encryption

January 25, 2016

SECURITY

Hiding in Plain Sight: Malware’s Use of TLS and Encryption

Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing communication between a web server and […]

October 19, 2015

SECURITY

Cisco Next Generation Encryption and Postquantum Cryptography

Cisco developed Next Generation Encryption (NGE) in 2011. NGE was created to define a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for our customers. These are the best standards that can be implemented today to meet the security and scalability requirements for network security in the years […]

October 28, 2014

SECURITY

File Security With the Click of a Button

Securing our digital lives used to be simpler. Up until a few years ago, we primarily used email as a means for transferring or exchanging files between two parties. A handful of companies emerged to provide email encryption for those who needed it. Most other people did not worry about it. Today, file exchange has […]

June 20, 2014

SECURITY

Open Sourcing FNR an Experimental Block Cipher

Traditional block ciphers work on fixed blocks of data—as an example, AES is well-defined for 128/192/256 bits. But one of the issues is the need for padding—so if you need to encrypt small amounts of data you may end with a huge difference in input vs. output size. As an example, using AES/128 on ECB […]

April 30, 2014

SECURITY

Taking Encryption to the Next Level: Enrollment Over Secure Transport Strengthens Adoption of Elliptic Curve Cryptograph …

Enrollment over Secure Transport (EST) is a new standard (RFC7030) designed to improve the lifecycle management of digital certificates, a key element for secure communications. Cisco Engineer Max Pritikin coauthored the EST standard. We’re very excited about the potential use cases of EST, which are, as we’ll discuss in a moment, pretty versatile. To understand […]

April 9, 2014

INSIDE CISCO IT

Improving Email at Cisco Part 2 – The Employee Process Side

I’d mentioned earlier (see Improving Email at Cisco Part 1 – The IT Technology Side) that email has its ugly side: Too many Most of them are a waste of time Emails will, occasionally, carry virus payloads (or link you to sites that have worse); and yet I can’t live without it

February 14, 2014

SECURITY

Safety first, business second, security none?

Based on 25 years of professional experience in various businesses around the globe, I can say that many industry verticals have a pretty good state of safety culture as it relates to the health and safety of their employees.  This is especially true for companies involved in high-risk businesses such as oil and gas, (nuclear) […]

January 13, 2014

SECURITY

Detecting Payment Card Data Breaches Today to Avoid Becoming Tomorrow’s Headline

A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at least three other well-known U.S. retailers”. Given the current […]

October 17, 2013

SECURITY

Practical Tips for Safekeeping your Mobile Devices

Now when I’m talking about safekeeping a mobile device, I’m not saying don’t use your Kindle by the pool or let your toddler play on the iPad while eating ice cream. These are dangerous things to be doing with a gadget, but today I want to focus more on the data within that device, rather […]