Cisco Blogs


Cisco Blog > Security

March 2013 Cisco IOS Software Security Advisories: T-7 and Counting!

It’s that time of year again, folks. On Wednesday of next week, the Cisco Product Security Incident Response Team (PSIRT) will release the first Cisco IOS Software Security Advisory Bundled Publication of 2013. As a reminder, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our security advisories, vulnerabilities scheduled for disclosure in the upcoming bundle will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.

Read More »

Tags: , , , , ,

Collaboration and the Internet of Everything

Kiss your old running shoes good-bye. Change is constant. And technology has always been about change and convergence. But the massive, global-scale change occurring now is happening at rates faster than anyone ever predicted.

stinky shoesAnd this is disruptive change. It’s change that requires you to act, adapt, and move quickly to take advantage of the opportunities that come with it.

Cisco has a long history of showcasing disruption and convergence at Enterprise Connect since the early days of VoiceCon. TDM to voice over IP; the convergence of voice, video, and data; unified communications: In each case we saw how converging technology and collaborative behavior has helped disrupt the traditional way of doing things and created more value for businesses and users.

Today technology is creating disruption in unexpected places.

Read More »

Tags: , , , , , , ,

Addressing Ongoing Security and Compliance Requirements

Organizations continue to face threats to their brands, reputations, and profits from attacks on their information systems. The Payment Card Industry Data Security Standard (PCI DSS) is designed to protect credit card information. During my five-year tenure at Cisco, I’ve been focused on PCI. The challenge that we have faced when deploying a solution to help customers become compliant and maintain a secure enterprise is the complexity. At the various trade shows that I have attended to discuss PCI, I have encountered a lot of head-shaking and looks of disgust as I bring up the topic of PCI. To help simplify PCI compliance, Cisco has released the latest Cisco Compliance Solution for PCI DSS 2.0 to make it easier for organizations to maintain a secure, compliant network.

Read More »

Tags: , , , ,

Answering the Two Most-Asked Questions About the Internet of Everything #IoE

Since Cisco began discussing the Internet of Everything (IoE) last year, two questions have arisen consistently:

1) What is the difference between IoE and the Internet of Things (IoT)?
According to Cisco, IoE brings together people (humans), process (manages the way people, data, and things work together), data (rich information), and things (inanimate objects and devices) to make networked connections more relevant and valuable than ever before—turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries.

To better understand this definition, it is helpful to take a quick look at the evolution of the Internet. In the early 1990s, devices connected to the Internet were essentially “fixed.” For example, you went to your desk to use your PC, dumb terminal, or other device. At its peak, this first wave reached about 200 million devices by the late 1990s.

Around the year 2000, devices started to come with you. Remember lugging around your first “brick” mobile phone? As the number of both fixed and mobile devices (including machines) ballooned, the number of things connected to the Internet increased, reaching about 10 billion this year. This wave of Internet growth ushered in IoT, or as I sometimes call it, the “Age of the Device.”

IOE_IOT2

Cisco believes the third wave of Internet growth has already begun. As the things connected to the Internet are joined by people and more intelligent data (as Cisco’s definition describes), IoE could potentially connect 50 billion people, data, and things by 2020.

So, what is the difference between IoT and IoE? Read More »

Tags: , , , , , , ,

Tools of the Trade: cvrfparse

Prologue

In this article, you will be provided a thorough treatise on an in-house developed tool for parsing and validating CVRF documents aptly named “cvrfparse”. The article is split into two parts. The first part, intended for CVRF document producers and consumers, is a hands-on manual detailing how to use cvrfparse. The second part, intended for burgeoning Python programmers, explores some of the inner workings of the tool.

Introduction

The CVRF parser or “cvrfparse” is a Python-based command line tool that offers simple parsing and validation of CVRF documents. Using it, you can quickly query a CVRF document for any of its contents. For example, let’s say one of your vendors releases a bundle of security advisories encoded in CVRF. There are a dozen individual CVRF documents each with multiple vulnerabilities across hundreds of products. Using cvrfparse, you can quickly ascertain which documents contain vulnerable products you might have installed in your infrastructure. We’ll see how, shortly.

Read More »

Tags: , ,