I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.
AAA: Authentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.
ACL/tACL/iACL/VACL/PACL: Access Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.
FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.
IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it should be maintained using Cisco’s IPS subscription service.
DNSSEC: Domain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »
Tags: byod security, Cisco Security, cybersecurity, HIPAA Compliance, incident response, MDM, PCI Compliance, pci-dss, security, vulnerability
Having just returned home to New Jersey from Cisco Live US in Orlando, Florida, I thought I’d share my experiences as a Network Security Engineer both attending and presenting at this year’s conference.
There were approximately 20,000 attendees at this year’s conference, which I believe set a new Cisco Live attendance record! Considering the huge size of the conference, which rivals game day attendance at some small market Major League Baseball teams, I was amazed at the efficiency and organization of the conference—from the session logistics to the World of Solutions “happy hours” and the Customer Appreciation Event held at Universal Studios!
While listening to the various keynote speeches, most notably those from John Chambers, Padmasree Warrior, Rob Lloyd, and Edzard Overbeek, it’s clear that Security, is “Top of Mind” for the Cisco Leadership Team.
Out of the roughly 625 sessions, there were approximately 100 sessions and labs focused on security, including a few below, which were presented by some of my fantastic and extremely bright peers within the Security organization. Sessions and labs included relevant topics such as network threat defense, IPv6, threat mitigation, and intrusion prevent and signature development. Read More »
Tags: Black Hat USA, cisco live, Cisco Live 2013, Cisco Security, cisco sio, DDoS, IPv6, security
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant changes and updates. At the same time, over 100 HIPAA audits concluded in 2012. The Office of Civil Rights (OCR) released initial analysis of these audits in May 2013. The HIPAA Omnibus Final Rule and 2012 HIPAA audit results may influence how you run your network in the future. Here are nine network considerations that could impact your network and IT processes.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Ignorance is not bliss
- Your business associate(s) must be tracked
- Breach discovery times: know your discovery tolerance
Each of these considerations will be explored in a nine-part blog series, posted on the healthcare blogs site.
Tags: healthcare, HIPAA, security
With Cisco Live! in Orlando on the horizon, we are kicking off the news cycles and technology innovation a little early. Today we’re teaming with our friends at Citrix to announce the expansion of our virtual networking portfolio and provide clarity around our strategy for application delivery controller solutions.
There are two key elements of this strategy:
First, Cisco will begin reselling and supporting a customized version of the popular Citrix NetScaler virtual application delivery controller (ADC) as part of our Cloud Network Services portfolio. Branded Citrix NetScaler 1000V, the Cisco version of the product will be fully supported by the Cisco Technical Assistance Center. We will begin selling the NetScaler 1000V when available in Q3 CY 2013.
Secondly, Cisco and Citrix have worked on joint development to tightly couple the NetScaler ADC into Cisco’s virtual networking framework. This joint development includes integration of NetScaler 1000V with the Cisco Nexus 1100 Cloud Services Platform, and the Nexus 1000V services integration technology, vPath.
Cisco’s Cloud Network Services strategy bridges IT to application architects, and with this Citrix NetScaler 1000V announcement, we integrate virtual applications to Cisco Unified Fabric, delivering scalable, reliable application services to users.
Why is NetScaler 1000V the right solution now?
Advances in cloud computing, data center consolidation, mobility and big data are imposing new demands on the network, along with a drive for greater network simplification and automation.
As virtual networking and programmable overlay networks evolve to meet these challenges, an equal evolution needs to take place in Layer 4-7 application networking services and security to support widespread virtualization, application mobility, cloud architectures and network orchestration.
Cisco’s solution to this challenge is Cloud Network Services, a portfolio of integrated, application-aware network services and security offerings designed for virtual and cloud environments. The Cloud Network Services framework eliminates the obstacles of physical service appliances to accommodate the requirements of virtual applications and cloud deployments, such as:
- Limited scalability of physical services in fixed locations
- Inconsistent application performance based on workload location relative to services
- Difficulty in inserting security and network services into virtual networks
- Lack of control over services and policies for applications deployed at cloud service providers
The NetScaler 1000V virtual ADC
NetScaler 1000V fills an important void in Cisco’s virtual product architecture for an application delivery controller solution to give applications critical performance enhancements, offload application servers, and to help guarantee quality of service and improve end user experience. These requirements are growing exponentially with the increases in bring-your-own-device (BYOD), client mobility, and cloud migration.
