Cisco Blogs


Cisco Blog > Security

CVRF: A Penny For Your Thoughts

The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in the cvrfparse instructional blog. CVRF 1.1 has been available to the public for almost a year and we would like to know how its helped and how we can improve it. Please take a moment to take the poll and please feel free to share it with any interested parties. Comments are encouraged and welcomed. The more feedback we get, the more we can improve CVRF.

Read More »

Tags: , , , , , , ,

Security Automation Live Webcast!

UPDATE: Webcast information is also now available at the Cisco Live 365 site

Many network security administrators are struggling to keep their network “up-to-date” with the constant release of new vulnerabilities and software fixes. At the same time, they’re under pressure to provide near 100% availability of key business services and systems. Every time a vendor discloses a security vulnerability, network security administrators must identify affected devices and (in numerous cases) upgrade such devices. These activities can take hours, days, or even weeks depending on the size of the organization. For instance large enterprises and organizations may have thousands of routers and switches that need to be assessed for the impact of any given vulnerability. Cisco is helping customers by adopting cutting-edge security automation standards such as the  Open Vulnerability and Assessment Language (OVAL) and the Common Vulnerability Reporting Framework (CVRF).

In the following blog posts, I’ve provided details about how security automation is helping customers:

Additionally, my colleague Mike Schiffman has posted several posts explaining CVRF.

Webcast took place on Tuesday, April 23rd at 10:00 a.m. EST (14:00 GMT). Over 150 customers from 29 countries learned about security automation; Cisco’s machine readable content strategy; and vulnerability assessment using OVAL. We discussed how customers can use OVAL to quickly assess the effects of security vulnerabilities in Cisco IOS Software devices. The recording is now available:

httpv://youtu.be/Yf9o8TvWH4I

 

 

Tags: , , , , , , , ,

Yesterday Boston, Today Waco, Tomorrow Malware

At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We’ve seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.

Read More »

Tags: , , , ,

Adaptive Radio Modules for the 3600 Series AP: Best of Interop 2013 Finalist

We’ve been really busy but also very thrilled about the work we’re doing to future-proofing the network, and it seems we’re not alone. One of our latest innovations, adaptive radio modules for the AP3600, has been selected by UBM as a Best of Interop finalist for the Wireless award category!

Best of Interop Finalist

It’s an honor to be recognized for our innovation and technological advancements in wireless, and we wanted to share a bit more about our submission with you.

What are the Adaptive Radio Modules?

The Adaptive Radio Modules a family of solutions in a modular form factor that allows customers to adapt their wireless network to their current and future needs. The Adaptive Radio Modules provide a dedicated third radio that can be field upgraded on the 3600 Access Point.

Cisco offers three adaptive radio modules for the 3600 Access Point:

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Embracing Security Related User Groups

Security is a tough nut that can’t be cracked by one alone—neither technology nor research, neither corporations nor start-ups, and neither products nor processes. None of these alone can crack the security nut. The most important part of the problem and solution is people! Nothing beats the efforts of few passionate people collaborating for a cause.

Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.”― Margaret Mead

Users groups began appearing in the mainframe days as a way to share hard earned knowledge and began to proliferate with the microcomputer revolution of the 1970’s and 1980’s. During this time, hobbyists sought to help each other with their homespun wisdom on programming-, configuration-, hardware- and software-related issues. Prior to the penetration of the Internet, these groups gladly provided free technical support and helped users discover the personal computer and aided in the adoption of the PC in a major way.

The emergence and participation of the general public in the use of the Internet and coincidental rise of operating systems like GNU/Linux as well as the open source movement was further intensified by user groups. Such groups found a new place online to discuss these tools via mailing lists, bulletin boards and more. Once run only by researchers and computer geeks, hardware and software was being made popular among the general public through user groups. Read More »

Tags: ,