Cisco’s theme at this year’s ANGA is ‘There’s never been a better time to transform your network’, and that’s because the network is now the key to delivering great video services. We know that IP is better than broadcast not only for consumer experiences, but also for the driving speed and efficiency that service providers need to stay competitive, and win in this changing landscape.
Make sure you stop by and see us in Hall #7, Booth E10
At this year’s event we’ll be showcasing the technology that our customers are using to build their services, as well as demonstrating the great services they are delivering. We’ll have live demonstrations of:
Our Virtualised Video Processing, demonstrating how we can drive video quality over IP including immersive 4K video quality encoding with HDR10 technology, IP Migration for distribution of content and Multicast ABR
The Infinite Video Platform, showing how the cloud accelerates service creation for multi-screen delivery across all platforms, networks and devices
Vodafones’ recently launched GigaTV service, built on the Infinite Video Platform, showcasing multiple consumer services including personalisation, consumer engagement and content discovery on multiple devices
Our security Solutions to protect and monetize video on any device
Analytics, demonstrating how we transform data into customer insight, helping you to build better, more relevant services for your consumers
Many OTT customer deployments built and deployed using the Infinite Video Platform
We’ll be showing a wide range of Cable access technologies and products at the exhibition, for more information visit Alison Izards blog
We’ve also got a packed line-up of Speakers and panellists, including Yvette Kanouff who will be discussing Gigabit Networks and New TV, and I’ll be taking part in the panel on Personalized TV: Product trends and Monetization.
Meet with Cisco Executives and Subject Matter Experts
ANGA COM is a great time to meet with Cisco executives and subject matter experts. Our team will be available to meet with you to discuss your current challenges and opportunities. To request a meeting, contact your Cisco account manager.
IDC tells us that 68% of organizations have adopted cloud for enterprise apps and that most companies are using multiple clouds in a hybrid strategy. But once you’ve made the decision to go with a hybrid cloud strategy, among the challenges early on is, what to do with the hundreds if not thousands of virtual machines (VMs) you already have on your local vCenter or that IT is trying to get control of on AWS or Azure?
While you implement the tools necessary to give you your hybrid cloud nirvana, how do you deal with the reality of the VMs currently taking on demand no matter where they are?
One Tool: Brownfield VMs and Hybrid Cloud Deployments
New in the 4.8 release of Cisco’s CloudCenter is a set of features that handles this exact problem. Imagine being able to point a CloudCenter Orchestrator at an existing AWS account or VMware installation or any other cloud that CloudCenter supports and instantly getting an inventory of VMs already deployed there. Administrators have been able to do that since CloudCenter 4.5, but now they can assign those imported VMs that were not formally part of applications deployed by CloudCenter to users or groups and have them count against their Usage Plan quotas that limits the amount of resource someone can provision.
By default, the assigned owner of those imported VMs will be able to perform basic operations like power off and reboot directly from within the CloudCenter UI. But what would be more useful would be the ability to perform more complex operations on those VMs while the applications they serve sit in an interim state prior to the hybrid cloud strategy being implemented
Action Libraries
Once assigned an owner and assuming that owner has the necessary authentication credentials, these imported VMs can have the CloudCenter Agent installed on them, which then enables another new feature to 4.8, Action Libraries. As an open interface for executing scripts on one to many VM targets, Action Libraries can automate repeatable tasks like performing backups, upgrading Apache servers, adding Tetration sensors, and many other tasks.
And from the new Virtual Machines view in CloudCenter, lists of VMs can be filtered and then have Actions applied in bulk:
Two examples are shown above, but VMs can be filtered by cloud, CPU, Memory, Application Profile, and many other attributes to give maximum flexibility.
You Gotta Start Somewhere
Almost nobody has a greenfield environment on top of which they are laying a new hybrid cloud strategy. All enterprises start with multiple VMs in multiple places and turn to a formal hybrid approach to bring some structure to what is likely a tumultuous situation they already have. Action Libraries give system administrators a tool to help them manage this brownfield state from the same interface that provides the basis for their hybrid cloud application deployments moving forward. That yields the freedom to migrate to a hybrid strategy at whatever pace makes sense while making earlier gains by automating common management tasks.
Today, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in *NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to upload a shared library to a writeable share on a vulnerable Samba server and result in the server executing the uploaded file. This would allow an attacker to upload an exploit payload to a writeable Samba share, resulting in code execution on any server running an affected version of the Samba package. This currently affects all versions of Samba 3.5.0 (released March of 2010) and later. To emphasize the severity and low complexity: a metasploit one-liner can be used to trigger this vulnerability.
