Cisco Blogs


Cisco Blog > Security

BYOD, Mobility, and Remote Access VPN – How Can I Troubleshoot All These Technologies and Solutions?

June 8, 2012 at 7:22 am PST

Mobility enables the extension of IT resources and application availability to anytime, anyplace, any way. Initially people thought that the “mobility movement” was just hype; however, it is definitely a reality, as it has become ubiquitous with efficiency. All of these new devices and social applications are bringing potential security risks to the enterprise and public sector organizations. The threat landscape ranges from potential data leakage to lost and stolen devices that may contain corporate and private information.

The question now is how can we address the customers’ challenge of enhancing productivity without compromising network security. Cisco’s AnyConnect Secure Mobility Client and the Cisco ASA 5500 Series Adaptive Security Appliances enable desktop and mobile users to connect to the corporate network, giving access to the network from any device based on comprehensive secure access policies. Cisco AnyConnect Secure Mobility Client works in conjunction with Cisco’s IronPort Web security appliance, the Cisco ASA appliance, and also provides integration with ScanSafe, an in-the-cloud Web security solution.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Firewall Network Threat Defense, Countermeasures, and Controls @ Cisco Live 2012 – San Diego!

The advent of social networking, BYOD implementations, and web interactions has transcended the Internet traffic flows of yesterday. Adversely, the security risks and threat landscape have not only evolved, but become an ever increasing factor in protecting today’s information systems. This continued movement has led to the introduction of a new security topic for the upcoming Cisco Live 2012 conference. This topic and subsequent lab session, “Firewall Network Threat Defense, Countermeasures, and Controls” is part of the “Cyber Aikido” security suite of sessions being offered at Cisco Live 2012, and has been developed around threat defense solutions applicable to Cisco Firewalls. The course is largely based on the upcoming “Cisco Firewall Best Practices Guide“.

The “Firewall Network Threat Defense, Countermeasures, and Controls” instructor-led lab will provide administrators and engineers of Cisco Firewalls the knowledge and understanding to protect their networks against threats and attacks leveraging industry standard and Cisco Firewall Best Practices. This includes understanding control plane, management plane, and data plane architectures, and applying security features and constructs to secure the traffic traversing and interfacing with your devices or hosts.

Read More »

Tags: , , , , , , , , , ,

6.5 million password hashes suggest a possible breach at LinkedIn

LinkedIn is believed to have suffered a password hash breach (updated: LinkedIn has confirmed the breach), thanks to a forum post that quickly caught the attention of security researchers on Twitter and other social outlets. The posted archive contained a 270+ MB text file of SHA-1 hashes, and forum discussions suggested that it was related to the popular business-centric social site.

At the moment, little is known and speculation is running wild. LinkedIn has not finished investigating whether they have been breached, however many security pros are confirming for the media that the SHA-1 hashes of their passwords are found in the file. The file is constructed in a hash-per-line fashion, with no evident plaintext that suggests it is anything other than passwords (such as usernames, etc.). However, it’s possible that anyone gaining the original access to hashes had or has access to additional details.

I obtained a copy of the hash list, produced a SHA-1 hash of my old LinkedIn password, and did indeed find it in the list. I have also spot-checked several other hashes posted by security pros on Twitter, and have found them as well. Given the nature of my own password (16 random characters comprised of A-Z, a-z, and 0-9) the likelihood that my SHA-1 hash of my password (that was unique to LinkedIn) would be present in a file that did NOT come (at least in part) from a source that had access to hashes of LinkedIn passwords is statistically impossible.

Read More »

Tags: , , , , , , , , ,

IPv6 Security Lab @ Cisco Live 2012 in San Diego

With the proliferation of IPv6, its adoption and deployment, there are new security concerns that apply only to IPv6. Some of these security concerns rely on protocol differences between IPv4 and IPv6 and others exploit the diversification that the two technologies offer. The result could allow malicious users the ability to deploy attacks or evade network threat defense, countermeasures, and controls.

Join us, this Monday (June 11, 2012) afternoon, at Cisco Live, San Diego 4-hour lab session LTRSEC-3033 -- Cyber Aikidō (合気道) Academy: IPv6 Network Threat Defense, Countermeasures, and Controls, to become more knowledgeable about basic inherent IPv6 security features and techniques on Cisco IOS Software and the Cisco ASA 5500 Series Adaptive Security Appliance (ASA). The students will acquire hands-on experience by configuring and testing these security features and techniques in simulated real world scenarios. The threats and protections that are presented apply to Local Area, Enterprise, and Service Provider networks. Students must correctly identify, classify, and deter or prevent the nefarious IPv6-specific behaviors by configuring network threat defense, countermeasures, and controls that will be implemented and deployed on infrastructure devices and validate their effectiveness.

At the conclusion of these labs, students will be more prepared to effectively implement and deploy basic inherent security features and techniques for identifying, classifying, deterring, and detecting attacks, threats, and nefarious behaviors specific to IPv6.

Tags: , , , ,

Government At Your Service, Anytime, Anywhere – Securely

June 5, 2012 at 10:15 am PST

President Obama is taking the US government mobile.

Recently, the President issued an executive order memorandum to his department and agency heads calling on them to embrace mobile technology to deliver more data, more efficiently. The order requests agencies to follow a new technology strategy called the “Digital Government: Building a 21st Century Platform to Better Serve the American People,” which includes the request for a road-map for responding to the technology transformations of Bring Your Own Device (BYOD) and mobile device proliferation.

Many organizations are already embracing mobile devices with over 95% of them allowing employee-owned mobile devices in some way, shape or form in the workplace according to recent research sponsored by Cisco. Not only do we expect our employers to allow us to use our personal devices, we want to gain access to new products and services—from the private and public sector organizations. So, yes Mr. President, “Americans deserve a government that works for them anytime, anywhere, and on any device,” And --nice timing on this order, welcome to Silicon Valley-high tech land—I saw you fly in two week ago from the Saratoga hills!

Cisco shares this same sentiment of allowing people to use any device their way without compromising the organization. Cisco announced their answer to the BYOD (bring your own device)—with BYOD Smart Solution which starts with Cisco validated designs and professional services that can guide you from planning and design through day-to-day operations. It combines array of products starting with the core tenants of access points, security, controllers and network management. To address a key concern of the mobile experience, security, Cisco uniquely offers unified policy for secure access -- Identity Services Engine (ISE) and next generation remote access, AnyConnect—for always on secure remote access. And most recently, Cisco also spoke to a “Your Way” mobile experience which includes the core components and then some –which allows for more efficiencies and collaboration resulting in more productivity. Mr. President and US citizens this is very achievable!

Citizens of US –I would like to hear your thoughts on gaining Federal services from your mobile device –which services would be a priority for you? Why? Do you have any concerns? What is your number one concern?

Tags: , , , , , , , ,