Cisco

Introducing "Securing the Line"

Matthew Nickasch — Thu, 21 Aug 2008 10:08:38 -0400

We're all familiar with the common security concerns with deploying an IP Telephony environment. Tomorrow, I'm launching a large 10-part series on improving VoIP and telecom security in an enterprise environment. Titled "Securing the Line," this new series will feature a daily article focusing on a specific aspect of VoIP and/or telecom security, posted each morning. In the afternoons, I'll discuss the VoIP/telecom/convergence market news or analysis of the day. In addition, if you have any views or ideas that you feel need to be included in a VoIP/telecom security discussion, please feel free to reply to this thread! Coming Up on "Considering Convergence": - Afternoon Newsbreak : Cisco's SMB IP-PBX Push

Read more

Cisco still foggy about cloud services

Mitchell Ashley — Wed, 20 Aug 2008 10:56:46 -0400

NWW Cisco Subnet has a post about bloggers writing prolifically about Cisco and cloud services. Setting the Cisco WebEx acquisition aside for the moment, Cisco could and probably will offer some type of software-as-a-service or cloud software service themselves. I would expect the best SaaS opportunities to come in the VoIP market before it shows up anywhere else for Cisco. That said . . .

Read more

SSLVPN Vulnerabilities - Client Certificates offer a superior defense over OTP devices

jheary — Fri, 15 Aug 2008 18:44:04 -0400

Blackhat '08 disclosed several SSLVPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-in-the-Middle attack on SSLVPN tunnels. I'll walk you through how using certificates, instead of OTP tokens, for second factor authentication can increase the security of your SSLVPN solution against these new types of attacks. I wrote an article a while ago about using certificates as a second factor for authentication to an SSL or IPSEC VPN. The model is based on a feature that came out in the Cisco ASA 8.x release which allows an SSL VPN to be configured to require a certificate plus AAA authentication.

Read more

Cisco jumps aboard Cable & Wireless' MPLS network

Cisco Subnet — Thu, 14 Aug 2008 18:23:53 -0400

When big customers like AT&T cut back on their capital expenditure, their suppliers - such as Cisco - get a headache. Such is life when a big corporation contributes a large slice of Cisco's revenue. But for other vendors Cisco itself is that large customer that contributes a large slice of their sales. Take Cable & Wireless which two years ago cut its ties to the consumer world so that it could focus on a few large customers - including Cisco.

Read more

IP Spoofing Attacks - Mitigation techniques

yusuff — Wed, 13 Aug 2008 09:22:06 -0400

IP spoofing is one of the most common network attacks. Many security designs and solutions lack this fundamental proactive prevention technique. Usually, I see people implementing reactive prevention. My recommendation is to apply proactive security measures to protect the network from any unforseen IP spoofing attacks. How does it work IP spoofing attack is when an intruder attempts to disguise itself by pretending to have the source IP address of a trusted host to gain access to specified resources on a trusted network. IP spoofing is basically forging or falsifying (spoofing) the source IP addresses in IP packets. An intruder crafts an IP datagram with a source IP address that does not belong to them. Applications of IP spoofing

Read more

10 GBaseT

Tue, 12 Aug 2008 11:04:36 -0400
Why is it that 10GbaseT has been approved for over two years and you still can't buy it from a major network equipment vendor like Foundry or Cisco?

"Secure" VoIP Endpoints Becoming Mainstream

Matthew Nickasch — Fri, 08 Aug 2008 15:02:53 -0400
The demand for VoIP in security-focused environments is becoming more and more prevalent. In fact, US intelligence-gathering agencies such as the NSA are beginning to employ "secure VoIP" endpoints and networks to communicate effectively and securely. General Dynamics was recently awarded a certification from the NSA for their vIPer voice-over-IP-capable endpoint. This phone utilizes the Secure Communications Interoperability Protocol, a US Government-sponsored project. You can see the press release from General Dynamics here.

Read more

Why SIP Standardization is Critical

Matthew Nickasch — Wed, 06 Aug 2008 15:51:03 -0400
If you're even remotely interested in the convergence / VoIP / unified communications field and haven't read Steve Taylor and Jim Metzler's article on SIP interoperability, you should. I would like to expand a bit on why SIP is so incredibly important, and why the future of IP communications depends on it. In my honest opinion, we have a quiet, yet major problem developing in the industry. There are simply too many systems and environments that are utilizing proprietary or "modified" protocols for signaling. So, development in this area has been vendor-centric and closed, and not towards a common and unified technology.

Read more

Layer 2 Best Practices, and Protecting Layer 2 using Cisco Catalyst Switches

yusuff — Mon, 04 Aug 2008 12:39:24 -0400

The Data Link layer (Layer 2 of the OSI model) is the most complex of all the layers, as it provides the primary functional interface to transfer data between network entities with interoperability and interconnectivity to other layers, thus; being most vulnerable and most important layer to be secured from a network perspective. As we commonly say; "Network security is only as strong as the weakest link" - and Layer 2 is no exception.

Read more

Meet up at Black Hat

Mitchell Ashley — Mon, 04 Aug 2008 05:49:28 -0400

This week I'll be attending Black Hat in Las Vegas, the annual security show that brings in security practitioners and n00bs alike from all over the world. Xen Hypervisor, Cisco gear, Wi-Fi, browsers, Google Gadgets, DNS and more, are all expected to come under the hacking microscope to expose the latest security vulnerabilities and hacking methods. I'm particularly interested in Web 2.0 and hypervisor-type attacks, given how rapidly these two areas are expanding but suffer the typical malady of security languishing as a secondary consideration.