A patch has already been released to address the issue. Additionally, there is a mitigation available within the configuration of Samba itself. Adding the argument “nt pipe support = no” to the global section of the smb.conf file and restarting the service will also mitigate the threat. This threat is only beginning to be recognized by potential attackers with POC code having already been released on the Internet. It is only a matter of time before adversaries begin to use it more widely to compromise additional systems, both externally and internally.
When it comes to a robust wireless network, there are two things that you need above everything else: speed and strong connectivity.
The Institute for Electrical and Electronic Engineers (IEEE) is putting the finishing touches on the next 802.11 wireless standard which will provide a boost in speed and connectivity. This new IEEE standard—called 802.11ax—is the follow-up to the current standard: 802.11ac Wave 2.
This brings up a good question: what about 802.11ac Wave 2? You still have high density needs and your wireless network has to be able to respond to the challenges of today, right now. You will be able to meet those challenges with Cisco wireless products that adhere to the 802.11ac Wave 2 standard and are combined with robust innovative features that only Cisco can provide. Cisco products using the 802.11ac Wave 2 standard have more than enough horsepower to tide your network over before 802.11ax devices are available.
What does the 802.11ax standard entail? For one thing, there is an increase in both scale and throughput:
A higher sustained throughput of 5Gbps+
Up to 8×8:8 MU-MIMO RF capabilities – four times the throughput over 802.11ac
Uplink and downlink MU-MIMO
The key takeaway from the last bullet is that 802.11ac Wave 2 only introduced MU-MIMO downlink. Uplink is a feature that is expected to be added to this standard as 802.11ax in the future. Along with these new features, a more intelligent wireless network will be introduced by bringing 3G and 4G cellular concepts to Wi-Fi. This will increase the network’s relability and survivability.
An increase in speed is also on tap as faster speeds will be made available to each client; up to 10Gbps over the air. Not only that, but 802.11ax introduces Advanced Coloring Scheme.
What’s Advanced Coloring Schemes? The short definition is that this allows for an increased throughput per access point. The longer definition: each access point and client transmits their data with a unique identifier that is called a “color”. When an access point or a client listens first before transmitting data, they are more aggressive if they hear data from a different color, since that data is going to a different AP further away from the client.
It is expected that the industry might see the first 11ax clients by early 2018, but the first best-in-class enterprise-class platforms won’t be available until the following year (2019).
In the meantime, don’t forget about the 802.11ac Wave 2 products currently available from Cisco.
Whether you need to significantly boost performance or support the vast number of mobile devices that use bandwidth-hogging applications, you’re able to provide a better user experience by outfitting you network with Wave 2 products from Cisco. Any industry from education to hospitality and retail to healthcare thrives with new Cisco-only technologies such as Flexible Radio Assignment or Cisco-Apple FastLane and more.
To learn more about Cisco’s 802.11ac Wave 2 products, click here.
This post was authored by Anna Shirokova and Ivan Nikolaev
John Smith had a lot of friends and liked to travel. One day he got an email that read: “Money has been sent to your PayPal account”. The sender appeared to be a person he met from recent trip to Cape Town. John Smith was curious and followed the link to PayPal (hxxps://paypal.com-receipt-gifts.online/) which looked a little bit suspicious. Luckily, John had recently taken a phishing awareness training and remembered that HTTPS meant the website is safe. He saw a green padlock next to the URL, decided that everything was fine, typed his PayPal username and password and pressed enter. This is the end of our story but just the beginning of John’s problems.
For quite a while now the security community has been educating users about the importance of secured communication [1]. Users have been taught that important connections will be secured with HTTPS. How can you tell if your connection is secured with HTTPS? Simply check whether there is a little green lock next to the URL in the address bar of the browser[2].
Figure 1: Browser address bar of a legitimate Google website.
Making users aware of communication security is a very important effort. Unfortunately, it has created a strange side-effect of many users trusting anything secured with HTTPS. Green lock means secure which means safe to use. The attackers have been quick to adapt and found a way to use the trust of HTTPS to their own advantage. One of the attack vectors where HTTPS is abused is phishing.
Watch out! Phishing domains
A very common and effective technique used by the attackers is impersonating well-known domain names that users already know and trust, such as the ones illustrated by the green text in Figure 2. The red text is to highlight the counterfeit portion of the domain name.
Figure 2: Examples of phishing domains.
All these domains look very suspicious to a security professional but may appear perfectly legitimate to an untrained eye. These domains often have a very short time-to-live and are dropped after a few days of use. This renders blacklists ineffective against them because they need to be constantly updated with fresh domains.
