Cisco Security and the Layered Defense Approach
Over the past month, many of the Cisco Security Blog contributors have provided their view on Cybersecurity and its implications for customer network designs, architectures, protections, and services. These, in aggregate, stress what we all know: security is best achieved using a layered defense that includes securing endpoints, hosts, and network and services infrastructures. Cisco adds some unique layers to this defense, which stems from our experience developing capabilities and solutions that meet the needs of critical infrastructure and government networks. We are applying these lessons, capabilities, and our layered defensive approach to critical business infrastructures, as well.
Cisco takes a “build-in security” approach to provide device, system, infrastructure, and services security, and is the basis of the development approach that we use called the Cisco Secure Development Lifecycle (CSDL). Our development processes leverage product security baseline requirements, threat modeling in design or static analysis and fuzzing in validation, and registration of third-party software to better address vulnerabilities when they are disclosed. In the innermost layer of our products, security is built-in to devices in both silicon and software. The use of runtime assurance and protection capabilities such as Address Space Layout Randomization (ASLR), Object Size Checking, and execution space protections coupled with secure boot, image signing, and common crypto modules are leading to even more resilient products in an increasingly threatening environment.
Our products have evolved from monolithic operating systems to posix-like systems based on Linux and QNX. Even our iconic IOS has been built to run as a process on Linux kernels. Today, nearly all of the Cisco major operating systems are utilizing embedded Linux operating systems. We now face the challenge of ensuring that Linux kernels are hardened to meet networking needs.
We are taking two approaches to this challenge. First, Cisco has devised a set of security-related requirements for embedded Linux distribution vendors that specify a secure foundation upon which to layer application-specific features. These requirements outline a set of security-related features to be supported by the base Linux OS such as ASLR in text and data for process space, toolchain support requirements, and specific kernel settings along with requirements for packages to be integrated together for authentication and logging.
Second, Cisco has devised a Linux hardening guideline for our product development teams that provide guidelines for the secure configuration and use of a vendor’s Linux distribution when embedded within our products. The Linux hardening guideline covers the enabling of secure development and runtime defense features; ensures the removal of unnecessary services, ports, and devices; and secures the configuration of well-known services.
We are committed to making security a key attribute of every product that we build. We remind ourselves of this annually during Cisco SecCon—an internal gathering of Cisco engineers, security experts, advocates, and researchers. Although this event is not open to the public, two products we plan to share at SecCon will be made available to you around that time: the Linux Hardening Guide for our engineers and the Linux Hardening Requirements we provide to our Linux Distributors. After all, knowledgeable and security-focused customers and partners are another important layer of defense in Cybersecurity.
Look for another post from me in the near future announcing the availability of these documents.