Read more

Introduction - Yusuf Bhaiji on Cisco Subnet

yusuff — Sat, 02 Aug 2008 10:27:29 -0400
Hi Folks, My name is Yusuf Bhaiji, and it is a pleasure to blog on this site and share information with you all. This is my first introductory blog. I've been with Cisco for over 7 years and manage the CCIE Security certification program and Proctor CCIE Lab exams in Dubai. I will mostly blog on Security and VPN topics throughout this month. We'll discuss common Layer2 and Layer3 security technologies and VPN solutions. I will share some common tips and techniques with you all. I will also discuss some of the most common network attacks and mitigation techniques. In addition, I will also blog on CCIE Security certification, preparation tips, recommended reading, etc. If you have any queries, pls do not hesitate to ask. Stay tuned for my next blog! Regards, Yusuf Bhaiji

How does Motorola's purchase of AirDefense affect Cisco's WLAN?

Cisco Subnet — Fri, 01 Aug 2008 15:45:03 -0400

Would Motorola's plan to purchase wireless security vendor AirDefense make a dent in Cisco's WLAN business? Motorola is hoping the move would strengthen its position against the networking giant, according to an article in SearchSecurity.com. The addition of AirDefense would help bump up Motorola's profile in the WLAN security business as AirDefense is generally acknowledged by industry analysts as the leader in the WLAN IDS/IPS market, suggests the article.

Read more

Cisco Certified Design Expert (CCDE) Practical Exam Beta for $980, will you take it?

Larry Chaffin — Tue, 22 Jul 2008 20:52:24 -0400

I got this information today and wanted to pass it along to everyone. I have a question for everyone also, will you take it and do you think it should have been a free beta test?
Now Available! Cisco Certified Design Expert (CCDE) Practical Exam Beta

Read more

Cisco's spamming Twitters?

Cisco Subnet — Tue, 22 Jul 2008 18:49:39 -0400

Be careful how you tweet. Blogger gadgetguy.de is asking whether Cisco is automatically spamming Twitters. Just a minute after updating his Twitter account with a remark about how installing a Cisco 5-port mini switch has improved his network storage appliance, he received an e-mail saying that Cisco IT (ciscoit) is following him on Twitter. He writes: "You tell me that’s not a bot? Can anybody else try to verify this (just tweet something with “cisco” in the text)."

Read more

Want to work at Cisco? Only team players need apply

Cisco Subnet — Mon, 21 Jul 2008 17:57:33 -0400

The Cisco employees who will succeed at the company will be the ones who thrive at being moved to different business functions - IT, finance, customer service, manufacturing - and can work on any cross-functional projects. They won't be paid for their current skills but instead be paid for their leadership abilities and willingness to learn new things.

Read more

Convergence Improves Airport Communications

Matthew Nickasch — Mon, 21 Jul 2008 10:27:19 -0400
With the US economy in a constant state of 'flux', organizations, companies, and even entire industries are obviously looking for opportunities to save money and increase innovation. Those who follow the news are no stranger to the current state of the air travel industry. With constantly shifting demand and load factors, decreased routes, and constant variation in fuel prices, the industry is looking to squeeze the last ounce out of every dollar. I recently spent quite a bit of last week at various airports while traveling on vacation. As a true telecom geek, I'm always curious about how organizations and entities are utilizing technology to aid in their daily operations. At a specific regional airport in the southeast US, the use of converged telephony was in full force.

Read more

Cisco releases new security features, a capture feature, and new IOS upgrade tools

jheary — Sun, 20 Jul 2008 23:21:38 -0400
Cisco just released updated router IOS code,12.4(20)T, with several very interesting new security features and a packet capture feature you might be interested in. You can even use the new warm upgrade and Auto-upgrade Manager features that released with 12.4(15)T IOS code to streamline the upgrade process and minimize your downtime. Let’s dive into the new security features and the new upgrade tools that Cisco is offering. Cisco packed in some pretty hefty security features in this release, 24 new ones to be exact. Here are the highlights:

Read more

Get Smart about CCNA Security – Part 2 of 2

wendell — Mon, 14 Jul 2008 20:28:29 -0400

(Wendell here - Kevin's wrapping up today on CCNA Security - thanks, Kevin!) Kevin Wallace, CCIE #7945, CCSI, CCSP, CCNP, CCDP, CCVP, is a full-time instructor of Cisco courses for SkillSoft Corp. and is an author of several Cisco Press titles. Kevin’s Cisco experience spans 19 years and includes positions as a Network Design Specialist for Walt Disney World and as a Network Manager for Eastern Kentucky University.

Read more

Performance Testing Revisited

Rus Healy — Mon, 14 Jul 2008 12:17:11 -0400
How much of a difference would it make if Cisco changed all of its certification exams to performance-based testing? Answer: A lot.

Read more

CCNA Security Posts from the Guy Who Wrote (part of) the Book

wendell — Wed, 09 Jul 2008 07:28:32 -0400

Wendell here. I've asked Kevin Wallace to take a few posts to discuss CCNA Security. Please fire away all the questions you have on this new cert! Thanks...
Kevin Wallace, CCIE #7945, CCSI, CCSP, CCNP, CCDP, CCVP, is a full-time instructor of Cisco courses for SkillSoft Corp. and is an author of several Cisco Press titles. Kevin’s Cisco experience spans 19 years and includes positions as a Network Design Specialist for Walt Disney World and as a Network Manager for Eastern Kentucky University.

Read more