During our analysis, we have observed these domains being used for phishing, as well as by scammers offering fake technical support and by advertisers promoting products of questionable quality.
Figure 3: Examples of web pages with the host name and design similar to the legitimate companies: Norton, Delta airlines and online news outlet people.com. Used by attackers for online scams or advertisement.
HTTPS – using a good thing for a bad cause
Attackers have started to abuse users inherent trust in HTTPS. They do it by signing phishing domains with a certificate. These are usually obtained from certificate authorities like Let’s Encrypt which provides certificates for free [3]. This means that the users who visit the domain and look at the URL will see the little green lock. Rarely will anyone check the actual certificate.
Figure 4: Screenshots of phishing, mimicking legitimate PayPal and Instagram websites. In the address bar we can clearly see the green padlock indicating HTTPS connection.
Above are examples of two phishing campaigns both using HTTPS. As you can see, the locks are green. The websites look legitimate, especially if you make the window narrow enough to cover most of the URL. But if you enter your credentials they will probably steal your money and selfie photos.
Prevention best practices
User education is a very important step in phishing prevention. However, there will always be people who will be tricked, despite the training. Network monitoring tools help to fill the gap and detect successful phishing attempts. Cognitive Threat Analytics (CTA) discovers hundreds of phishing domains every week, including sophisticated ones which use HTTPS. CTA models the network and spots anomalies in data. This way it is able to discover previously unseen phishing domains and warn the analysts.
Watch more about CTA as part of Cisco Security solutions:
This blog was guest-written by Erin Yamaoka, a Technical Account Manager at TaroWorks. She’ll be guest-speaking during the “Global Problem Solvers Who are Guardians of Our Planet” session of the Women Rock-IT series on June 15th.
The Global Problem
Global warming remains one of the most pressing issues facing humanity today. Guardians of the planet remain steadfast in their attempt to address this problem head on. However, the immense scale will require global coordination and innovation beyond the traditional nonprofit and government agency channels.
The advent of the social enterprise has been one such innovation, allowing the private sector to play an increasing role in helping to address many of these issues in new ways.
Today, over 2,000 B Corporations in 50 countries across 130 industries are making a go of it. While most social enterprises have a thorough understanding of how their business can help or hurt the environment, a subset of these companies make the science and practice of addressing environmental challenges the core of their business.
Unsurprisingly, many of these agencies are using data and the power of technology to drive their missions forward.
One example is WaterSmart in San Francisco, California. This organization uses cloud computing to compile utility meter data and better communicate with residential customers about their water usage. Water service partners also receive analytics about consumption habits and customer program participation, which leads to more efficient water usage and economic savings for the customers.
Another California-born company, PastureMap, developed ranch management software to map livestock grazing patterns and collect vital herd data via a mobile application. This helps ranchers identify the grazing practices that are most successful for their land and creates a cross-farmer dataset that can help reverse climate change by allowing for the regeneration of grasslands and soils.
The Problem within the Problem
It remains an unfortunate fact that the countries that often contribute the least to climate change remain the most vulnerable to its impact. Verisk Maplecroft’s Climate Change Vulnerability Index features comparable risk data for 198 countries on 48 separate issues, including climate change vulnerability, ecosystem services, greenhouse gas emissions, natural hazards, and environmental regulation.
In the Extreme Risk Category are countries such as Chad, Bangladesh, Niger, Haiti and the Central African Republic. With the most at stake, these nations will need to play an active role in the struggle against climate change. These are the communities that should have the strongest voices and the richest data sources for rallying humanity around this global problem.
Unfortunately, many of the countries in the Extreme Risk category for climate change vulnerability also top another list: countries with the lowest internet penetration rates. For instance, the percentage of the population with internet access in Chad, Bangladesh, and Niger are 2.7%, 14.4%, and 2.22% respectively.
So, how can social enterprises both serve and leverage the agency of a disconnected client community? How can those most vulnerable to climate change play an active role in the fight against it, using data and the power of cloud computing?
Addressing the Problem within the Problem
This is the problem (within the problem) that together, with our customers, we try to solve at TaroWorks. Our for-profit social enterprise is a technology company that was incubated at Grameen Foundation, one of Cisco’s community partners. At TaroWorks, we know that data is just as important for organizations operating in the “last mile” as it is in the first.
Clean energy clients are also using our technology to manage their field operations, working in places with no access to the network. One of our customers, Solar Sister, combines the environmental goal of promoting clean energy use with the humanitarian mission of raising economic standards in developing countries.
