40 Cisco employees have been arrested by Brazilian authorities, as part of a massive tax fraud investigation. Police and tax authorities say that Cisco's Brazilian unit has imported ё250 million worth of telecommunications and network equipment over the last five years without properly paying import duties. In all, it is claimed that the company owes an estimated 1.5 billion reais (ё410 million) in taxes, fines and interest.
Senior company executives and six government tax officials were among those arrested, say police, but no names have been released. Brazilian authorities also asked the U.S. police to issue arrest warrants for five more suspects currently in the United States.
"Cisco is cooperating with the investigation that is underway," says a company spokesman in Sao Paulo.
The investigation, which has been going on for two years, alleges that Cisco's Brazilian unit used companies based in tax havens like Panama, the Bahamas and the British Virgin Islands to avoid paying import taxes in Brazil.
Authorities say that Cisco also systematically understated the value of merchandise it imported to pay less taxes and frequently issued falsified receipts and other documents.
About 650 police agents and tax officials served 93 search warrants in the states of Sao Paulo, Rio de Janeiro and Bahia on Tuesday. Police also suspect that some Cisco employees in the United States were involved in the scheme.
"It's inevitable that this investigation is going to lead us to headquarters," says Erika Nogueira, the federal police official in charge of the probe.
Police say they had no evidence that Cisco's customers in Brazil were aware of the scheme but that each sales contract would be investigated on an individual basis.
Wednesday, October 17, 2007
Monday, October 15, 2007
Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability
Andy Davis has reported a vulnerability in Cisco IOS, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the LPD service of Cisco IOS when printing an error message containing an overly long (more than 99 bytes) hostname. This can be exploited to cause a stack-based buffer overflow by e.g. connecting to the default LPD port (515/TCP).
Successful exploitation may allow the execution of arbitrary code but requires that the LPD daemon is enabled (disabled by default) and that the attacker can control the hostname of the router.
Solution:
Update to 12.2(18)SXF11, 12.4(16a), or 12.4(2)T6.
Provided and/or discovered by:
Andy Davis, IRM Plc.
Original Advisory:
IRM Plc.:
http://www.irmplc.com/index.php/155-Advisory-024
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
The vulnerability is caused due to a boundary error within the LPD service of Cisco IOS when printing an error message containing an overly long (more than 99 bytes) hostname. This can be exploited to cause a stack-based buffer overflow by e.g. connecting to the default LPD port (515/TCP).
Successful exploitation may allow the execution of arbitrary code but requires that the LPD daemon is enabled (disabled by default) and that the attacker can control the hostname of the router.
Solution:
Update to 12.2(18)SXF11, 12.4(16a), or 12.4(2)T6.
Provided and/or discovered by:
Andy Davis, IRM Plc.
Original Advisory:
IRM Plc.:
http://www.irmplc.com/index.php/155-Advisory-024
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
Cisco gives its Security Research Center a Makeover
Not many people realize that Cisco has been silently improving their security threat information site called The Cisco Security Center (www.cisco.com/security). I would also go out on a limb and guess that not many people ever knew Cisco provided free security research content. Bottom line is the site offers lots of excellent, and free, security content.
A large percentage of the content comes from its IntelliShield business unit. Cisco IntelliShield is a paid, subscription service that provides all sorts of customized security reports. The good news is that many of the general reports are now being offered for free on the Security Center Website.
So what cool reports are available on this site, well here are some examples:
Every Month a report that has Cisco’s response to the latest Microsoft Security Bulletin. This includes recommendations on how to use Cisco gear to thwart the threats. Everything from the exact Cisco IPS signature numbers to example code snipits for ACLs, NBAR, etc are provided when applicable. Check out the October one here
http://tools.cisco.com/security/center/getDocument.x?id=634
Intellishield reports that provide in depth info on recently released vulnerabilities. These reports give details on things like the urgency(likely use), credibility, and Severity of a given vulnerability. Keep in mind that many of these reports are only available with the paid service but I’ve found that most of the big ones are provided free. Here is an example report
http://tools.cisco.com/security/center/getDocument.x?id=633
IntelliShield Security Activity Reports are my favorite report type on the site. To describe these reports I’ll just quote from their website, “The IntelliShield Periodic Security Activity Report (PSAR) is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. The PSARs are a result of collaborative efforts, information sharing, and collective security expertise of senior analysts from Cisco security services.” Here is an example
http://www.cisco.com/web/about/security/intelligence/PSAR_oct1-7.html
A complete listing and detail around the latest Cisco IPS Signatures available. This detail includes a description of the signature and threat, known benign triggers, links to related security reports, and the severity of the alarm. Here is an example, but it does require CCO login
http://tools.cisco.com/security/center/prsc/viewSignature.x?signatureId=5906&signatureSubId=0
All of the Cisco product security alerts, or PSIRTs, are listed on the site. Details of the vulnerability, as well as any viable workarounds, are provided. Here is an example
http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml
Take a look at the site and some of the reports available. What do you think of the content available? Anything missing that you’d like to see?
A large percentage of the content comes from its IntelliShield business unit. Cisco IntelliShield is a paid, subscription service that provides all sorts of customized security reports. The good news is that many of the general reports are now being offered for free on the Security Center Website.
So what cool reports are available on this site, well here are some examples:
Every Month a report that has Cisco’s response to the latest Microsoft Security Bulletin. This includes recommendations on how to use Cisco gear to thwart the threats. Everything from the exact Cisco IPS signature numbers to example code snipits for ACLs, NBAR, etc are provided when applicable. Check out the October one here
http://tools.cisco.com/security/center/getDocument.x?id=634
Intellishield reports that provide in depth info on recently released vulnerabilities. These reports give details on things like the urgency(likely use), credibility, and Severity of a given vulnerability. Keep in mind that many of these reports are only available with the paid service but I’ve found that most of the big ones are provided free. Here is an example report
http://tools.cisco.com/security/center/getDocument.x?id=633
IntelliShield Security Activity Reports are my favorite report type on the site. To describe these reports I’ll just quote from their website, “The IntelliShield Periodic Security Activity Report (PSAR) is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. The PSARs are a result of collaborative efforts, information sharing, and collective security expertise of senior analysts from Cisco security services.” Here is an example
http://www.cisco.com/web/about/security/intelligence/PSAR_oct1-7.html
A complete listing and detail around the latest Cisco IPS Signatures available. This detail includes a description of the signature and threat, known benign triggers, links to related security reports, and the severity of the alarm. Here is an example, but it does require CCO login
http://tools.cisco.com/security/center/prsc/viewSignature.x?signatureId=5906&signatureSubId=0
All of the Cisco product security alerts, or PSIRTs, are listed on the site. Details of the vulnerability, as well as any viable workarounds, are provided. Here is an example
http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml
Take a look at the site and some of the reports available. What do you think of the content available? Anything missing that you’d like to see?
Tuesday, October 9, 2007
Cisco seeks more voice-recognition technology
Cisco Systems Inc wants to add more sophisticated voice-recognition technology to its products aimed at helping office workers communicate more flexibly, a senior executive said on Thursday.
Barry O'Sullivan, head of Cisco's Voice Technology Group, told Reuters he was not sure if the network equipment maker would develop such technology internally or through partnerships or acquisitions.
He said improved voice technology could be added to Cisco's "unified communications" products, which tie together e-mail, phones and other tools such as instant messaging and video conferencing.
"We'd like to be able to do things like search for stored conference calls, and intelligent tagging of voice," O'Sullivan said in a telephone interview.
An increasing number of companies are offering "unified communications" products. Cisco both competes and partners with companies like Microsoft Corp (MSFT.O: Quote, Profile, Research) and IBM (IBM.N: Quote, Profile, Research) in this business.
O'Sullivan said the company would continue to work with others to ensure customers have access to various software and equipment, but relationships among the various players were likely to change over time.
"There's a $30 billion market opportunity out there. We're all circling around it with different strengths and we all want a piece of the pie," he said.
Barry O'Sullivan, head of Cisco's Voice Technology Group, told Reuters he was not sure if the network equipment maker would develop such technology internally or through partnerships or acquisitions.
He said improved voice technology could be added to Cisco's "unified communications" products, which tie together e-mail, phones and other tools such as instant messaging and video conferencing.
"We'd like to be able to do things like search for stored conference calls, and intelligent tagging of voice," O'Sullivan said in a telephone interview.
An increasing number of companies are offering "unified communications" products. Cisco both competes and partners with companies like Microsoft Corp (MSFT.O: Quote, Profile, Research) and IBM (IBM.N: Quote, Profile, Research) in this business.
O'Sullivan said the company would continue to work with others to ensure customers have access to various software and equipment, but relationships among the various players were likely to change over time.
"There's a $30 billion market opportunity out there. We're all circling around it with different strengths and we all want a piece of the pie," he said.
Wednesday, October 3, 2007
Cisco Releases New Branch Office Products
Cisco Systems Inc. last week announced a bevy of new remote office products, starting with a branch-friendly version of its Integrated Services Router (ISR) entry - the new ISR 1861 - a lightweight series of Catalyst 2960 Switches (complete with Cisco's LAN Lite IOS Software) and, significantly, the availability of 802.11n WLAN Controller support for the ISR.
Analysts are upbeat about Cisco's branch office bonanza, which they say addresses clear corporate pain points. At the same time, they caution, Cisco's new branch office deliverables are far from market-changers.
"These products broaden Cisco's potential in the enterprise branch market but are not in of themselves giant leaps," said Steven Schuchart, principal analyst for enterprise network systems. "These new products will intrigue new customers but will not necessarily be prime motivators for new sales."
Not that Cisco is any stranger to the enterprise branch, of course. The market is already an established (and highly competitive) player in this segment, according to Schuchart. "Cisco has been focusing on the enterprise branch for some time and the 2960 with LAN Lite and 1861 ISR in particular give customers more choices for smaller branch offices. These products also give Cisco a good play for the small and medium enterprise market," he said.
Schuchart also singles out the availability of 802.11n support on Cisco's Wireless LAN Controller module for the ISR, which he expects will help placate existing customers as well as attract new ones.
He cautions, however, that most customers have adopted a wait-and-see comportment with respect to 802.11n - so the new high-speed WLAN Controller module probably won't be an enormous hit.
"This fleshes out the 802.11n strategy and product line announced earlier this month and gives customers who need the raw speed of an n-based solution the option of adding it to the ISR," he said. "Cisco has been leading the market with modular on-router wireless. Cisco's customers can pick from any number of modular options for many ISR models that allow customers to tailor the products to their needs, as opposed to the all-in-one options offered by many of their competitors."
Analysts are upbeat about Cisco's branch office bonanza, which they say addresses clear corporate pain points. At the same time, they caution, Cisco's new branch office deliverables are far from market-changers.
"These products broaden Cisco's potential in the enterprise branch market but are not in of themselves giant leaps," said Steven Schuchart, principal analyst for enterprise network systems. "These new products will intrigue new customers but will not necessarily be prime motivators for new sales."
Not that Cisco is any stranger to the enterprise branch, of course. The market is already an established (and highly competitive) player in this segment, according to Schuchart. "Cisco has been focusing on the enterprise branch for some time and the 2960 with LAN Lite and 1861 ISR in particular give customers more choices for smaller branch offices. These products also give Cisco a good play for the small and medium enterprise market," he said.
Schuchart also singles out the availability of 802.11n support on Cisco's Wireless LAN Controller module for the ISR, which he expects will help placate existing customers as well as attract new ones.
