Cisco Blogs


Cisco Blog > Security

Christmas Packets: Web Browsing and the Festive Period

The web browsing behaviour of users changes as the end of the year approaches. The holiday season can provide a large distraction from work duties that may need to be managed. Equally, even during periods when the office is closed, there will be some individuals who cannot resist accessing work systems. Managing these changes in behaviour is difficult for network administrators unless they know what to expect.
Read More »

Tags: , , ,

Securing Critical Internet Infrastructure: an RPKI case study in Ecuador

Securing the Critical Internet Infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September something exceptional happened in Ecuador, a small South American country. The entire local network operation community got together to be pioneers in securing its local Internet infrastructure by registering its networks in the Resource Public Key Infrastructure (RPKI) system and implementing secure origin AS validation. This project is a great example on how a global technology change can be accelerated by maximizing its value to local communities.

The global inter-domain routing infrastructure depends on the BGP protocol that was initially developed in the early 90s. Operators know that a number of techniques are needed to improve BGP security (a good reference can be found here). Although these improvements, it is still possible to impersonate the entity with the right of use of Internet resources and produce a prefix hijack as the famous attack in 2007. The IETF, vendors and Regional Internet Registries have been working inside the SIDR working group to create technologies that allow the cryptographic validation. The initial outcomes of this effort have been the RPKI and the BGP origin AS validation; two complementary technologies that work together to improve inter-domain routing security.

Read More »

Tags: , , , , , , , , , , , ,

New Research Examines Impact of Cyber Insecurity on Country’s GDP Growth

I’ve been in Australia this week visiting customers, speaking at conferences, and meeting with peers and colleagues in the security space. With Australia poised to take the G20 leader’s chair in just over two weeks (December 1, to be specific), my visit here could not have been better timed.

On this tour, I have been appearing with Melissa Hathaway, president of Hathaway Global Strategies, LLC and former White House cyber security chief, as she launches a new study entitled “The Cyber Readiness Index 1.0.” The study looks at the top 35 countries that have embraced Information and Communications Technology (ICT) and the Internet, and then evaluates each country’s maturity and commitment to cyber security across five essential elements that include: national strategy, incident response, e-crime law enforcement, information sharing, and investment in R&D. The study calculates a Cyber Readiness Index (CRI) based on these performance factors.

Read More »

Tags:

8 of 9 HIPAA Network Considerations

Discovering a breach where ePHI has been stolen certainly falls into the ‘not a good day at work’ category.  It can be catastrophic for some, especially if the compromise occurred months ago and wasn’t detected.  Or if a 3rd party discovered the breach for you, which occurs more often than we think, 47-51% from 2010 – 2012 based on the Ponemon Institutes 3rd Annual Benchmark Study on Patent Privacy and Data Security.

On our list of 9 HIPAA Network Considerations, we are onto topic #8, Breach discovery times: know your discovery tolerance.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

From the 2013 Verizon Data Breach Investigations Report, two thirds of the compromises were not discovered for months, or longer.  What is your tolerance for “not knowing?”  Can that discovery time tolerance be justified through reasonable due diligence, or are you back at the “ignorance is bliss” phase (blog #4), which could be interpreted as Willful Neglect in the case of a breach of PHI?

Source: Verizon 2013 Data Breach Investigations Report

Source: Verizon 2013 Data Breach Investigations Report

Read More »

Tags: , , ,

The Future of Any-to-Any Collaboration Depends on Satisfying Today’s Mobile User Demands

When we think of the term “collaboration” we can often get trapped in the cycle of thinking that it only applies to IT departments and the bottom line. However, it’s important to consider how the role of the enterprise is shifting thanks to the consumerization of IT. For example, how can IT leaders satisfy new user demands while unleashing the power of a sound mobile strategy?

With today’s technology-driven global economy, enterprise mobility and collaboration tools need to be about connecting communities, not just companies. Never has there been a time when more business processes extend beyond headquarters. Organizations need to enable all types of connections: From the mobile worker to the teleworker, from other businesses to target consumers, from traditional branch offices to the cloud. This any-to-any type of collaboration is no longer keeping the enterprise at the center. Instead, the future is driven by all types of users.

It’s clear that users expect to collaborate anywhere, on any device, with any workload. They want to collaborate like they’re in the office regardless of their location. IT leaders must keep user demands top-of-mind when working to deploy a BYOD policy. This can create challenges and opportunities in five key areas:

Brett Belding - Collaboration

Join the conversation on Twitter, #CiscoYourWay

Read More »

Tags: , , , , , , ,