performing application delivery controllers will also attach to the Cisco Nexus 7000 Series switches. This capability will provide customers the benefits of higher resiliency, plug and play installation, improved agility, and increased leverage of both their switching and ADC investments.
All of the Cisco Cloud Network Services, including the Citrix NetScaler 1000V, will be on display next week at Cisco Live! Along with other announcements we have planned for data center and cloud networking, it promises to be a great event and we hope to see you there.
For more information, check also the press release here
Tags: 1000V, Cisco, citrix, cloud, Cloud Network Services, data center, NetScaler, security, virtualization, vPath