He cautions, however, that most customers have adopted a wait-and-see comportment with respect to 802.11n - so the new high-speed WLAN Controller module probably won't be an enormous hit.
"This fleshes out the 802.11n strategy and product line announced earlier this month and gives customers who need the raw speed of an n-based solution the option of adding it to the ISR," he said. "Cisco has been leading the market with modular on-router wireless. Cisco's customers can pick from any number of modular options for many ISR models that allow customers to tailor the products to their needs, as opposed to the all-in-one options offered by many of their competitors."
Cisco Acquires Latigent
Cisco will have Web 2.0-based reporting systems added to its contact centre systems as a result of the new acquisition of Latigent.
Latigent is a top provider of web-based business intelligence and analytics reporting solutions.
Its products take advantage of Web 2.0 principles that help customers to create scalable, flexible and easy customisable real-time reports for contact centres.
The deal will see Latigent's products work with Cisco's Unified Customer Contact solutions.
Laurent Philonenko, vice president and general manager of the Customer Contact Business Unit at Cisco, said: "By acquiring Latigent, Cisco is signalling a commitment to increase the value of customer investments in our customer interaction solutions by providing appealing, robust and dynamic tools to enable increased visibility and efficiency."
News brought to you by Comms Express, number one for switches on the net.
Latigent is a top provider of web-based business intelligence and analytics reporting solutions.
Its products take advantage of Web 2.0 principles that help customers to create scalable, flexible and easy customisable real-time reports for contact centres.
The deal will see Latigent's products work with Cisco's Unified Customer Contact solutions.
Laurent Philonenko, vice president and general manager of the Customer Contact Business Unit at Cisco, said: "By acquiring Latigent, Cisco is signalling a commitment to increase the value of customer investments in our customer interaction solutions by providing appealing, robust and dynamic tools to enable increased visibility and efficiency."
News brought to you by Comms Express, number one for switches on the net.
Cisco may buy WiMax Player
Cisco Systems Inc. is close to buying a company that makes WiMax base stations, according to an industry report. The move would be Cisco's first foray into the wireless technology.
Cisco, by far the largest networking equipment maker, would not comment on the report, but a spokesman did refer to Cisco's online position paper on WiMax. While the paper notes that "WiMax will be one of several high-speed wireless WAN technologies seeing broad deployment," it adds, "Cisco has no current plans to build WiMax base stations or base stations using any other WAN radio access technology."
The paper notes that Cisco will work with partners and also provide IP technology for next-generation base stations, while its partners will provide the radio components. Also, Cisco plans to provide IP infrastructure to network the base stations together, the paper says.
The wireless news Web site Unstrung reported that two unnamed industry sources said the purchase could take place in a matter of weeks and that Cisco had narrowed down the potential list of targets to four companies: Alvarion Ltd., Aperto Networks Inc., Navini Networks Inc. and Redline Communications Inc.
Craig Mathias, an industry analyst at The Farpoint Group and a Computerworld columnist, said that it makes sense -- but it's "not essential" -- for Cisco to be involved more directly in WiMax. He said any of the four companies being named would be solid choices. Mathias said he had not heard any rumors, however.
"Every company is on Cisco's list to buy all the time," he noted. "They buy according to what's going to provide the biggest return on investment."
Last month, Cisco announced plans to buy Cognio Inc. in order to acquire its wireless network management technology. That would be Cisco's first acquisition of its current fiscal year but its 122d purchase overall.
Cisco, by far the largest networking equipment maker, would not comment on the report, but a spokesman did refer to Cisco's online position paper on WiMax. While the paper notes that "WiMax will be one of several high-speed wireless WAN technologies seeing broad deployment," it adds, "Cisco has no current plans to build WiMax base stations or base stations using any other WAN radio access technology."
The paper notes that Cisco will work with partners and also provide IP technology for next-generation base stations, while its partners will provide the radio components. Also, Cisco plans to provide IP infrastructure to network the base stations together, the paper says.
The wireless news Web site Unstrung reported that two unnamed industry sources said the purchase could take place in a matter of weeks and that Cisco had narrowed down the potential list of targets to four companies: Alvarion Ltd., Aperto Networks Inc., Navini Networks Inc. and Redline Communications Inc.
Craig Mathias, an industry analyst at The Farpoint Group and a Computerworld columnist, said that it makes sense -- but it's "not essential" -- for Cisco to be involved more directly in WiMax. He said any of the four companies being named would be solid choices. Mathias said he had not heard any rumors, however.
"Every company is on Cisco's list to buy all the time," he noted. "They buy according to what's going to provide the biggest return on investment."
Last month, Cisco announced plans to buy Cognio Inc. in order to acquire its wireless network management technology. That would be Cisco's first acquisition of its current fiscal year but its 122d purchase overall.
Thursday, September 27, 2007
Cisco Catalyst 6500 / Cisco 7600 Series Devices Accessible Loopback Address Weakness
A weakness has been reported in Cisco Catalyst 6500 and Cisco 7600 series devices, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that packets destined for the 127.0.0.0/8 network may be received and processed by e.g. the Supervisor module or Multilayer Switch Feature Card (MSFC). This can be exploited to e.g. bypass existing access control lists.
Successful exploitation requires that systems are running Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the MSFC) or Native Mode (IOS Software on both the Supervisor Engine and the MSFC).
The weakness is reported in all software versions on Cisco Catalyst 6500 and Cisco 7600 series prior to 12.2(33)SXH.
Solution:
Update to 12.2(33)SXH.
Provided and/or discovered by:
The vendor credits Lee E. Rian.
The problem is that packets destined for the 127.0.0.0/8 network may be received and processed by e.g. the Supervisor module or Multilayer Switch Feature Card (MSFC). This can be exploited to e.g. bypass existing access control lists.
Successful exploitation requires that systems are running Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the MSFC) or Native Mode (IOS Software on both the Supervisor Engine and the MSFC).
The weakness is reported in all software versions on Cisco Catalyst 6500 and Cisco 7600 series prior to 12.2(33)SXH.
Solution:
Update to 12.2(33)SXH.
Provided and/or discovered by:
The vendor credits Lee E. Rian.
Wednesday, September 26, 2007
Cisco rolls out appliance to enhance carrier Ethernet and IPTV
Cisco this week announced a service provider appliance that the vendor says will help carriers better deliver on the promise of what it calls the "connected life," by bringing fibre connectivity to multi-tenant units like apartments.
As service providers continue to jockey back and forth to differentiate themselves by offering new advanced services, Cisco's service provider senior marketing manager Mike Capuano said the focus is really on the end users, who demand connectivity and the ability to create their own mix of services, whether it's video, voice, IPTV or a combination of many.
"The critical competitive element is to deliver a great customer experience," Capuano said. "End users can create their own service mix if they want to."
The appliance, the ME 3400 24FS, is an update to Cisco's Carrier Ethernet portfolio of its IP Next-Generation Network (IP NGN).
According to Capuano, the ME 3400 24FS delivers fibre to multi-tenant units to enable high-density fibre deployments. He claims that providers can install the box in building basements to ensure in-building reach in a pay-as-you-grow fashion. Port options accommodate fibre and copper and visibility and control over bandwidth.
"Using the ME 3400, providers are able to pinpoint troubleshooting, delay-free access to personalised content and advanced entertainment service delivery unrestrained by distance," Cisco said in a statement.
Along with the appliance, Cisco announced enhancements to its IP NGN Carrier Ethernet Design, including 50 ms resiliency from the core to the premise, increased scalability, new instrumentation for measuring customer service-level agreements (SLAs), and increased resiliency and scalability.
Pinpointing trouble on a massive service provider network has been difficult in the past, according to Eve Guilloches, program manager of telecom infrastructure at IDC. And as the Carrier Ethernet market continues to be a growth area, a better understanding of the network end-to-end has become imperative.
Many vendors are making appliances for the core of the telecom network and moving slowly to the edge, Guilloches said. But the inherent problem with Carrier Ethernet is its need to be more reliable, especially as service providers offer new services like IPTV. The ability to manage the network from end-to-end will help ensure that the network is reliable, she said.
"[With Cisco IP NGN Carrier Ethernet] software can go all the way through fibre directly to the customer to understand what's going on at the customer site," she said. "What you want to do is have as much visibility as possible."
Guilloches said service providers want to know exactly where a problem lies -- whether it's in the satellite feed, the core, or at the customer site. Since data traverses a great deal of network infrastructure, it was difficult in the past for service providers to determine just where the problem lay.
"There are a million ways to screw it up," she said. "Now at least they can diagnose the problem to know where it's falling apart."
Ricky Wong, chairman of Hong Kong Broadcast Network, agreed that troubleshooting was difficult, especially with the mass of traffic and the increased use of new, advanced services.
"With the target to cover two million households for triple-play services on our Carrier Ethernet network, quality of experience is of the utmost importance," Wong said in a statement. "Given the growth of traffic and subscribers, working to ensure it is an ongoing challenge."
As service providers continue to jockey back and forth to differentiate themselves by offering new advanced services, Cisco's service provider senior marketing manager Mike Capuano said the focus is really on the end users, who demand connectivity and the ability to create their own mix of services, whether it's video, voice, IPTV or a combination of many.
"The critical competitive element is to deliver a great customer experience," Capuano said. "End users can create their own service mix if they want to."
The appliance, the ME 3400 24FS, is an update to Cisco's Carrier Ethernet portfolio of its IP Next-Generation Network (IP NGN).
According to Capuano, the ME 3400 24FS delivers fibre to multi-tenant units to enable high-density fibre deployments. He claims that providers can install the box in building basements to ensure in-building reach in a pay-as-you-grow fashion. Port options accommodate fibre and copper and visibility and control over bandwidth.
"Using the ME 3400, providers are able to pinpoint troubleshooting, delay-free access to personalised content and advanced entertainment service delivery unrestrained by distance," Cisco said in a statement.
Along with the appliance, Cisco announced enhancements to its IP NGN Carrier Ethernet Design, including 50 ms resiliency from the core to the premise, increased scalability, new instrumentation for measuring customer service-level agreements (SLAs), and increased resiliency and scalability.
Pinpointing trouble on a massive service provider network has been difficult in the past, according to Eve Guilloches, program manager of telecom infrastructure at IDC. And as the Carrier Ethernet market continues to be a growth area, a better understanding of the network end-to-end has become imperative.
Many vendors are making appliances for the core of the telecom network and moving slowly to the edge, Guilloches said. But the inherent problem with Carrier Ethernet is its need to be more reliable, especially as service providers offer new services like IPTV. The ability to manage the network from end-to-end will help ensure that the network is reliable, she said.
"[With Cisco IP NGN Carrier Ethernet] software can go all the way through fibre directly to the customer to understand what's going on at the customer site," she said. "What you want to do is have as much visibility as possible."
Guilloches said service providers want to know exactly where a problem lies -- whether it's in the satellite feed, the core, or at the customer site. Since data traverses a great deal of network infrastructure, it was difficult in the past for service providers to determine just where the problem lay.
"There are a million ways to screw it up," she said. "Now at least they can diagnose the problem to know where it's falling apart."
Ricky Wong, chairman of Hong Kong Broadcast Network, agreed that troubleshooting was difficult, especially with the mass of traffic and the increased use of new, advanced services.
"With the target to cover two million households for triple-play services on our Carrier Ethernet network, quality of experience is of the utmost importance," Wong said in a statement. "Given the growth of traffic and subscribers, working to ensure it is an ongoing challenge."
Cisco Product Rollout Aims To Boost Branch Offices
Cisco Systems on Wednesday rolled out several new products and services designed to give branch offices similar security, wireless, application acceleration, and unified communications capabilities as the home office.