With help from TaroWorks’ mobile app and cloud-hosted database, Solar Sister collects sales information and manages inventory movements to help women sell solar lighting in rural Uganda, Nigeria, and Tanzania. The women entrepreneurs use these proceeds to support their families.
Sistema Biobolsa is a Latin America-focused social enterprise and TaroWorks customer whose vision is to “create value from waste with their biodigester systems.” Farmers use the biodigesters to convert farm waste into organic fertilizer.
This natural energy can replace wood or gas, which saves farmers money and is better for the environment. Sistema’s field teams use TaroWorks’ mobile application as an offline relationship system to manage installations and maintain the biodigesters on customer farms.
Creating balanced organizations to protect our planet and our humanity is an ongoing battle. Data is vital to any organization to achieve complex and competing goals. We’re going to need an increasing army of people with digital skills and creativity to develop inclusive technologies to solve the world’s toughest problems, like climate change.
Take your first step in joining us by registering today for our session in the Women Rock-IT Cisco TV series, “Global Problem Solvers Who are Guardians of Our Planet.”
Across North America, cable operators face the same challenge of driving down network complexity and operating costs. The math is simple, how can they continue to spend in the double digits to support bandwidth demands, while only recouping single digit revenue growth?
Too Many Networks
The problem areas are obvious; most cable providers effectively maintain separate overlay networks to deliver the multiple services that consumers and businesses demand – linear video, video-on-demand (VoD), IP traffic, and more. The different services require dedicated equipment, management, and operational expertise. With market consolidation over the years, some operators have even more headaches from managing multiple access networks (HFC, DSL, PON, wireless) at the same time.
Sky High Operations Costs
Multiple networks are also expensive to operate. They require massive operational overhead with time-consuming, manual processes serving as the standard. And with growing bandwidth demands, equipment is continually added to hub sites, so the already high operational expenses for power, cooling, and maintenance costs just continue to grow.
New Opportunities Are Few and Far Between
Another problem area is service complexity. With a multitude of services dependent on disparate physical networks, scaling or changing service delivery is very difficult. This means that updating services or rolling out new ones is painfully slow – to reach customers and revenue targets. And, adapting access networks to accommodate new business models (managed Wi-Fi or mobile backhaul) becomes an overwhelming task. And opportunities to generate revenues and compete against OTT or pure fiber players, come to market too late or not at all.
Break the Cycle of Exploding Demand and Shrinking Revenue
How can cable operators compete and grow? They need to change the economics of their business and break the cycle of exploding demand and shrinking revenues. This means designing new, differentiated products and bringing them to market faster. To do this, they need a single network that can support every kind of service and do it more efficiently. All this require abstracting away the complexity of multiple networks, automating manual processes, and reducing power, space, and cooling requirements – by running all services with fewer resources.
The Cable Network of the Future: Core Capabilities Checklist
If you’re thinking about how to break the cycle of exploding demand and shrinking revenue, what’s the best path to success? What should the platform(s) your considering enable you to do moving forward? We’ve put together a quick five-point checklist of what your future network should look like:
Speed to design, deliver, and update services more quickly to compete with OTT video services and emerging cloud competitors. This requires simplifying access networks radically and consolidating them into a single, standards-based framework so that any service can be delivered over a single infrastructure.
Simplified implementations and operations to drive down costs and complexity. Network resources need to be virtualized so that they can be managed like any other cloud service — scaled up and down elastically and positioned wherever they’re required at any time.
Automation to roll out new services in days instead of months, and make it easy to continually refine and enhance services. Using network abstraction, higher-level services need to be decoupled from complex underlying infrastructures, turning physical and virtual devices into programmable network elements.
Flexibility to deploy and move workloads wherever they are most efficient, anywhere across the network, and scale resources elastically with demand. By using a management framework that can proactively monitor network health, cable operators will be able to provision new services and devices automatically, in seconds.
Agility to support new business models wherever and whenever opportunities arise. This requires cloud-scale flexibility and economics, enabling cable operators to deliver any service, anywhere, quickly and automatically.
Find Out More
To find out how Cisco’s cable access solutions can help you to break the cycle of exploding demand and shrinking revenue, download a copy of our new E-Book, The Road to Cisco Infinite Broadband. And stay tuned to the Cisco newsroom for some upcoming product news.
Visit Us at ANGA COM
We’ll be in Cologne Germany for ANGA COM at the end of May. We invite you to stop by the booth and see our latest products in action. To find out more about our speaking sessions and booth demos, visit https://ciscoangacom.eventtouch.eu/home.
