Cisco Blogs

Cisco Blog > Security

SecCon and the Limits of the Human Mind

One of the things I like best about Cisco’s focus on security is the internal SecCon conference we put on each year. It focuses on security threats, defenses, and innovation. Although I participate as a trainer, organizer, and reviewer, my favorite role this year was as an attendee. The conference theme, The State of the Hack, encompassed many elements, but the key one for me was trust and the human element.

The two external keynotes set the tone for talking about trust. Bruce Schneier started by pointing out that trust is an inherent element of living in a society of humans. It allows people to work together, and enables banking, transport, commerce, government, and all the elements necessary for a society to function. Without it, we’d have to raise our own food, and live independently of electricity, money, and even neighbors. Bruce mentioned the four mechanisms that enforce trust: morals, reputation, institutional (rules), and security systems. As security practitioners, we tend to focus on the latter, but should remember the first three as well. Reputation is the currency of trust, and is what allows us to trust financial institutions, police, friends, and our food supply. Reputation takes a long time to build up, over many interactions. Banks and stores need to be in business for years to build trust. You trust your friends and neighbors gradually with money, keys, and babysitting. But trust can be destroyed in just one action, as many transgressing politicians and security-breached vendors can attest.

Read More »

Tags: ,

OpenSSL Website Breached Via Hypervisor Management Interface Misconfiguration

The website of the OpenSSL project, which provides a widely-used SSL/TLS implementation, was breached on 29th December and defaced ( announcement). This defacement only affected the website of the project, however. The OpenSSL project has since checked the cryptographic hashes of the OpenSSL source code and confirmed that the source code has not been modified or compromised in any way. A compromise of the source code could result in a backdoor or other vulnerability being introduced. This is an important point since the Debian release of OpenSSL in 2006 had a bug which weakened the random number generator (wikipedia). However, the most worrying development of this breach is the way that the website was compromised, which was through the virtualization infrastructure of their hosting provider IndIT Hosting.

Whilst there are many potential avenues of attack against a website, what makes this attack notable is that instead of attacking the website directly, they attacked the hosting infrastructure of the website itself. In this case, it was the Virtual Machine hosting infrastructure operated by the hosting provider. VMWare, whose products were used to host the OpenSSL website issued the following statement:

Read More »


The Cisco RV325 – The newest edition to the Cisco Small Business Routing Portfolio

Now that the Holidays are upon us, and we look forward to 2014, the Cisco Small Business team continues to raise the Small Business networking bar with the introduction of the all new Cisco RV325. This Dual WAN, 14-port VPN Router, provides all of the same performance, security and reliability of the RV320 launched last June. Both routers are perfect for fast-growing small businesses or branch deployments. So if you are looking for more ports in the same enclosure, the RV325 is the Small Business router to take a look at.

RV320 and RV325

RV320 and RV325

Like the it’s smaller sibling the RV320, the RV325 is a perfect match with the Cisco Small Business SG300 Series Switches and WAP500 Series Access Points. As you saw from my last Blog, the WAP551 and WAP561 boasts a nice feature-set including Captive Portal and Single Point Set-up. The WAP 551/561 are controller-less Access Points meaning additional hardware is not required. The SG300 Series offers a nice blend of features at an affordable price and are designed Small Business. It has most of the features that can be found in today’s Enterprise-class Switches.

This formidable combination makes for the perfect solution for that many Small Businesses and Organizations can take advantage of. Add in our portfolio of award-winning Cisco Small Business Services, and you have a solution that all that guarantees a positive experience from Cisco Small Business Team.

One Option for this solution is the newly launched 200 Series of Smart Switches. There are four new models including 10-, 24-, 26-, and 50-port switches. These Full Power PoE Smart Switches are a great alternative as they offer a generous feature-set, solid performance and even greater affordability.

SG200 Series PoE Smart Switch

SG200 Series PoE Smart Switch


Happy Holidays and Happy New Year’s from the Team at Cisco Small Business.







Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Summary: What Next-Generation Wi-Fi Models Could Mean for Secure Mobility

With the adoption of the Internet of Things and Internet of Everything, advances in mobility and next-generation Wi-Fi are driving faster speeds, higher signal quality and more reliable connectivity, but how are they changing the way we think about mobile security?

As more people connect to both wired and wireless networks via smart phones, tablets and laptops, security will continue to be a top concern. New Wi-Fi models, such as Beamforming and Wi-Fi Direct, are helping drive mobile devices to the faster, more secure 5GHz band, therefore offering secure ways to enable the Internet of Everything to connect more people, processes, data and things.

As mobility trends drive new expectations from networks, a strategic and architectural approach to secure mobility is essential, and next-generation Wi-Fi makes this possible.

Read the full What Next Generation Wi-Fi Could Mean for Secure Mobility blog to learn more.

Tags: , , , , , , , , , ,

2014: A Look Ahead

It’s December and the 2013 cyber security news cycle has just about run its course. We’ve seen more and increasingly virulent attacks, continued “innovation” by adversaries, and a minor revival of distributed denial of services (DDOS) actions perpetrated by hacktivists and other socio-politically motived actors.

Against this, Cisco stood up tall in recognizing the importance of strong security as both an ingredient baked into all Cisco products, services, and solutions, and a growing understanding of how to use the network to identify, share information about, and defeat threats to IT assets and value generation processes. I can also look back at 2013 as the year that we made internal compliance with the Cisco Secure Development Lifecycle (CSDL) process a stop-ship-grade requirement for all new Cisco products and development projects. Read More »

Tags: , , , , , ,