The new products and services include platforms, hardware modules, software enhancements, and new feature sets.
"We came out with a branch [office] architecture that allows us to provide our customers with an entire set of service capabilities that they need in the branch office: the routing, the switching, the wireless capabilities, unified communications, voice over IP, and Wide Area Network optimization to drive down latency and improve application performance," said Inbar Lasser-Raab, Cisco's director of network systems, in an interview.
Cisco's 1861 Integrated Services Router, which costs $3,995, comes with built-in security and unified communications capabilities for up to eight users in a branch office. A smaller business can connect its phones to the router for basic voice messaging. A larger business can tie it to a business application for the full unified communications experience, Lasser-Raab said.
The Catalyst 2960 Series Switches with LAN Lite Cisco IOS (Internetwork Operating System) Software are managed switches with entry-level security and quality of service. The switches cost $995.
The Cisco Unified Messaging Gateway is designed for routing messages and exchanging subscriber and directory information among up to 10,000 voice mail systems within a unified messaging network, meaning one that supports an integrated in-box for multiple kinds of messages such as voicemail, e-mail, and fax. It acts as the central hub in a network. The gateway will be available in November, starting at $9,000 for 250 nodes.
The Intrusion Prevention System Advanced Integration Module, which starts at $3,000, is meant to help branch offices defend their networks against attacks and disruptions. The module identifies and stops malicious traffic originating from the Internet.
Cisco's new Performance Routing software monitors Internet traffic, performance bottlenecks, and overall network conditions, while the Wide Area Application Services (WAAS) Network Module (for the Cisco 3800 Series Integrated Services Router) lets branch offices consolidate servers and storage into data centers and centrally deploy new applications.
Additionally, Cisco announced a software upgrade for its Wireless LAN Controller, which now supports the IEEE 802.11n draft 2.0 standard that has the potential of delivering five times the performance of current wireless networks.
"Now customers can give their branches the same level of support and capability as they do in the headquarters," said Lasser-Raab.
The new products and services include platforms, hardware modules, software enhancements, and new feature sets.
"We came out with a branch [office] architecture that allows us to provide our customers with an entire set of service capabilities that they need in the branch office: the routing, the switching, the wireless capabilities, unified communications, voice over IP, and Wide Area Network optimization to drive down latency and improve application performance," said Inbar Lasser-Raab, Cisco's director of network systems, in an interview.
Cisco's 1861 Integrated Services Router, which costs $3,995, comes with built-in security and unified communications capabilities for up to eight users in a branch office. A smaller business can connect its phones to the router for basic voice messaging. A larger business can tie it to a business application for the full unified communications experience, Lasser-Raab said.
The Catalyst 2960 Series Switches with LAN Lite Cisco IOS (Internetwork Operating System) Software are managed switches with entry-level security and quality of service. The switches cost $995.
The Cisco Unified Messaging Gateway is designed for routing messages and exchanging subscriber and directory information among up to 10,000 voice mail systems within a unified messaging network, meaning one that supports an integrated in-box for multiple kinds of messages such as voicemail, e-mail, and fax. It acts as the central hub in a network. The gateway will be available in November, starting at $9,000 for 250 nodes.
The Intrusion Prevention System Advanced Integration Module, which starts at $3,000, is meant to help branch offices defend their networks against attacks and disruptions. The module identifies and stops malicious traffic originating from the Internet.
Cisco's new Performance Routing software monitors Internet traffic, performance bottlenecks, and overall network conditions, while the Wide Area Application Services (WAAS) Network Module (for the Cisco 3800 Series Integrated Services Router) lets branch offices consolidate servers and storage into data centers and centrally deploy new applications.
Additionally, Cisco announced a software upgrade for its Wireless LAN Controller, which now supports the IEEE 802.11n draft 2.0 standard that has the potential of delivering five times the performance of current wireless networks.
"Now customers can give their branches the same level of support and capability as they do in the headquarters," said Lasser-Raab.
Monday, September 24, 2007
Cisco sees security spend surge 20
Security spending is expected to increase by 20 per cent across the globe, including India, due to the increase in usage of wireless and mobile connectivity among employees, says a survey by network solutions provider Cisco.
In India, almost 36 per cent of the respondents predict the increase in security spending to be between 10 and 20 per cent.
The latest research builds on findings released earlier this month, which highlighted the growing trend of mobile employees and the heightened risks for businesses as they connect to corporate networks and carry sensitive information outside office walls.
While the previous survey involved more than 700 mobile employees in seven countries, where wireless and mobility technologies are widely adopted, the additional findings reveal spending plans and business drivers for over 700 IT decision makers, who work in those same nations: the United States, the United Kingdom, Germany, China, India, South Korea and Singapore.
“These figures are significant because a 20 per cent increase in spending on security alone could represent hundreds of thousands to millions of dollars for mid-size and large enterprises,” said Jeff Platon, vice-president of security solutions for Cisco.
Virus containment was the single-largest issue that Chief Information Officers (CIOs) in India found among wireless devices over the past year. A third of respondents in both India and China feel that security incidents will increase in the next year. In India, 41 per cent of respondents are focusing on wireless security, while 42 per cent are focusing on both wired and wireless security.
Almost two-thirds (63 per cent) of IT respondents say more employees are being enabled to work anywhere, anytime with laptops, smart phones, or both.
Germany (74 per cent) leads the pack, followed by China and India (69 per cent), South Korea (66 per cent) and the United States (58 per cent).
Education and awareness among users will be key to the success of any security policy. Many mobile users in the survey say they aren’t always aware of security concerns, and their actions provide proof.
Throughout the seven countries, many mobile employees say they access unauthorised wireless networks in public places and in their neighbourhoods.
Many say they don’t encrypt data on their wireless devices or set passwords to prevent physical access to their information.
And, inevitably, some mobile users lose their devices or are victims of theft.
However, more than half agree that regulatory compliance initiatives are driving attention to wireless security. The countries where this is the biggest driver are India, Singapore and China.
Ben Gibson, Cisco’s director of mobility solutions, said: “The research really provides an opportunity for IT to reassess its relationship with increasingly mobile user bases and consider new ways to minimise spending. If you look at it from all angles — compliance, policies, business needs and human behaviour — technology is only half of the equation. Proactive communication, education and engagement of employees on safe, appropriate online behaviour, especially when they are mobile and remote, can help to ensure solid returns on strategic IT investments that bring the promise of a secure, mobile wireless business to life.”
In India, almost 36 per cent of the respondents predict the increase in security spending to be between 10 and 20 per cent.
The latest research builds on findings released earlier this month, which highlighted the growing trend of mobile employees and the heightened risks for businesses as they connect to corporate networks and carry sensitive information outside office walls.
While the previous survey involved more than 700 mobile employees in seven countries, where wireless and mobility technologies are widely adopted, the additional findings reveal spending plans and business drivers for over 700 IT decision makers, who work in those same nations: the United States, the United Kingdom, Germany, China, India, South Korea and Singapore.
“These figures are significant because a 20 per cent increase in spending on security alone could represent hundreds of thousands to millions of dollars for mid-size and large enterprises,” said Jeff Platon, vice-president of security solutions for Cisco.
Virus containment was the single-largest issue that Chief Information Officers (CIOs) in India found among wireless devices over the past year. A third of respondents in both India and China feel that security incidents will increase in the next year. In India, 41 per cent of respondents are focusing on wireless security, while 42 per cent are focusing on both wired and wireless security.
Almost two-thirds (63 per cent) of IT respondents say more employees are being enabled to work anywhere, anytime with laptops, smart phones, or both.
Germany (74 per cent) leads the pack, followed by China and India (69 per cent), South Korea (66 per cent) and the United States (58 per cent).
Education and awareness among users will be key to the success of any security policy. Many mobile users in the survey say they aren’t always aware of security concerns, and their actions provide proof.
Throughout the seven countries, many mobile employees say they access unauthorised wireless networks in public places and in their neighbourhoods.
Many say they don’t encrypt data on their wireless devices or set passwords to prevent physical access to their information.
And, inevitably, some mobile users lose their devices or are victims of theft.
However, more than half agree that regulatory compliance initiatives are driving attention to wireless security. The countries where this is the biggest driver are India, Singapore and China.
Ben Gibson, Cisco’s director of mobility solutions, said: “The research really provides an opportunity for IT to reassess its relationship with increasingly mobile user bases and consider new ways to minimise spending. If you look at it from all angles — compliance, policies, business needs and human behaviour — technology is only half of the equation. Proactive communication, education and engagement of employees on safe, appropriate online behaviour, especially when they are mobile and remote, can help to ensure solid returns on strategic IT investments that bring the promise of a secure, mobile wireless business to life.”
Thursday, September 20, 2007
Cisco Stops Spam With Increased Performance From Intel
IronPort Systems, a business unit of Cisco, today announced the use of Multi-core Intel Xeon® processors to power IronPort's next generation of email and Web security appliances. IronPort appliances use AsyncOS, a proprietary operating system that is taking full advantage of the significant performance increases made possible by Intel Multi-core technology. This performance improvement helps enterprises, Internet service providers (ISPs) and smaller organizations stay ahead of the never-ending deluge of spam e-mail.
The new generation of email security appliances from IronPort harnesses the power of Multi-core Intel Xeon processors to stay in front of new spammer tactics. The IronPort X1050 uses dual Quad-Core Intel Xeon processor 5300 series. The IronPort AsyncOS operating system is able to take full advantage of all eight cores, yielding system throughput approximately 800 percent greater than a comparable single-core appliance. This increase in processing power allows the IronPort appliance not only to process more spam messages, but also to run more sophisticated rules and analysis to thwart the latest spam techniques.
Spam continues and as a result, spam filters cannot simply rely on faster hardware to keep pace. The work that Cisco and Intel have been doing with multi-core systems is a great example of the new technologies required to stay ahead of spam.
Available Now
IronPort X1050 and all multi-core systems are available now. Visit www.ironport.com for more details.
The new generation of email security appliances from IronPort harnesses the power of Multi-core Intel Xeon processors to stay in front of new spammer tactics. The IronPort X1050 uses dual Quad-Core Intel Xeon processor 5300 series. The IronPort AsyncOS operating system is able to take full advantage of all eight cores, yielding system throughput approximately 800 percent greater than a comparable single-core appliance. This increase in processing power allows the IronPort appliance not only to process more spam messages, but also to run more sophisticated rules and analysis to thwart the latest spam techniques.
Spam continues and as a result, spam filters cannot simply rely on faster hardware to keep pace. The work that Cisco and Intel have been doing with multi-core systems is a great example of the new technologies required to stay ahead of spam.
Available Now
IronPort X1050 and all multi-core systems are available now. Visit www.ironport.com for more details.
Cisco outlines next web revolution
"No army can withstand the strength of an idea whose time has come," said Howard Charney, Cisco's senior vice president, borrowing from Victor Hugo to summarise the power of the internet.
Speaking in Brisbane this week, Charney said the world — split into "information-rich" (developed) and "information-poor" (developing) countries — is on the precipice of a major wave of innovation, thanks to the internet, growing urban populations and falling hardware prices.
The combination of the availability of Nicholas Negroponte's so-called "$100 laptop" to two billion people in China and India, and over half the world's population living in cities by 2008, will have a profound effect on both worlds, said Charney.
Greater access to information will improve living standards by removing isolation, which will in turn stem the growing disparity between productivity growth rates of information "poor" and "rich" nations — a gap which has doubled in the last decade according to an OECD report, said Charney.
