security

January 3, 2013

SECURITY

Protecting Our Networks: It’s a Team Game Now!

3 min read

I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.”  In other words, I will never tolerate one player acting selfishly enough to think […]

December 21, 2012

SECURITY

Commitment and Community: Cisco’s Security DNA

2 min read

This is our final post in the series of SecCon-related articles. This post drives home the point made by Cisco's senior executives at the SecCon conference - security must be pervasive in every aspect of every product we design, develop, and deploy. It’s what our customers expect, and SecCon is one of the major delivery vehicles for creating a unified front within the engineering community as part of Cisco’s evolution towards the “Internet of Everything”.

December 21, 2012

SECURITY

Security Features vs. Securing Features

3 min read

Here's the fourth in a series of posts revolving around the recently held Cisco SecCon 2012 (December 3-6) security conference. This post zeroes in on the fact that software vendors need to start focusing (more) on the overall security and quality of software, not just on the implementation of security features in products.

December 19, 2012

SECURITY

Securing Linux Based Products With CSDL

1 min read

Here's the third in a series of posts revolving around the recently held Cisco SecCon 2012 (December 3-6) security conference. The focus of this post is on the Cisco Secure Development Lifecycle (CSDL), Cisco’s approach to building secure products and solutions, and specifically the release of two Cisco documents that have been an integral part of CSDL: “Linux Hardening Recommendations For Cisco Products” and “Product Security Baseline Linux Distribution Requirements."

December 18, 2012

SECURITY

Let’s Hack Some Cisco Gear at SecCon!

4 min read

Here's the second in a series of posts discussing how Cisco SecCon 2012 (December 3-6) brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.

December 17, 2012

SECURITY

Cisco Wraps Up 5th Annual SecCon Conference

2 min read

Cisco SecCon is a security conference for Cisco engineers that focuses on two critical elements for a healthy corporate Security intelligence: 1) expansion of knowledge for all and 2) building a sense of community. Cisco recently allocated two days for intensive hands-on security training (held December 3-4), and then provided two general session days(December 5-6) to discuss a variety of security topics.

November 27, 2012

SECURITY

Real World DNS Abuse: Finding Common Ground

9 min read

The Domain Name System (DNS) is the protocol leveraged within the Internet´s distributed name and address database architecture. Originally implemented to make access to Internet-based resources human-friendly, DNS quickly became critical infrastructure in the intricate behind-the-scenes mechanics of the Internet, second only to routing in its importance. When DNS becomes inaccessible, the functionality of many common Internet-based applications such as e-mail, Web browsing, and e-commerce can be adversely affected—sometimes on a wide scale. This short blog will explore some real-world examples of DNS abuse. I'd like to welcome and thank Andrae Middleton for joining me as a co-author and presenting his expertise on this article. There are a few different types of DNS attacks: cache poisoning, hijacking attacks, and denial of service (DoS) attacks (which primarily include reflection and amplification). In the news as of late are widespread and focused DoS attacks. Cisco Security Intelligence Operations (SIO), with its distributed sensors, is able observe and measure various aspects of the global DNS infrastructure. What follows are two vignettes detailing recent Internet DNS DoS attacks against the Internet's DNS infrastructure. We will see that, though the attacks are different, the results are similar and the countermeasures and mitigations are the same.

November 14, 2012

TECHWISETV

IPS in the Data Center Workshop

1 min read

I pulled some workshop hosting duty trying to fill Jimmy Ray’s big orange shoes this morning. The subject is a great one – Intrusion Prevention in the Data Center with an incredibly sharp engineer, Stijn Vanveerdeghem.  Stijn is one of those crazy smart security guys down in Austin, TX as he works with a bunch of […]