Virtual services can be more flexibly deployed to cloud service providers without modification, while relying on the same infrastructure and policies that they might have with corresponding physical appliances in their on-premises data centers. With NetScaler 1000V, customers can have consistency across their physical, virtual and cloud infrastructures, along with the Citrix NetScaler physical appliances.
The Cisco Cloud Services Platform
With the evolution to Cloud Network Services as the Layer 4-7 framework for virtual and cloud networks, organizations are increasingly looking for a flexible platform to deploy these virtual service nodes rather than use existing application servers. Cisco has created the Nexus 1100 Cloud Services Platform to address this need.
The Nexus 1100 Cloud Services Platform is a series of UCS-based appliances dedicated to running Cloud Network Service nodes. In addition to the virtual services listed above, the Nexus 1100 runs the management platforms for the virtual network, the Virtual Security Module (VSM), and the Data Center Network Manager (DCNM) application. The Cloud Services Platform can be dynamically configured to allocate its virtual CPUs to each service as needed based on current application and performance requirements. Current models of the Nexus 1100 series include the Nexus 1110-S and 1110-X.
vPath: The Secret Sauce to Enabling Services in Virtual and Cloud Networks
vPath is a component of the Cisco Nexus 1000V virtual switch which directs traffic to appropriate virtual service nodes, such as firewalls or ADCs, in the right order for each application, independent of the topology of the network or the location of the network services. This allows for greater application mobility and more reliable service delivery. NetScaler 1000V will be integrated into the Cloud Network Services framework via vPath and will be a key differentiator against other ADC products.
As part of the Cisco-Citrix collaboration in next generation data center and cloud architectures, the Citrix NetScaler MPX line of high performing application delivery controllers will also attach to the Cisco Nexus 7000 Series switches. This capability will provide customers the benefits of higher resiliency, plug and play installation, improved agility, and increased leverage of both their switching and ADC investments.
All of the Cisco Cloud Network Services, including the Citrix NetScaler 1000V, will be on display next week at Cisco Live! Along with other announcements we have planned for data center and cloud networking, it promises to be a great event and we hope to see you there.
For more information, check also the press release here
Tags: 1000V, Cisco, citrix, cloud, Cloud Network Services, data center, NetScaler, security, virtualization, vPath
How can you get your data center off to a smooth start? At the Gartner Security & Risk Management Summit this week, I presented three data center innovations that hold the key to accelerating business securely.
Ease of provisioning
According to a recent Cisco IT case study, data center provisioning times have decreased from eight weeks to 15 minutes. Security must do the same to realize the full benefits of data center automation.
Often, businesses have trouble implementing this vision because of their existing IT. The people and their skill base, the processes they use and even the technology they have implemented, are very silo-based. It is not designed to integrate into an automated, on-demand model.
There are many challenges imposed by siloed technologies when you attempt to converge or virtualize these environments. A common issue is when storage and server platforms were not designed to work together. This necessitates expensive service engagements to build. Additionally, in order to hide the associated complexity, expensive management software has to be deployed to “simplify” infrastructure deployments. This approach just doesn’t work. The result is increasing complexity that makes the architecture brittle and costly.
At Cisco, we believe it is important to look for a solution that doesn’t look at technologies, processes, and people in isolation. You can enable a powerful IT by taking a unified approach and working with technologies that are designed to work together. Your IT can be a service foundation that redefines data center economics and delivers performance, reliability, and business innovation. Unification is the element that will deliver that.
Maximized Network Performance and Resilience
On a unified network, IT can ensure the highest levels of network performance and business continuity through:
• 8x performance density over competitive firewalls and up to 1.9 million new connections per second and 80 million maximum connections per second enables Cisco firewalls to meet the most stringent performance requirements
• Eliminating compromise, retrofits and disruption to network design via Virtual Portal Channel and FabricPath integration for increased efficiency
The third innovation that can streamline your data center and accelerate your business is actionable security intelligence. A secure network can differentiate by users and their multiple devices, differentiate applications, know behaviors and ultimately confirm IT policy is aligned with business. Building trusted chains that extend from the user to the application and are uniquely aligned to business context, can ensure efficiency and security.
Learn how Cisco can help you to leverage these innovations to accelerate your business securely.
Follow me on Twitter @e_desouza and discover my other presentation at Gartner in my previous blog Everything’s in the cloud : Now What?
Tags: Cisco, Cisco Security, Cisco Unified Fabric, data center, data center architecture, data center security, fabric, firewall, integrated security, it security, network security, secure infrastructure, security, security intelligence, virtualization, vPath