However, he said his vision is not entirely philanthropic. For developing nations to improve life, they will need networks — Cisco's networks, he hopes, whether it's dark fibre or wireless.
"You know, we're very big," said Charney. "When you're big, you have societal obligations… But are we going to be making profits off [building networks in developing countries]? Yes, there is a business proposition."
IBRS analyst Dr Kevin McIsaac, agreed that "enabling technology" like a laptop will help, but posed the question: "What else will they need?"
"In Bangladesh the [Grameen Bank] lent as little as $5 to women to buy a mobile phone. This was incredibly important to enable the technology for these women to get started. They would rent out the time on the phone, which was enough to live, pay the mortgage and was a vital piece of technology in the village."
Instead of walking two days into the village to sell their produce, the women were able to call local buyers and negotiate better prices, which offered a better outcome than would have been possible under stressed conditions, McIsaac added.
Across the information-rich divide
However, innovation won't simply happen for "information-rich" countries, continued Cisco's Charney.
"Our challenge today is in recognising the potential of new technology and putting it to use faster than before," he said.
"To sustain innovation, we need investment and sometimes that seems like crazed speculation," he said, using Holland's tulip and the US's great llama bust as prime examples.
"This does not mean people should take greater risks," Charney said. "Investment occurs in different ways and sometimes people get caught up in making money and build out business models that don't turn out to work, but that also created investments in dark fibre. Now, we use that for a business model that does."
"That permitted the Indian outsourcing industry to get started. How could companies in the US and Europe outsource to India — which is now worth hundreds of billions of dollars?" asked Charney.
However IBRS's McIsaac warned not to interpret retrospectively good investments for efficient outcomes. "Value has come out of the [dot-com boom], but there was an enormous waste of investment," he said.
"Business needs to take a portfolio view of investments in technology. Five percent should go into blue-sky investments, like wikis and Web 2.0 for knowledge-management projects, but 30 percent should go into keeping IT running and improvements on existing technology."
Speaking in Brisbane this week, Charney said the world — split into "information-rich" (developed) and "information-poor" (developing) countries — is on the precipice of a major wave of innovation, thanks to the internet, growing urban populations and falling hardware prices.
The combination of the availability of Nicholas Negroponte's so-called "$100 laptop" to two billion people in China and India, and over half the world's population living in cities by 2008, will have a profound effect on both worlds, said Charney.
Greater access to information will improve living standards by removing isolation, which will in turn stem the growing disparity between productivity growth rates of information "poor" and "rich" nations — a gap which has doubled in the last decade according to an OECD report, said Charney.
However, he said his vision is not entirely philanthropic. For developing nations to improve life, they will need networks — Cisco's networks, he hopes, whether it's dark fibre or wireless.
"You know, we're very big," said Charney. "When you're big, you have societal obligations… But are we going to be making profits off [building networks in developing countries]? Yes, there is a business proposition."
IBRS analyst Dr Kevin McIsaac, agreed that "enabling technology" like a laptop will help, but posed the question: "What else will they need?"
"In Bangladesh the [Grameen Bank] lent as little as $5 to women to buy a mobile phone. This was incredibly important to enable the technology for these women to get started. They would rent out the time on the phone, which was enough to live, pay the mortgage and was a vital piece of technology in the village."
Instead of walking two days into the village to sell their produce, the women were able to call local buyers and negotiate better prices, which offered a better outcome than would have been possible under stressed conditions, McIsaac added.
Across the information-rich divide
However, innovation won't simply happen for "information-rich" countries, continued Cisco's Charney.
"Our challenge today is in recognising the potential of new technology and putting it to use faster than before," he said.
"To sustain innovation, we need investment and sometimes that seems like crazed speculation," he said, using Holland's tulip and the US's great llama bust as prime examples.
"This does not mean people should take greater risks," Charney said. "Investment occurs in different ways and sometimes people get caught up in making money and build out business models that don't turn out to work, but that also created investments in dark fibre. Now, we use that for a business model that does."
"That permitted the Indian outsourcing industry to get started. How could companies in the US and Europe outsource to India — which is now worth hundreds of billions of dollars?" asked Charney.
However IBRS's McIsaac warned not to interpret retrospectively good investments for efficient outcomes. "Value has come out of the [dot-com boom], but there was an enormous waste of investment," he said.
"Business needs to take a portfolio view of investments in technology. Five percent should go into blue-sky investments, like wikis and Web 2.0 for knowledge-management projects, but 30 percent should go into keeping IT running and improvements on existing technology."
Cisco to buy Cognio for wireless network management
Cisco Systems Inc. today announced an agreement to buy Cognio Inc., a maker of software for wireless network spectrum analysis and management. Financial details were not disclosed.
Cognio, based in Germantown, Md., provides software designed to enhance performance, reliability and security of wireless networks by detecting and reducing sources of radio frequency interference.
In a statement, Cisco said the acquisition would give it access to technology and intellectual property that would complement its existing product lines and help differentiate its offerings from those of its competitors. The networking vendor also said that Cognio's developers would help expand its line of wireless networking products.
Wireless networking is one of six newer technologies that Cisco refers to as a "Cisco Advanced Technology," which is expected to grow in coming years.
The Cognio deal is expected to close in the first quarter of 2008. It would be Cisco's 122nd acquisition, but its first in fiscal 2008.
Cognio, based in Germantown, Md., provides software designed to enhance performance, reliability and security of wireless networks by detecting and reducing sources of radio frequency interference.
In a statement, Cisco said the acquisition would give it access to technology and intellectual property that would complement its existing product lines and help differentiate its offerings from those of its competitors. The networking vendor also said that Cognio's developers would help expand its line of wireless networking products.
Wireless networking is one of six newer technologies that Cisco refers to as a "Cisco Advanced Technology," which is expected to grow in coming years.
The Cognio deal is expected to close in the first quarter of 2008. It would be Cisco's 122nd acquisition, but its first in fiscal 2008.
Tuesday, September 18, 2007
Cisco to buy Cognio
Networking equipment maker Cisco Systems said Tuesday that it plans to buy privately held Cognio, a company that has developed technologies to better manage wireless spectrum.
Financial details of the deal weren't disclosed.
Cisco said Cognio's technology that detects, classifies, locates, and mitigates sources of radio frequency, compliments its existing portfolio of wireless technologies. And it will allow corporate network managers who have deployed Cisco's wireless technologies to better manage their wireless spectrum to minimize interference.
"Wireless spectrum is a strategic asset for our customers, and its management is key to the robust delivery of mobility applications," Brett Galloway, vice president and general manager of Cisco's wireless networking business unit said in a statement. "Cognio's innovation in spectrum intelligence will help ensure Cisco continues to differentiate our ability to deliver our customers rich and dependable end-user mobility experiences."
Cisco said it expects the deal to close in the first quarter of its 2008 fiscal year. Cognio is Cisco's 122nd acquisition, and it's the first one the company has announced this fiscal year, which started in July.
Financial details of the deal weren't disclosed.
Cisco said Cognio's technology that detects, classifies, locates, and mitigates sources of radio frequency, compliments its existing portfolio of wireless technologies. And it will allow corporate network managers who have deployed Cisco's wireless technologies to better manage their wireless spectrum to minimize interference.
"Wireless spectrum is a strategic asset for our customers, and its management is key to the robust delivery of mobility applications," Brett Galloway, vice president and general manager of Cisco's wireless networking business unit said in a statement. "Cognio's innovation in spectrum intelligence will help ensure Cisco continues to differentiate our ability to deliver our customers rich and dependable end-user mobility experiences."
Cisco said it expects the deal to close in the first quarter of its 2008 fiscal year. Cognio is Cisco's 122nd acquisition, and it's the first one the company has announced this fiscal year, which started in July.
Thursday, September 13, 2007
Cisco IOS Regular Expressions Denial of Service
A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling regular expressions containing repetition operators and pattern recalls. This can be exploited to cause a stack overflow by sending a command with specially crafted regular expressions to the command line interface.
Successful exploitation causes the device to crash and requires a reboot, but requires valid user credentials.
The vulnerability is reported in versions 12.0, 12.1, 12.2, 12.3, and 12.4.
Solution:
Restrict access to trusted people only.
The vulnerability is caused due to an error when handling regular expressions containing repetition operators and pattern recalls. This can be exploited to cause a stack overflow by sending a command with specially crafted regular expressions to the command line interface.
Successful exploitation causes the device to crash and requires a reboot, but requires valid user credentials.
The vulnerability is reported in versions 12.0, 12.1, 12.2, 12.3, and 12.4.
Solution:
Restrict access to trusted people only.
Wednesday, September 12, 2007
IronPort OS Gets Encryption Update
Cisco Systems' IronPort division is perhaps best known for its anti-spam e-mail appliances and technologies. But it wants to be known for more.
That might happen with the new encryption and data-loss prevention (DLP) features it's rolling out in its new AsyncOS operating system 5.5 release. The AsyncOS operating system powers IronPort's e-mail security appliances.
"This is data-loss prevention made easy," Nick Edwards, project manager for IronPort, told InternetNews.com. It takes advantage of investments customers have made in their anti-spam infrastructures and gives them really good tools for data-loss prevention.
Edwards added that AsyncOS started from a FreeBSD kernel on which IronPort developed its own proprietary MTA (mail transfer agent) and other features.
Among the key enhancements in AsyncOS 5.5 is full e-mail encryption. Edwards explained that all encryption takes place at the gateway of the sending organization and can be done by policy.
Once an outbound message has hit the server, an e-mail message is sent to the recipient that says they have a secure message waiting for them and if they go to a specific Web site login, they can retrieve it.
"It provides for a universal approach for deploying encryption without the need for some kind of end-to-end compatibility," Edwards said. "It takes complexity off the table and makes deployment easier."
According to Edwards, the fact that a recipient has to click on a link and go to a Web site to see their encrypted mail has not had any push back from customers.
The new AsyncOS release also helps users more easily tag and identify e-mail that should not be leaving the enterprise. Called "smart identifiers," they help to identify content, such as Social Security and credit-card numbers that should not be in outbound e-mail.
Edwards noted that IronPort had the ability to do custom filters prior to this release, but customers had to do a lot more manual lifting. Smart identifiers are intended to be as easy as point and click.
"The reason why it's called smart identifiers and not just identifiers is we've introduced logic to allow the platform to understand what it's looking at," Edwards explained.
Though the new AsyncOS adds features, existing users shouldn't necessarily expect that it will improve the performance of their e-mail security appliance. Edwards described the performance as "flat" for existing customers for the features they're already using.
"But if someone is going to deploy encryption, which is pretty CPU intensive, it depends on their rollout and how much mail they will encrypt," Edwards said. "We're not in the business of promising customers that they'll never experience a performance decline, but we are committed to giving them parity for their existing feature set release to release."
The release is the first made by IronPort since being acquired by Cisco (Quote) earlier this year for $830 million. Though it's still relatively early in the integration, Edwards noted that there are a lot of interesting opportunities for IronPort to interoperate with Cisco.
"Cisco has a ton of products all across the network infrastructure and many look interesting to us to deploy our security technology on."
That might happen with the new encryption and data-loss prevention (DLP) features it's rolling out in its new AsyncOS operating system 5.5 release. The AsyncOS operating system powers IronPort's e-mail security appliances.
"This is data-loss prevention made easy," Nick Edwards, project manager for IronPort, told InternetNews.com. It takes advantage of investments customers have made in their anti-spam infrastructures and gives them really good tools for data-loss prevention.
