Cisco Blogs


Cisco Blog > Security

Partner Perspectives: Nexus, Inc. on Defending the Data Center

A few weeks ago, I got to arrange a meeting of the minds – between Cisco and one of our Master Security and UC Specialized partners, Nexus, to be exact. Given the new Security products and solutions we’ve announced around defending the data center, we thought it’d be a good time to sit down with Nexus and get a partner perspective on what they’re seeing in the market.

We chatted with Waheed Choudhry, President and COO, and Mike Zozaya, Practice Manager of Security, Mobility, and Infrastructure at Nexus to get some insights on what their customers are trying to achieve in the data center and how Cisco Security is helping them get there.

Read More »

Tags: , , ,

Automating Cisco IOS Vulnerability Assessment

September 26, 2012 at 9:14 am PST

Security automation is a hot topic these days. Most organizations have many systems to patch and configure securely, with numerous versions of software and features enabled. Many security administrators are seeking ways to leverage standards and available tools to reduce the complexity and time necessary to respond to security advisories, assess their devices, and ensure compliance so they can allocate resources to focus on other areas of their network and security infrastructure.

Cisco is committed to protect customers by sharing critical security-related information in different formats.

Starting today, September 26, 2012, Cisco’s Product Security Incident Response Team (PSIRT) is including Open Vulnerability and Assessment Language (OVAL) definitions in Cisco IOS security advisories. Read More »

Tags: , , , , ,

Cisco IOS Software Security Advisory Bundle Announced

Today Cisco Security Intelligence Operations (SIO) has released its Semi-annual Cisco IOS Software Security Advisory Bundle, the second and final IOS bundle publication of 2012. Today’s release includes nine advisories, of which five have workarounds.

As in previous bundle publications, Cisco SIO has provided an array of security resources to help customers secure their networks. This collateral is not unique to bundle security advisories and instead is part of SIO’s response to current security events. Resources include: Read More »

Tags: , , , , ,

Numeric Password Follies

September 25, 2012 at 9:52 am PST

I have commented before on numeric passwords, and how they can and cannot be used securely. Apparently, not everyone has been reading my blog. Developer Kevin Burke has apparently discovered a phone company that limited customer passwords to a six-digit code, with only the numbers 0-9 as options. Combined with not having any failed password lockouts, nor requiring any other information besides username (your phone number) and the six-digit password, this is a recipe for disaster.

Read More »

Tags: , , ,

The Age of Hypervisors

The science behind Virtual Machine Monitors, or VMM, aka Hypervisors, was demystified almost half a century ago, in a famous ACM publication, “Formal Requirements for Virtualizable Third Generation Architectures”.

In my life, I had the honor of working on some of the most bleeding edge virtualization technologies of their day.  My first was IBM’s VM, VSAM and a host of other v-words.  My last was at XenSource (now Citrix) and Cisco, on what I still think is the most complete hypervisor of our age, true to its theoretical foundation in the Math paper I just mentioned.

Though Xen is arguably the most widely used hypervisor in the Cloud or sum of all servers in the world today, I actually think its most interesting accomplishment lies in what its founders just announced this week.  Therefore, I want to extend my congratulations to my good friends Simon Crosby and Ian Pratt for the admirable work at Bromium with vSentry.

I think it is remarkable for two reasons.  It addresses the missing part of what hypervisors are useful, which is security; for those of you that actually read Popek & Goldberg’s paper, you would note that VMM’s are very good at intercepting not just privileged but also sensitive instructions, and very few people out there, until now have focused on the latter, the security piece.  But there is one more reason, in fact the key point of this paper, the necessary and sufficient conditions for a system to be able to have a VMM or hypervisor, and I am hoping the Xen guys who have done so well articulating that for real (not fictional or hyped) hypervisors, can also help sort our the hype from fiction in what is ambiguously called nowadays a “network hypervisor”.

Could this approach be what is actually missing, to sort out truth from hype in what we call SDN today?  Is this the new age of hypervisors?  Or is this just another useful application of an un-hyped hypervisor?

Tags: , , , , , , , , ,