When employees use their own devices for work, there’s no such thing as a personal security breach
It’s no exaggeration to say that mobile smart devices have changed the way people work. With smartphone in hand, employees now expect to be able to check email from their kid’s baseball game, finalize financial transactions on the fly, and log into cloud-based services at the gym—not to mention play Angry Birds whenever they want. The downside to this round-the-clock connectivity is the security risk it can introduce to your network and, because devices are personally owned, the difficulty of locking them down. These days, there’s no such thing as a personal security breach. A security incident on a personal device can put your entire network at risk.
Read More »
Tags: security, security_breach, small_business, Smartphones
This post is a continuation of The Missing Manual: CVRF 1.1 Part 1 of 2.
Praxis: Converting an existing document to CVRF
Now it’s time for some XML! Let’s take what you’ve learned and manually convert the Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities security advisory into a CVRF document. Please note that this process is meant to be instructive and somewhat of a stream-of-consciousness-narrative of how to manually build your first CVRF document. It is expected that, by and large, this process would itself be automated and CVRF document producers would have in-house code to parse their own documents and emit CVRF.
Read More »
Tags: automation, cvrf, intelligent automation, security, security advisories
In this post you will learn about some of the design decisions behind the 1.1 release of the Common Vulnerability Reporting Framework (CVRF). Particular attention is paid to explaining some of the required elements and the Product Tree. After those tasty tidbits, we will convert a recent Cisco security advisory into a well-formed and valid CVRF document. To close, you are treated to some of the items on the docket for future versions of CVRF. It bears mentioning that this paper is not meant to be an exhaustive explanation of the CVRF schemata. It is a rather capricious, if somewhat disorganized look at some outliers that aren’t fully explained elsewhere. It is assumed the reader has a working knowledge of the Common Vulnerability Reporting Framework and of XML.
Tags: cvrf, security, security automation
Until now, it’s been assumed that enterprise IT leaders probably view the current BYOD (“Bring Your Own Device”) movement with about the same enthusiasm as a farmer awaiting the next locust invasion.
A recent survey from the Cisco Internet Business Solutions Group (IBSG), however, indicates that BYOD may no longer be a “four-letter word” in enterprise IT departments. In fact, the study of 600 U.S. enterprise IT leaders—all from companies of 1,000 or more employees—shows that, if anything, BYOD now has a predominantly positive reputation in U.S. enterprise IT circles. Read More »
Tags: Bring your Own Device (BYOD), Cisco, devices, Horizons, IBSG, IT, leaders, mobile, mobility, research, security, support, survey
As I flew home from Interop Vegas the other night – quick side note: the event was great, check out an overview and a few fun TechWiseTV Videos: Keynote from Padma Warrior , Managing Beyond BYOD, Is Your Network Ready for Cloud? - I realized that my kindle was not accessible, my laptop was dead and I’d already read the in-flight magazine. Given the close quarters of the commuter plane, I decided it would be okay to peek at what my neighbor was reading. As I glanced over, he turned to an article with a headline that screamed “It could happen to you!!” I then noticed it was a combat handgun magazine and decided I would give him some space.
With no reading materials, I started thinking about all of the situations that we as individuals and as organizations get into that feel secure, but which can actually be quite threatening. Those are the situations that make having insurance worthwhile. When it comes to security on the wireless network, nobody expects hackers and rogue attacks to infiltrate their network, but all of the smart network managers prepare for it anyway.
Read More »
Tags: aWIPS, mobility, mse, rogue detection, security, WIPS, wireless, wireless attacks, wireless security