Edwards added that AsyncOS started from a FreeBSD kernel on which IronPort developed its own proprietary MTA (mail transfer agent) and other features.
Among the key enhancements in AsyncOS 5.5 is full e-mail encryption. Edwards explained that all encryption takes place at the gateway of the sending organization and can be done by policy.
Once an outbound message has hit the server, an e-mail message is sent to the recipient that says they have a secure message waiting for them and if they go to a specific Web site login, they can retrieve it.
"It provides for a universal approach for deploying encryption without the need for some kind of end-to-end compatibility," Edwards said. "It takes complexity off the table and makes deployment easier."
According to Edwards, the fact that a recipient has to click on a link and go to a Web site to see their encrypted mail has not had any push back from customers.
The new AsyncOS release also helps users more easily tag and identify e-mail that should not be leaving the enterprise. Called "smart identifiers," they help to identify content, such as Social Security and credit-card numbers that should not be in outbound e-mail.
Edwards noted that IronPort had the ability to do custom filters prior to this release, but customers had to do a lot more manual lifting. Smart identifiers are intended to be as easy as point and click.
"The reason why it's called smart identifiers and not just identifiers is we've introduced logic to allow the platform to understand what it's looking at," Edwards explained.
Though the new AsyncOS adds features, existing users shouldn't necessarily expect that it will improve the performance of their e-mail security appliance. Edwards described the performance as "flat" for existing customers for the features they're already using.
"But if someone is going to deploy encryption, which is pretty CPU intensive, it depends on their rollout and how much mail they will encrypt," Edwards said. "We're not in the business of promising customers that they'll never experience a performance decline, but we are committed to giving them parity for their existing feature set release to release."
The release is the first made by IronPort since being acquired by Cisco (Quote) earlier this year for $830 million. Though it's still relatively early in the integration, Edwards noted that there are a lot of interesting opportunities for IronPort to interoperate with Cisco.
"Cisco has a ton of products all across the network infrastructure and many look interesting to us to deploy our security technology on."
HP targets Cisco dominance with core switch
HP ProCurve has launched a core switch that it hopes will challenge Cisco's market dominance.
The 8212zl, launched on Monday, is a scalable chassis core switch platform with 692Gbps switch capacity and 10Gb Ethernet connectivity. It is also hot-swappable and has redundant management, fabric and power capabilities.
The platform is based on HP's ProVision ASICs, and it links in with ProCurve's security strategy, according to Paul Congdon, ProCurve's chief technology officer. The switch has behavioral-analysis capabilities and can tunnel suspicious traffic to threat-management devices. The switch also accepts plug-in modules, HP said.
The 8212zl is targeted at both medium and larger-sized businesses, according to Congdon. "For mid-market customers, traditionally core products are really expensive, making those customers shy away. Now they have that capability (and they) don't have to deal with the intricacies of dealing with Cisco," he said.
Congdon added that, for larger enterprises, a common configuration is to have a Cisco core with ProCurve at the edge of the network.
John McHugh, ProCurve's managing director, said, "ProCurve has got to a size where the only way to continue to add to the market is to run into our competitor (Cisco). The bulk of our competitive motion will be against that company."
McHugh said that the 8212zl comes with a lifetime warranty--and he said that a product would typically last 12 to 15 years. "This is the first high-availability core with redundant capabilities that has a lifetime warranty," he said.
He claimed that ProCurve has sold more than 100 of the products to beta customers. Customers who have so far expressed an interest in purchasing the switches include the University of Westminster and organizations in the construction and manufacturing, health-care and local government verticals. The product in its basic form costs £14,102 (or about $28,519).
ProCurve on Monday also launched the Wireless Edge Services zl Module, which is a wireless LAN controller. Controllers manage a wireless network in terms of maintaining security policies and governing RF propagation.
The module includes a secure guest portal with guest-account administration and integrated Radius and DHCP services. Security features include an integrated stateful packet-inspection firewall and wireless-intrusion detection.
The 8212zl, launched on Monday, is a scalable chassis core switch platform with 692Gbps switch capacity and 10Gb Ethernet connectivity. It is also hot-swappable and has redundant management, fabric and power capabilities.
The platform is based on HP's ProVision ASICs, and it links in with ProCurve's security strategy, according to Paul Congdon, ProCurve's chief technology officer. The switch has behavioral-analysis capabilities and can tunnel suspicious traffic to threat-management devices. The switch also accepts plug-in modules, HP said.
The 8212zl is targeted at both medium and larger-sized businesses, according to Congdon. "For mid-market customers, traditionally core products are really expensive, making those customers shy away. Now they have that capability (and they) don't have to deal with the intricacies of dealing with Cisco," he said.
Congdon added that, for larger enterprises, a common configuration is to have a Cisco core with ProCurve at the edge of the network.
John McHugh, ProCurve's managing director, said, "ProCurve has got to a size where the only way to continue to add to the market is to run into our competitor (Cisco). The bulk of our competitive motion will be against that company."
McHugh said that the 8212zl comes with a lifetime warranty--and he said that a product would typically last 12 to 15 years. "This is the first high-availability core with redundant capabilities that has a lifetime warranty," he said.
He claimed that ProCurve has sold more than 100 of the products to beta customers. Customers who have so far expressed an interest in purchasing the switches include the University of Westminster and organizations in the construction and manufacturing, health-care and local government verticals. The product in its basic form costs £14,102 (or about $28,519).
ProCurve on Monday also launched the Wireless Edge Services zl Module, which is a wireless LAN controller. Controllers manage a wireless network in terms of maintaining security policies and governing RF propagation.
The module includes a secure guest portal with guest-account administration and integrated Radius and DHCP services. Security features include an integrated stateful packet-inspection firewall and wireless-intrusion detection.
Thursday, September 6, 2007
Cisco Adaptive Security Appliance Password Logging Weakness
A weakness has been reported in Cisco Adaptive Security Appliance (ASA), which can be exploited by malicious people to disclose sensitive information.
The weakness is caused due to Cisco ASA not correctly sanitising log messages of the "test aaa-server" command before sending them to syslog. This can lead to the disclosure of sensitive information like usernames and passwords.
The error occurs when a user with privilege level 15 or above executes the "test aaa-server" command and logging level 5 (notifications) is activated.
Solution:
Update to 8.0.2.11 for the 8.0 train, 7.2.2.34 for the 7.2 train, 7.1.2.61 for the 7.1 train, and 7.0.7.1 for the 7.0 train.
The weakness is caused due to Cisco ASA not correctly sanitising log messages of the "test aaa-server" command before sending them to syslog. This can lead to the disclosure of sensitive information like usernames and passwords.
The error occurs when a user with privilege level 15 or above executes the "test aaa-server" command and logging level 5 (notifications) is activated.
Solution:
Update to 8.0.2.11 for the 8.0 train, 7.2.2.34 for the 7.2 train, 7.1.2.61 for the 7.1 train, and 7.0.7.1 for the 7.0 train.
Cisco Video Surveillance IP Gateway and Services Platform Authentication Bypass
Some vulnerabilities have been reported in Cisco Video IP Gateway and Services Platform, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
1) The telnet service of the Cisco Video Surveillance IP Gateway video encoders and decoders does not authenticate connecting users. This can be exploited to gain administrative shell access by connecting to the vulnerable service.
2) The Cisco Video Surveillance Services Platform and Integrated Services Platform devices contain a default password for the "sypixx" and "root" accounts. This can be exploited to gain administrative shell access by connecting to the vulnerable service, but requires knowledge of the default password.
The vulnerabilities are reported in:
* Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware version 1.8.1 and earlier
* Cisco Video Surveillance SP/ISP Decoder Software firmware version 1.11.0 and earlier
* Cisco Video Surveillance SP/ISP firmware version 1.23.7 and earlier
1) The telnet service of the Cisco Video Surveillance IP Gateway video encoders and decoders does not authenticate connecting users. This can be exploited to gain administrative shell access by connecting to the vulnerable service.
2) The Cisco Video Surveillance Services Platform and Integrated Services Platform devices contain a default password for the "sypixx" and "root" accounts. This can be exploited to gain administrative shell access by connecting to the vulnerable service, but requires knowledge of the default password.
The vulnerabilities are reported in:
* Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware version 1.8.1 and earlier
* Cisco Video Surveillance SP/ISP Decoder Software firmware version 1.11.0 and earlier
* Cisco Video Surveillance SP/ISP firmware version 1.23.7 and earlier
Cisco Catalyst Content Switching Modules Denial of Service Vulnerabilities
Two vulnerabilities have been reported in the Cisco Catalyst Content Switching Modules (CSM) and Cisco Catalyst Content Switching Module with SSL (CSM-S), which can be exploited by malicious people to cause a DoS (Denial of Service).
1) An unspecified error exists when processing certain TCP packets that were received out of order. This can be exploited to cause a high CPU load or a device reload due to a FPGA4 exception with icp.fatPath length error by sending specially crafted TCP packets to a vulnerable system.
2) An unspecified error exists within the "service termination" option, which can be exploited to cause a PGA4 exception 1 IDLE error under a high network load by sending specially crafted TCP packets to a vulnerable system.
Vulnerability #1 is reported in CSM 4.2 prior to 4.2.3a and CMS-S 2.1prior to 2.1.2a. Vulnerability #2 is reported in CSM 4.2 prior to 4.2.7 and CMS-S 2.1 prior to 2.1.6.
Solution:
Apply updated versions. See vendor advisory for details.
Provided and/or discovered by:
Reported by the vendor.
1) An unspecified error exists when processing certain TCP packets that were received out of order. This can be exploited to cause a high CPU load or a device reload due to a FPGA4 exception with icp.fatPath length error by sending specially crafted TCP packets to a vulnerable system.
2) An unspecified error exists within the "service termination" option, which can be exploited to cause a PGA4 exception 1 IDLE error under a high network load by sending specially crafted TCP packets to a vulnerable system.
Vulnerability #1 is reported in CSM 4.2 prior to 4.2.3a and CMS-S 2.1prior to 2.1.2a. Vulnerability #2 is reported in CSM 4.2 prior to 4.2.7 and CMS-S 2.1 prior to 2.1.6.
Solution:
Apply updated versions. See vendor advisory for details.
Provided and/or discovered by:
Reported by the vendor.
Wednesday, September 5, 2007
Cisco fortifies 802.11n market
Cisco has announced enterprise solutions based on the 802.11n standard. Cisco's backing of the specification could give firms more confidence about deploying the technology in the interim until the standard on which systems are based – 802.11n – is ratified by the Institute of Electrical and Electronics Engineers (IEEE).
Increased speed and performance are two key benefits of the technology Cisco Scotland chief technology officer Richard Moir said, "Organisations deploying 802.11n kit could see a five to ten-fold increase in data transfer speeds and a 2-fold increase in the range at which users could connect to their wireless networks." He added that any changes to the specification would be included in future software updates. "Any changes to the actual 802.11n standard will be addressed", he said.
Butler Group analyst Mark Blowers said that firms could benefit in many ways from the N specification. "Where firms need to have many people wirelessly connected, this technology would be a benefit. There have been reports of 802.11n capabilities eventually leading firms to think about removing wired connectivity at the edge of their networks – 802.11n makes this scenario a lot more feasible" he explained.
The Cisco offering uses its Catalyst 6500-based wireless LAN controller together with the Unified Wireless Network release 4.2 firmware, with 802.11n functions being delivered using new Cisco Aironet 1250 series access points (APs).