This post was authored by Martin Zeiser with contributions by Joel Esler
At Talos we are constantly on the lookout for threats to our customers networks, and part of the protection process is creating Snort rules for the latest vulnerabilities in order to detect any attacks.
To improve your understanding of the rule development process, consider a theoretical remotely exploitable vulnerability in server software Server2010. A proof-of-concept exploit is developed, the server software set up on a virtual machine, traffic is captured on the network between attacker and victim, rule development can start, right?
But what if months or years later, the rule needs to be re-inspected, because circumstances have changed? This requires another vulnerable version of Server2010 to be found, reinstalled and reconfigured to the vulnerable parameters, to run tests again and again, so that network traffic can be inspected. Then when the server is installed, the particular exploit used does not work anymore, because the language it was written in has since changed and the code needs to be fixed accordingly. All this requires plenty of time, which is why it doesn’t happen that way. Instead, a vulnerability is identified, an exploit is written, the exploit is ran, and the attack captured using Wireshark. From then on, the traffic in said pcap file can be used to develop a correct rule. The traffic recorded in a pcap file can easily be put back on the wire using a tcp replay utility, or read directly by Snort. This is why rule developers generally work with pcaps of attacks, instead of exploits.
Regarding file-based vulnerabilities, the original process used to involve starting a local webserver and using a browser to download the exploit file, while recording the transfer using Wireshark. File2pcap revolutionized this requirement by simulating the traffic and creating the proper pcap without any hassles.
Intelligent, threat-centric security gives businesses the confidence to create new, flexible video services
To understand the importance of video security, we only need to take a look at the amount of revenue lost through unauthorised access to content each year.
A report commissioned by the Motion Picture Association of America estimated the cost of piracy to the worldwide motion picture industry in 2005 at $18.2 billion. And in 2015, the analysts Parks Associates predicted that credential sharing for over the top video services would cost the industry $500 million in direct revenues worldwide that year
And protecting content is not getting any easier. Moving to the cloud opens up new potential attack routes for hackers. And the trend for people to use an increasing number of devices to watch video makes digital rights management (DRM) ever more complicated. We need a new approach that allows businesses to protect their revenue while providing cloud-based, multi-screen services.
Intelligent, multi-screen security
Cisco’s video security solutions are designed to help service providers tackle these new challenges, and make sure that others can’t profit from their content illegally.
Our Infinite Video Platform includes VideoGuard Everywhere, a unified, cloud-based platform that enables service providers to securely manage access to content across devices. VideoGuard Everywhere makes it easier than ever to distribute video to any screen. It provides a level of protection well beyond traditional conditional access and DRM approaches.
Our intelligent, threat-centric video security solutionsbring together the best tools and technologies into a comprehensive suite. They enable service providers to monitor, identify, and disable unauthorised content redistribution. And we’re continually enhancing what we offer, based on the latest research and innovations.
Supporting new business models
Of course, security isn’t just about combating piracy. It’s just as important to secure your customers’ personal information, and your own infrastructure. Our technology can also help service providers keep control of their data and infrastructure as they move from managed pipelines to open cloud networks.
By protecting service providers’ infrastructure and data from cyber attacks, we give them the confidence to develop new, flexible service models. And by allowing them to meet studios’ demanding security requirements for supplying ultra high definition 4K video, we enable them to deliver the best possible content mix.
A seamless future
One service provider that has benefited from Cisco’s security technology is Sky, which uses VideoGuard Everywhere to support its new premium Sky Q service. Sky Q allows customers to watch video on up to five screens simultaneously while recording four other channels, and switch seamlessly between different screens.
The service gives customers more freedom in how they watch video. They can pause a programme on one screen and carry on watching on a different device. They can watch shows – whether live, recorded or on-demand – anywhere around the home. And they can take their recordings with them when they’re out and about using a tablet or phone.
“Sky Q will reinvent how our customers watch TV, allowing them to access their favorite shows across multiple screens, in and out of the home,” says Andrew Olson, director of new products, Sky.
The confidence to innovate
Sky Q gives us a taste of the kind of new service that a more sophisticated approach to security makes possible. And as online video continues to grow, we are sure to see many more exciting developments.
There will be plenty of opportunities for service providers in this new world. But to make the most of them, they will need to be sure that their systems are properly protected. With Cisco’s video security solutions, businesses can have the confidence to forge ahead with the innovations of the future.
This blog was guest-written by Erin Yamaoka, a Technical Account Manager at TaroWorks. 
