Cisco Blogs


Cisco Blog > Security

Next Generation Encryption Algorithms

Over the years, numerous cryptographic algorithms have been developed and used in many different protocols and functions. Cryptography is by no means static. Steady advances in computing and in the science of cryptanalysis have made it necessary to continually adopt newer, stronger algorithms, and larger key sizes. Older algorithms are supported in current products to ensure backward compatibility and interoperability. However, some older algorithms and key sizes no longer provide adequate protection from modern threats and should be replaced.

Over the years, some cryptographic algorithms have been deprecated, “broken,” attacked, or proven to be insecure. There have been research publications that compromise or affect the perceived security of almost all algorithms by using reduced step attacks or others (known plaintext, bit flip, and more). Additionally, every year advances in computing reduce the cost of information processing and data storage to retain effective security. Because of Moore’s law, and a similar empirical law for storage costs, symmetric cryptographic keys must grow by 1 bit every 18 months. For an encryption system to have a useful shelf life and securely interoperate with other devices throughout its life span, the system should provide security for 10 or more years into the future. The use of good cryptography is more important now than ever before because of the very real threat of well-funded and knowledgeable attackers.

Next Generation Encryption (NGE) technologies satisfy the security requirements described above while using cryptographic algorithms that scale better. For more information on Legacy, Acceptable, Recommended and NGE algorithms that should be avoided or used in your networks, you can refer to our latest Whitepaper.

Tags: , , ,

Are You Aware of the Dangers Lurking in Free Apps?

Though fun and even useful, free apps can pose security risks to your users and your business

The old adage “there’s no such thing as a free lunch” has more than a kernel of truth to it when it comes to free applications. Free apps seem harmless, and they’re very tempting. Who doesn’t want a free version of Angry Birds? What’s wrong with a free banking app from your credit card company? But even if the app itself is legitimate and thoroughly vetted, it can still pose a security risk to the device it’s running on. Free apps are more dangerous to your employees and your network than they appear at first glance.

People can easily download a wide range of free apps for their smartphones and tablets as well as for your company’s computers. From wildly popular games like Angry Birds Space (which was downloaded three million times in only three days) to fitness trackers and social media tools, there’s a free app for anything anyone would want to do on his or her mobile device. Likewise, the Internet is teeming with free apps to customize desktops and work more easily. But the problem with free is that the program use is almost always paid for through advertising or information gathering—and it’s in those aspects where the danger often lies. Read More »

Tags: , , , ,

Network Threat Defense, Countermeasures, and Controls @ Cisco Live 2012-San Diego!

Criminals continue to evolve as does the threat landscape. Their targets are your business assets and disrupting the availability of your business operations. Why you ask? Well, it depends on what you have to offer and its value, or who you may have negatively provoked. The risk, impact, and amount of exposure will vary from incident to incident. Some questions to think about. Read More »

Tags: , , , , , , ,

BYOD, Mobility, and Remote Access VPN – How Can I Troubleshoot All These Technologies and Solutions?

June 8, 2012 at 7:22 am PST

Mobility enables the extension of IT resources and application availability to anytime, anyplace, any way. Initially people thought that the “mobility movement” was just hype; however, it is definitely a reality, as it has become ubiquitous with efficiency. All of these new devices and social applications are bringing potential security risks to the enterprise and public sector organizations. The threat landscape ranges from potential data leakage to lost and stolen devices that may contain corporate and private information.

The question now is how can we address the customers’ challenge of enhancing productivity without compromising network security. Cisco’s AnyConnect Secure Mobility Client and the Cisco ASA 5500 Series Adaptive Security Appliances enable desktop and mobile users to connect to the corporate network, giving access to the network from any device based on comprehensive secure access policies. Cisco AnyConnect Secure Mobility Client works in conjunction with Cisco’s IronPort Web security appliance, the Cisco ASA appliance, and also provides integration with ScanSafe, an in-the-cloud Web security solution.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Firewall Network Threat Defense, Countermeasures, and Controls @ Cisco Live 2012 – San Diego!

The advent of social networking, BYOD implementations, and web interactions has transcended the Internet traffic flows of yesterday. Adversely, the security risks and threat landscape have not only evolved, but become an ever increasing factor in protecting today’s information systems. This continued movement has led to the introduction of a new security topic for the upcoming Cisco Live 2012 conference. This topic and subsequent lab session, “Firewall Network Threat Defense, Countermeasures, and Controls” is part of the “Cyber Aikido” security suite of sessions being offered at Cisco Live 2012, and has been developed around threat defense solutions applicable to Cisco Firewalls. The course is largely based on the upcoming “Cisco Firewall Best Practices Guide“.

The “Firewall Network Threat Defense, Countermeasures, and Controls” instructor-led lab will provide administrators and engineers of Cisco Firewalls the knowledge and understanding to protect their networks against threats and attacks leveraging industry standard and Cisco Firewall Best Practices. This includes understanding control plane, management plane, and data plane architectures, and applying security features and constructs to secure the traffic traversing and interfacing with your devices or hosts.

Read More »

Tags: , , , , , , , , , ,