The new Aironet 1250 series AP will be available next month priced around £650 + VAT, with Power-over-Ethernet support using Cisco's Catalyst switches scheduled for launch later this year. Cisco's Unified Wireless Network release 4.2 firmware will be available this October.
Increased speed and performance are two key benefits of the technology Cisco Scotland chief technology officer Richard Moir said, "Organisations deploying 802.11n kit could see a five to ten-fold increase in data transfer speeds and a 2-fold increase in the range at which users could connect to their wireless networks." He added that any changes to the specification would be included in future software updates. "Any changes to the actual 802.11n standard will be addressed", he said.
Butler Group analyst Mark Blowers said that firms could benefit in many ways from the N specification. "Where firms need to have many people wirelessly connected, this technology would be a benefit. There have been reports of 802.11n capabilities eventually leading firms to think about removing wired connectivity at the edge of their networks – 802.11n makes this scenario a lot more feasible" he explained.
The Cisco offering uses its Catalyst 6500-based wireless LAN controller together with the Unified Wireless Network release 4.2 firmware, with 802.11n functions being delivered using new Cisco Aironet 1250 series access points (APs).
The new Aironet 1250 series AP will be available next month priced around £650 + VAT, with Power-over-Ethernet support using Cisco's Catalyst switches scheduled for launch later this year. Cisco's Unified Wireless Network release 4.2 firmware will be available this October.
Monday, September 3, 2007
Cisco Turns to Trend Micro for Router Security
Cisco Systems Thursday unveiled plans to add content security services to its routers via an extended partnership with Trend Micro.
The San Jose, Calif.-based networking vendor plans soon to integrate Trend Micro technology into the operating system of its Integrated Services Routers (ISRs), adding services such as content filtering to its family of branch office routers, said Tom Russell, senior director of Cisco's Security Technology Group.
The new offering, which will be available "in the near future," will make it easier for channel partners to build layered security solutions, as the ISR family already supports several integrated security options, Russell said. It will also help push content security out to remote locations, he added.
"You need to have content security at the central site, but you also have to distribute it to all of the points in the network," he said.
Cisco and Cupertino, Calif.-based Trend Micro have been working together since 2004. Trend Micro content security technology is already incorporated into Cisco's Adaptive Security Appliance family of unified threat management wares.
Trend Micro is also a partner in Cisco's Network Admission Control initiative and offers its own Damage Cleanup Services for the Cisco MARS (Mitigation, Analysis and Response System) platform.
The San Jose, Calif.-based networking vendor plans soon to integrate Trend Micro technology into the operating system of its Integrated Services Routers (ISRs), adding services such as content filtering to its family of branch office routers, said Tom Russell, senior director of Cisco's Security Technology Group.
The new offering, which will be available "in the near future," will make it easier for channel partners to build layered security solutions, as the ISR family already supports several integrated security options, Russell said. It will also help push content security out to remote locations, he added.
"You need to have content security at the central site, but you also have to distribute it to all of the points in the network," he said.
Cisco and Cupertino, Calif.-based Trend Micro have been working together since 2004. Trend Micro content security technology is already incorporated into Cisco's Adaptive Security Appliance family of unified threat management wares.
Trend Micro is also a partner in Cisco's Network Admission Control initiative and offers its own Damage Cleanup Services for the Cisco MARS (Mitigation, Analysis and Response System) platform.
Cisco playing network defence
Cisco's six-year-old Self-Defending Network strategy for securing converged networks remains a work in progress: Acquisitions and internal developments are moving it forward even as customers push Cisco to go above and beyond its initial plans.
Cisco spends US$400 million annually - roughly 10 percent of its total R&D budget - on security. The company's aim with SDN is to integrate security into all aspects of a converged data, voice and video network with a focus on secure connectivity, threat defence, and trust and identity management.
In June, Cisco provided its most recent update on SDN after its acquisition of IronPort Systems, a privately held developer of email and web security products. Cisco said IronPort ushered in Version 3.0 of SDN (Version 1.0 involved Cisco's recognition that security is more than point products, like firewalls, VPN concentrators and intrusion-detection systems; Version 2.0 comprised building those capabilities into Cisco products.)
Cisco plans to port IronPort's SenderBase reputation services onto Cisco Adaptive Security Appliance firewalls by the first half of 2008. Cisco also plans to port SenderBase to other key security or routing platforms, such as the Integrated Services Routers and Mitigation Analysis and Response System. Integration with Cisco and third party network admission control (NAC) products also is expected.
"If they can now get email security, Web security - basically all the secure messaging technologies - into that mix they've got a bigger story," says Charlotte Dunlap, senior analyst of enterprise security at Current Analysis.
Dunlap is keeping an eye on how Cisco might take advantage of an existing relationship between IronPort and Vontu, a developer of software that analyzes content and authorizes user access at endpoints to protect against data leakage.
"I'd really like to hear their data-leakage story," says Dunlap, who compares Cisco's purchase of IronPort to Secure Computing's acquisition of CipherTrust last year. "[IronPort does not offer] the level of depth that the data-leakage prevention providers do."
Cisco intends to maintain IronPort's ties to Vontu and exploit the relationship for inclusion in the SDN architecture, according to Jeff Platon, vice president of security marketing at Cisco.
"I think of that as a part of the solution but I do see a variety of other parts of the portfolio that are also being enhanced to be able to participate in a more comprehensive data-leakage solution," Platon says. "It's a tough problem -- you can't just rely on one methodology."
An announcement last week by Cisco and Intel might help. Intel enhanced its vPro processor technology with a Cisco-certified "embedded trust agent" that offers Cisco customers the ability to manage systems without lowering the security on IEEE 802.1x networks and Cisco SDN products.
Nielsen says PG&E hasn't been briefed yet on Cisco's road map for that. But where SDN currently fits is in spots where PG&E is installing new Cisco infrastructure.
"Where we've had problems is where we have legacy systems," Nielsen says. "If a company buys into the Cisco solution and they buy all of the pieces, it works great; but you've got to have all of the pieces there. You can't do clean access NAC on a Catalyst 1900 switch that was built six or 10 years ago; it just doesn't work."
Nielsen notes that this issue is industrywide, not Cisco-specific.
Cisco spends US$400 million annually - roughly 10 percent of its total R&D budget - on security. The company's aim with SDN is to integrate security into all aspects of a converged data, voice and video network with a focus on secure connectivity, threat defence, and trust and identity management.
In June, Cisco provided its most recent update on SDN after its acquisition of IronPort Systems, a privately held developer of email and web security products. Cisco said IronPort ushered in Version 3.0 of SDN (Version 1.0 involved Cisco's recognition that security is more than point products, like firewalls, VPN concentrators and intrusion-detection systems; Version 2.0 comprised building those capabilities into Cisco products.)
Cisco plans to port IronPort's SenderBase reputation services onto Cisco Adaptive Security Appliance firewalls by the first half of 2008. Cisco also plans to port SenderBase to other key security or routing platforms, such as the Integrated Services Routers and Mitigation Analysis and Response System. Integration with Cisco and third party network admission control (NAC) products also is expected.
"If they can now get email security, Web security - basically all the secure messaging technologies - into that mix they've got a bigger story," says Charlotte Dunlap, senior analyst of enterprise security at Current Analysis.
Dunlap is keeping an eye on how Cisco might take advantage of an existing relationship between IronPort and Vontu, a developer of software that analyzes content and authorizes user access at endpoints to protect against data leakage.
"I'd really like to hear their data-leakage story," says Dunlap, who compares Cisco's purchase of IronPort to Secure Computing's acquisition of CipherTrust last year. "[IronPort does not offer] the level of depth that the data-leakage prevention providers do."
Cisco intends to maintain IronPort's ties to Vontu and exploit the relationship for inclusion in the SDN architecture, according to Jeff Platon, vice president of security marketing at Cisco.
"I think of that as a part of the solution but I do see a variety of other parts of the portfolio that are also being enhanced to be able to participate in a more comprehensive data-leakage solution," Platon says. "It's a tough problem -- you can't just rely on one methodology."
An announcement last week by Cisco and Intel might help. Intel enhanced its vPro processor technology with a Cisco-certified "embedded trust agent" that offers Cisco customers the ability to manage systems without lowering the security on IEEE 802.1x networks and Cisco SDN products.
Nielsen says PG&E hasn't been briefed yet on Cisco's road map for that. But where SDN currently fits is in spots where PG&E is installing new Cisco infrastructure.
"Where we've had problems is where we have legacy systems," Nielsen says. "If a company buys into the Cisco solution and they buy all of the pieces, it works great; but you've got to have all of the pieces there. You can't do clean access NAC on a Catalyst 1900 switch that was built six or 10 years ago; it just doesn't work."
Nielsen notes that this issue is industrywide, not Cisco-specific.
Mobile workers don't care about security
Many remote workers are uninterested in security, according to a new study by Cisco. It found that as companies increase workers' usage of laptops and smartphones, the security risks increase as a result of unsafe and sometimes reckless end-user behaviour.
The survey, carried out in conjunction with the US National Cyber Security Alliance (NCSA), questioned 700 mobile employees based in the US, the UK, Germany, China, India, South Korea, and Singapore.
Researchers found that almost three of every four (73%) mobile users claimed that they are not always aware of security threats and best practices when working remotely.
Although many said they are aware "sometimes", more than a quarter (28%) admitted that they "hardly ever" consider security risks and proper behaviour.
When asked why they were lax in their security behaviour, many mobile users offered reasons such as, "I am in a hurry", "I am busy and need to get work done," and "it is IT's job, not mine".
Almost half (44%) of all mobile users surveyed said they open emails and attachments from unknown or suspicious sources.
In the UK, China and India, more than half of users admitted to this behaviour. More than three quarters (76%) said it is more difficult to identify suspicious emails and files on PDAs and smartphones than on laptops, because the screens are much smaller.
With recent research from Korn/Ferry International revealing that, globally, 81% of executives are constantly connected via mobile devices, Cisco says the survey's findings are a cause for concern.
One of the issues contributing to a lack of security when the workforce becomes mobile is the end-user perception that corporate mobile devices are also personal devices and that there is little risk involved in some practices.
Fred Kost, Cisco security adviser, said: "Mobile devices have real access to real data. The perception is that it's a personal device – 'I'm on my device.' "
Mobile workers polled said they often use unauthorised wireless connections. Either hijacking a neighbour's wireless network connection or an unauthorised connection in a public place, one third of mobile users said they use unauthorised wireless. Such activity is illegal in the UK.
China had the most extreme cases, with 54% saying they've used an unauthorised wireless network.
Ron Teixeira, executive director of NCSA, said: “While this study shows mobility provides businesses with new risks, so do other internet services and new technologies. Mobility and the internet can be used securely and safely if businesses institute a culture of security within their workforce by providing their employees with continuous cyber security awareness and education programs.”
The survey, carried out in conjunction with the US National Cyber Security Alliance (NCSA), questioned 700 mobile employees based in the US, the UK, Germany, China, India, South Korea, and Singapore.
Researchers found that almost three of every four (73%) mobile users claimed that they are not always aware of security threats and best practices when working remotely.
Although many said they are aware "sometimes", more than a quarter (28%) admitted that they "hardly ever" consider security risks and proper behaviour.
When asked why they were lax in their security behaviour, many mobile users offered reasons such as, "I am in a hurry", "I am busy and need to get work done," and "it is IT's job, not mine".
Almost half (44%) of all mobile users surveyed said they open emails and attachments from unknown or suspicious sources.
In the UK, China and India, more than half of users admitted to this behaviour. More than three quarters (76%) said it is more difficult to identify suspicious emails and files on PDAs and smartphones than on laptops, because the screens are much smaller.
