Cisco Blogs


Cisco Blog > Mobility

Securing the Mobile Experience Made Simpler

It is no longer a question of “if” your organization will face the new reality of mobile device proliferation, just an ever closer “how soon.” Users expect the network to enable trends like Bring Your Own Device (BYOD), and they aren’t just using smartphones and tablets to be more productive, they are falling in love with them. For businesses, simply allowing access isn’t the answer. It’s a question of relevant, secure access across the entire network, while protecting corporate assets and delivering an optimal user experience. Cisco focuses on exactly that -- how to enable a simple and secure mobility experience, with a consistent end-to-end architecture across wired, wireless and VPN access.

As a cornerstone of this wired-wireless access architecture, the Cisco Identity Services Engine (ISE) has already been helping customers like Whittier Union High School, San Antonio Water System and BlueWater Communications Group apply consistent security across the entire network through a centralized, single policy source.

Whittier Union High School District, a California high school district serving more than 13,600 students, was facing the challenge of mobile devices. Both faculty and students were bringing their personal devices on campus, many for educational apps and tools.

“It’s becoming increasingly critical to provide employees, students, and visitors access to our network and extensive educational resources given the growing expectations of our tech-savvy population,” stated Karen Yeh, Director of Information Technology, Whittier Union High School District.

Whittier needed a way to apply differentiated policy across their student and staff populations, somehow managing access for both personal and corporate devices, all without increasing IT resources. Karen called Cisco, and two weeks later her team was deploying the Cisco ISE, implementing a single point of security policy for their networks across wired, wireless and VPN. Considering that Richard Nixon, the 37th president of the US went to Whittier High School, the flexible network access enabled by Cisco ISE may be empowering the next generation of leaders, scientist or artists. But, mobile devices aren’t confined to education. San Antonio Water System, a public utility owned by the city of San Antonio, is seeing surprisingly similar issues.

Read More »

Tags: , , , , , , , , , , , , , , , , ,

NCSAM Tip #16: Use Secure Password Management

Do you have a lot of passwords? Are they too hard to remember? Then use a secure password storage database. Password Safe, Password Gorilla, xPass, and several other tools are available. They all remember your user names, passwords, URLs, etc, and store them all in a strongly-encrypted database.

Read More »

Tags: ,

Duqu: The Next Stuxnet?

Reports of the recently discovered Duqu trojan have spawned much speculation and even resulted in the trojan being dubbed “the son of Stuxnet” or “Stuxnet 2.0.”

So what is Duqu and how does it compare to Stuxnet?

Duqu is an infostealer trojan designed to sniff out sensitive data and send it to remote attackers. Conversely, Stuxnet was a worm with a malicious payload designed to programmatically alter industrial control systems.

I’ve heard Duqu called Stuxnet 2.0. Why is that?

Read More »

Tags: , , , ,

NCSAM Tip #15: SSH Insecurity

On *nix systems, check your sshd_config and ssh_config files. In both files, the Protocol line should read “Protocol=2″ and NOT “Protocol=2,1″ or similar values that include protocol version 1 as an option. Putty should be configured to use only protocol version 2 as well.

Failure to check your SSH configuration can lead to a downgrade attack, where user credentials and the entire SSH session are recovered in the clear. If you are using SSH protocol version 1, your SSH session is no more secure than Telnet.

Tags: ,

NCSAM TIP #14: Password Management

October 20, 2011 at 9:13 am PST

The problem

Passwords for computer authentication are as old as multiuser computers, and are not the best form of authentication we have. Certificates are better, but harder to manage. So, for most purposes we are stuck with passwords.

Many people deal with the proliferation of passwords either by using very weak passwords or using the same password in multiple places. The obvious downfall is that if one site gets compromised, you may lose many accounts.

Another problem is using computers you don’t trust. Sometimes you are traveling and need to access your bank from an Internet cafe or hotel computer, which may have keystroke loggers.

The root of the problem is reliance on human memory. Luckily, every time we need a computer password, we have a great memory tool at our fingertips.

Read More »

Tags: ,