With recent research from Korn/Ferry International revealing that, globally, 81% of executives are constantly connected via mobile devices, Cisco says the survey's findings are a cause for concern.
One of the issues contributing to a lack of security when the workforce becomes mobile is the end-user perception that corporate mobile devices are also personal devices and that there is little risk involved in some practices.
Fred Kost, Cisco security adviser, said: "Mobile devices have real access to real data. The perception is that it's a personal device – 'I'm on my device.' "
Mobile workers polled said they often use unauthorised wireless connections. Either hijacking a neighbour's wireless network connection or an unauthorised connection in a public place, one third of mobile users said they use unauthorised wireless. Such activity is illegal in the UK.
China had the most extreme cases, with 54% saying they've used an unauthorised wireless network.
Ron Teixeira, executive director of NCSA, said: “While this study shows mobility provides businesses with new risks, so do other internet services and new technologies. Mobility and the internet can be used securely and safely if businesses institute a culture of security within their workforce by providing their employees with continuous cyber security awareness and education programs.”
Monday, August 27, 2007
Intel adds desktop NAC to latest chips
Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers.
One of a handful of new security features built into the vPro Core 2 Duo chips introduced by Intel on Monday, the added support for the 802.1x standard for NAC and interoperability with Cisco's Network Admission Control guideline -- delivered via the processors' Intel Embedded Trust Agent -- could help accelerate adoption of the device authentication systems while solidifying support for the two formats, experts said.
NAC systems are used to scan device and user authentication information whenever a machine attempts to log onto to a network protected by the tools. In addition to protecting against potential break-ins from uninvited outsiders, the tools are also considered a useful alternative for enterprises to employ in segregating access to IT systems shared with partners or contractors.
Using the Embedded Trust Agent, Intel said that it can now provide NAC systems -- including any built on the 802.1x or Cisco NAC platforms -- to garner device identity information directly from processor, bypassing the need for the authentication technologies to interact with PC operating system software.
One of the potential methods to circumvent NAC systems outlined by security researchers thus far has been to use some method to spoof or misrepresent device information to dupe the network defense tools. By presenting machine identity data on the processor, such attacks could be largely eliminated, Intel officials said.
While Intel did not promote direct linkage between Embedded Trust Agent and Microsoft's flavor of NAC -- known as Network Access Protection and already integrated into the software giant's Vista OS -- Cisco and Microsoft have previously announced an agreement to make all of their respective network authentication systems compatible.
Similar support for NAC on mobile platforms will arrive with Intel's next batch of Centrino chips, slated for shipment sometime in 2008, said company officials.
Cisco officials participating in Intel's vPro launch said that the CPU-level NAC integration could prove to be a significant accelerant to adoption of the technology, which most industry experts have charted as relatively slow thus far, despite the networking giant's claim that many of its customers are tuning on the next-generation authentication systems.
"The strength of NAC is certainly based on the reliability of the information that you can present to the network, and having direct access to information on the hardware provides a whole new opportunity that hasn't been present only with OS interaction," said Brendan O'Connell, senior product manager for Cisco's Security Technology Group.
"In the past, even with existing NAC systems, what's happened is that when a PC starts up on the network, the security decision is held off while other things are being run in the background, but we're hoping to see that change and get in the door earlier," he said. "There are some big advantages for getting this type of information to present device security posture assessment sooner in the process, both for desktops and down the road for other types of devices."
One of a handful of new security features built into the vPro Core 2 Duo chips introduced by Intel on Monday, the added support for the 802.1x standard for NAC and interoperability with Cisco's Network Admission Control guideline -- delivered via the processors' Intel Embedded Trust Agent -- could help accelerate adoption of the device authentication systems while solidifying support for the two formats, experts said.
NAC systems are used to scan device and user authentication information whenever a machine attempts to log onto to a network protected by the tools. In addition to protecting against potential break-ins from uninvited outsiders, the tools are also considered a useful alternative for enterprises to employ in segregating access to IT systems shared with partners or contractors.
Using the Embedded Trust Agent, Intel said that it can now provide NAC systems -- including any built on the 802.1x or Cisco NAC platforms -- to garner device identity information directly from processor, bypassing the need for the authentication technologies to interact with PC operating system software.
One of the potential methods to circumvent NAC systems outlined by security researchers thus far has been to use some method to spoof or misrepresent device information to dupe the network defense tools. By presenting machine identity data on the processor, such attacks could be largely eliminated, Intel officials said.
While Intel did not promote direct linkage between Embedded Trust Agent and Microsoft's flavor of NAC -- known as Network Access Protection and already integrated into the software giant's Vista OS -- Cisco and Microsoft have previously announced an agreement to make all of their respective network authentication systems compatible.
Similar support for NAC on mobile platforms will arrive with Intel's next batch of Centrino chips, slated for shipment sometime in 2008, said company officials.
Cisco officials participating in Intel's vPro launch said that the CPU-level NAC integration could prove to be a significant accelerant to adoption of the technology, which most industry experts have charted as relatively slow thus far, despite the networking giant's claim that many of its customers are tuning on the next-generation authentication systems.
"The strength of NAC is certainly based on the reliability of the information that you can present to the network, and having direct access to information on the hardware provides a whole new opportunity that hasn't been present only with OS interaction," said Brendan O'Connell, senior product manager for Cisco's Security Technology Group.
"In the past, even with existing NAC systems, what's happened is that when a PC starts up on the network, the security decision is held off while other things are being run in the background, but we're hoping to see that change and get in the door earlier," he said. "There are some big advantages for getting this type of information to present device security posture assessment sooner in the process, both for desktops and down the road for other types of devices."
Wednesday, August 22, 2007
Crash bug blights Cisco IP phones
Cisco has advised users to update the firmware on some of its IP phones following the discovery of two security flaws.
A brace of Session Initiation Protocol (SIP) vulnerabilities in Cisco 7940/7960 IP Phones create the potential for hackers to crash - but not to run exploit code - on vulnerable handsets.
SIP is a signalling protocol for VoIP. The protocol can be used to create two-party, multiparty, or multicast sessions.
Cisco IP Phone 7940/7960 SIP firmware versions prior to 8.7(0) are vulnerable to the denial of service attacks, Cisco warns. Users are advised to update their firmware to version 8.7(0), as explained in its advisory here.
More detail on the vulnerabilities can be found in posts (here and here) to full disclosure mailing lists by the independent security researchers (Radu State, Humberto J Abdelnur, and Olivier Festor) who discovered the bugs.
A brace of Session Initiation Protocol (SIP) vulnerabilities in Cisco 7940/7960 IP Phones create the potential for hackers to crash - but not to run exploit code - on vulnerable handsets.
SIP is a signalling protocol for VoIP. The protocol can be used to create two-party, multiparty, or multicast sessions.
Cisco IP Phone 7940/7960 SIP firmware versions prior to 8.7(0) are vulnerable to the denial of service attacks, Cisco warns. Users are advised to update their firmware to version 8.7(0), as explained in its advisory here.
More detail on the vulnerabilities can be found in posts (here and here) to full disclosure mailing lists by the independent security researchers (Radu State, Humberto J Abdelnur, and Olivier Festor) who discovered the bugs.
Monday, August 20, 2007
Cisco IOS Next Hop Resolution Protocol DoS
NHRP is "basically a query-and-reply protocol and all parties through which reply information passes build a 'network knowledge table' that can be used for all subsequent traffic".
A vulnerability in Cisco IOS allows remote denial of service, the following exploit code can be used to test it.
Exploit
Original Advisory
A vulnerability in Cisco IOS allows remote denial of service, the following exploit code can be used to test it.
Exploit
Original Advisory
Monday, August 13, 2007
Cisco site blacked out
A Web site blackout yesterday prevented Cisco Systems Inc. customers from retrieving 21 critical patches for about three hours yesterday, shortly after the fixes were posted by the network hardware maker.
Updates for nearly two dozen vulnerabilities in IOS, formerly known as Internetwork Operating System and the controlling software for most Cisco routers and switches, were released around 11 a.m. EDT Wednesday. Cisco.com, however, went dark around 2 p.m. EDT and didn't come back online until about 5 p.m. Today, Cisco blamed "human error" for the site swooning, and added that the severity of the resulting electrical overload prevented the expected redundancies from kicking in.
The 21 patches, deployed in four updates, were posted three hours before the blackout, and would repair IOS against a swath of vulnerabilities, some of which could result in attackers injecting their own code into vulnerable Cisco hardware. Three of the four IOS updates, according to Cisco's advisories, plug holes that attackers can, or might be able to, exploit with remote code.
Internet Storm Center analyst Tom Liston ranked two of the four -- "Secure Copy Authorization Bypass Vulnerability" and "Voice Vulnerabilities in Cisco IOS" -- as especially dangerous, and urged administrators to patch them as soon as possible.
Of the bypass update, Liston said: "[The attacker] needs a log-in, but after that, it's pretty much game-over." The 16 bugs quashed by the voice vulnerabilities update are even scarier, he said. "The others can potentially wait for testing, this [set] can't. Patch now."
Danish vulnerability tracker Secunia, however, rated the bypass bug as "less critical," the second step in its five-mark scoring system, and tagged the voice flaws as "moderately critical," its middle rank.
Updates for nearly two dozen vulnerabilities in IOS, formerly known as Internetwork Operating System and the controlling software for most Cisco routers and switches, were released around 11 a.m. EDT Wednesday. Cisco.com, however, went dark around 2 p.m. EDT and didn't come back online until about 5 p.m. Today, Cisco blamed "human error" for the site swooning, and added that the severity of the resulting electrical overload prevented the expected redundancies from kicking in.
The 21 patches, deployed in four updates, were posted three hours before the blackout, and would repair IOS against a swath of vulnerabilities, some of which could result in attackers injecting their own code into vulnerable Cisco hardware. Three of the four IOS updates, according to Cisco's advisories, plug holes that attackers can, or might be able to, exploit with remote code.
Internet Storm Center analyst Tom Liston ranked two of the four -- "Secure Copy Authorization Bypass Vulnerability" and "Voice Vulnerabilities in Cisco IOS" -- as especially dangerous, and urged administrators to patch them as soon as possible.
Of the bypass update, Liston said: "[The attacker] needs a log-in, but after that, it's pretty much game-over." The 16 bugs quashed by the voice vulnerabilities update are even scarier, he said. "The others can potentially wait for testing, this [set] can't. Patch now."
Danish vulnerability tracker Secunia, however, rated the bypass bug as "less critical," the second step in its five-mark scoring system, and tagged the voice flaws as "moderately critical," its middle rank.
Thursday, August 9, 2007
Cisco patches serious holes in voice-enabled offerings
Cisco issued four updates that patch a raft of security holes in products running its Internetwork Operating System (IOS). Impacts included sustained denial of service attacks, data leakage and remote execution of code.
The most serious vulnerabilities reside in voice-enabled devices and Cisco Unified Communications Manager, which can allow an attacker to remotely execute malicious code. There are no workarounds for the flaws, which pertain to services such as Session Initiation Protocol, Media Gateway Control Protocol, Signaling protocols H.323, H.254, Real-time Transport Protocol and Facsimile reception.
"This one is bad, as in real bad," Johannes Ullrich, CTO for SANS Internet Storm Center, told The Reg. "I would probably expedite the testing process for that. "The other vulnerabilities, you want to be really careful about testing them and they don't seem to be overly critical."
Vulnerable IOS versions include various flavors of 12.3(4), 12.3(7), 12.3(8), 12.4 Mainline and 12.4T onward. Routers that are configured as SIP Public Switched Telephone Network Gateways and SIP Session Border Controllers are also vulnerable, as is the CAT6000-CMM card.
Other updates addressed a data leakage flaw when using IPv6 routing headers and a weakness in the IOS Next Hop Resolution Protocol that can result in a restart of the device or possible remote code execution.
A fourth patch plugs a hole in some 12.2-based IOS releases when configured to offer Secure Copy server functionality. Those vulnerabilities allow valid users, regardless of privilege level, to transfer files to and from an IOS device. To exploit it, an attacker would have to have access to port 22, which typically is open only on management interfaces.
Nonetheless, Immunity, a company that provides penetration testing tools, plans to add modules to its products that test for the vulnerability, said Kostya Kortchinsky, a senior researcher at the company.
"Anybody can exploit this without any skill in Cisco exploitation," he explained. "It doesn't need any overflow of any kind."
The patches were released the same day Cisco's website was inaccessible for about three hours. A spokeswoman later said the outage was the result of an accident during maintenance that cut off power to a San Jose data center.
Cisco IOS Next Hop Resolution Protocol Buffer Overflow
Cisco IOS IPv6 Routing Header Information Disclosure and Denial of Service
Cisco IOS Secure Copy Security Bypass Vulnerability
Cisco Unified Communications Manager SIP Packet Processing Vulnerability
Cisco Unified MeetingPlace "STPL" and "FTPL" Cross-Site
Scripting
Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities
The most serious vulnerabilities reside in voice-enabled devices and Cisco Unified Communications Manager, which can allow an attacker to remotely execute malicious code. There are no workarounds for the flaws, which pertain to services such as Session Initiation Protocol, Media Gateway Control Protocol, Signaling protocols H.323, H.254, Real-time Transport Protocol and Facsimile reception.
"This one is bad, as in real bad," Johannes Ullrich, CTO for SANS Internet Storm Center, told The Reg. "I would probably expedite the testing process for that. "The other vulnerabilities, you want to be really careful about testing them and they don't seem to be overly critical."
Vulnerable IOS versions include various flavors of 12.3(4), 12.3(7), 12.3(8), 12.4 Mainline and 12.4T onward. Routers that are configured as SIP Public Switched Telephone Network Gateways and SIP Session Border Controllers are also vulnerable, as is the CAT6000-CMM card.
Other updates addressed a data leakage flaw when using IPv6 routing headers and a weakness in the IOS Next Hop Resolution Protocol that can result in a restart of the device or possible remote code execution.
A fourth patch plugs a hole in some 12.2-based IOS releases when configured to offer Secure Copy server functionality. Those vulnerabilities allow valid users, regardless of privilege level, to transfer files to and from an IOS device. To exploit it, an attacker would have to have access to port 22, which typically is open only on management interfaces.
Nonetheless, Immunity, a company that provides penetration testing tools, plans to add modules to its products that test for the vulnerability, said Kostya Kortchinsky, a senior researcher at the company.
"Anybody can exploit this without any skill in Cisco exploitation," he explained. "It doesn't need any overflow of any kind."
The patches were released the same day Cisco's website was inaccessible for about three hours. A spokeswoman later said the outage was the result of an accident during maintenance that cut off power to a San Jose data center.
Cisco IOS Next Hop Resolution Protocol Buffer Overflow
Cisco IOS IPv6 Routing Header Information Disclosure and Denial of Service
Cisco IOS Secure Copy Security Bypass Vulnerability
Cisco Unified Communications Manager SIP Packet Processing Vulnerability
Cisco Unified MeetingPlace "STPL" and "FTPL" Cross-Site
Scripting
Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities
Tuesday, August 7, 2007
Cisco wants to be like Apple
In an interview with The Wall Street Journal, Cisco CEO John Chambers says that he wants to build his router company into a force in the consumer electronics field. That is probably not a good idea.
Chambers reasons that his router business will continue to grow at low double digits for several years. Mostly driven by supplying telecom and cable companies with infrastructure, Cisco made $2.2 billion in its last reported quarter on revenue of $8.9 billion.
But, the company does own the Linksys WiFi product and the Scientific Atlanta set-top business. It hopes to re-brand these with the Cisco name. This would put the company up against the largest set-top provider, Motorola's General Instruments division. It would also put Cisco into the home networking business that has chewed up and spit out companies from Microsoft and Intel. Dozens of companies are trying to make money as the hub of home entertainment and connectivity.
It would be a long and very hard war for Cisco. It should stick to its knitting.
Chambers reasons that his router business will continue to grow at low double digits for several years. Mostly driven by supplying telecom and cable companies with infrastructure, Cisco made $2.2 billion in its last reported quarter on revenue of $8.9 billion.
But, the company does own the Linksys WiFi product and the Scientific Atlanta set-top business. It hopes to re-brand these with the Cisco name. This would put the company up against the largest set-top provider, Motorola's General Instruments division. It would also put Cisco into the home networking business that has chewed up and spit out companies from Microsoft and Intel. Dozens of companies are trying to make money as the hub of home entertainment and connectivity.
It would be a long and very hard war for Cisco. It should stick to its knitting.
Monday, August 6, 2007
Cisco Introduces Innovative New Data Center Virtualization Orchestration Solution
Cisco has announced VFrame Data Center (VFrame DC), an orchestration platform that leverages network intelligence to provision resources together as virtualized services. This industry-first approach greatly reduces application deployment times, improves overall resource utilization, and offers greater business agility. Further, VFrame DC includes an open API, and easily integrates with third party management applications, as well as best-of-breed server and storage virtualization offerings.
With VFrame DC, customers can now link their compute, networking and storage infrastructures together as a set of virtualized services. This services approach provides a simple yet powerful way to quickly view all the services configured at the application level to improve troubleshooting and change management. VFrame DC offers a policy engine for automating resource changes in response to infrastructure outages and performance changes. Additionally, these changes can be controlled by external monitoring systems via integration with the VFrame DC web services application programming interface (API).
"Taking advantage of the ubiquity of the network to orchestrate data center services could help data centers evolve beyond their current siloed functions," said Lucinda Borovick, Director of Data Center Networks, IDC. "This approach has the potential to deliver more efficient application provisioning, reduce costs, and increase IT productivity."
VFrame DC is a highly efficient orchestration platform for service provisioning which requires only a single controller and one back-up controller. The real time provisioning engine has a comprehensive view of compute, storage and network resources. This view enables VFrame DC to provision resources as virtualized services using graphical design templates. These design templates comprise one of four VFrame DC modular components: design, discovery, deploy, and operations. These components are integrated together with a robust security interface that allows controlled access by multiple organizations.
With VFrame DC, customers can now link their compute, networking and storage infrastructures together as a set of virtualized services. This services approach provides a simple yet powerful way to quickly view all the services configured at the application level to improve troubleshooting and change management. VFrame DC offers a policy engine for automating resource changes in response to infrastructure outages and performance changes. Additionally, these changes can be controlled by external monitoring systems via integration with the VFrame DC web services application programming interface (API).
"Taking advantage of the ubiquity of the network to orchestrate data center services could help data centers evolve beyond their current siloed functions," said Lucinda Borovick, Director of Data Center Networks, IDC. "This approach has the potential to deliver more efficient application provisioning, reduce costs, and increase IT productivity."
VFrame DC is a highly efficient orchestration platform for service provisioning which requires only a single controller and one back-up controller. The real time provisioning engine has a comprehensive view of compute, storage and network resources. This view enables VFrame DC to provision resources as virtualized services using graphical design templates. These design templates comprise one of four VFrame DC modular components: design, discovery, deploy, and operations. These components are integrated together with a robust security interface that allows controlled access by multiple organizations.
Monday, July 30, 2007
Cisco to acquire equity stake in VMware
Cisco Systems Inc. plans to acquire a 1.6% equity stake in virtualization software player VMware Inc., mirroring a step Intel Corp. took earlier this month.
The investment is part of an upcoming initial public offering (IPO) of 10% of VMware's stock.
Cisco said Friday that it plans to buy US$150 million of VMware Class A common shares, which are owned at present by EMC Corp., VMware's parent company. The move is subject to regulatory and other closing conditions. Once the investment has been made, Cisco will own around 1.6% of VMware's total outstanding common stock. According to an updated VMware S-1 filing with the U.S. Securities and Exchange Commission, Cisco will buy 6.0 million shares, valuing each VMware share at $25.00.
VMware is considering whether it will appoint a Cisco executive to its board of directors.
Cisco hopes taking a stake in VMware will help bring two companies closer together and result in more users adopting VMware virtualization software and Cisco networking products. Cisco and VMware also announced they have agreed to collaborate on joint development and marketing.
The investment is part of an upcoming initial public offering (IPO) of 10% of VMware's stock.
Cisco said Friday that it plans to buy US$150 million of VMware Class A common shares, which are owned at present by EMC Corp., VMware's parent company. The move is subject to regulatory and other closing conditions. Once the investment has been made, Cisco will own around 1.6% of VMware's total outstanding common stock. According to an updated VMware S-1 filing with the U.S. Securities and Exchange Commission, Cisco will buy 6.0 million shares, valuing each VMware share at $25.00.
VMware is considering whether it will appoint a Cisco executive to its board of directors.
Cisco hopes taking a stake in VMware will help bring two companies closer together and result in more users adopting VMware virtualization software and Cisco networking products. Cisco and VMware also announced they have agreed to collaborate on joint development and marketing.
Friday, July 27, 2007
Cisco kills Linksys brand
In a roundtable with the European press, John Chambers confirmed the "end of life" of the Linksys name, being replaced by the new and redesigned Cisco branding.
This decision follows Cisco's move last April to make it easier for Linksys resellers to add Cisco products to their offerings and vice versa. Also, just a few weeks ago, Cisco created a new division solely focused on the SMB market and headed by Rick Moran, formerly marketing chief of several Cisco communications applications like the unified communications portfolio, Cisco IPICS, Cisco Small Business Systems (Linksys One), TelePresence, Business Video and Physical security.
Wednesday, July 25, 2007
Cisco warns of bugs in wireless LAN controllers
The vulnerabilities affect Cisco Wireless LAN Controllers, but the company is offering a workaround..
Cisco Systems released a security advisory on Tuesday afternoon to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial-of-service on the affected network.
The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group.
A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm. The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.
The protocol provides a mapping between a device's IP address and its hardware address on the local network. And the Cisco Wireless LAN Controllers provide real-time communication between lightweight access points and other wireless LAN controllers for centralised system-wide WLAN configuration and management functions, according to Cisco.
As a workaround, Cisco is recommending that operators require all clients to obtain their IP addresses from a DHCP server.
Cisco Systems released a security advisory on Tuesday afternoon to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial-of-service on the affected network.
The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group.
A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm. The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.
The protocol provides a mapping between a device's IP address and its hardware address on the local network. And the Cisco Wireless LAN Controllers provide real-time communication between lightweight access points and other wireless LAN controllers for centralised system-wide WLAN configuration and management functions, according to Cisco.
As a workaround, Cisco is recommending that operators require all clients to obtain their IP addresses from a DHCP server.
Monday, July 23, 2007
Cisco Says Network Gear Caused Duke iPhone Flooding
Cisco confirmed that the networking problem Duke University experienced involving Cisco's wireless network and Apple's iPhone was caused by a Cisco network issue. Cisco says it has worked closely with Duke and Apple to identify the source of the problem.
A two-sentence e-mail from a Cisco PR spokeswoman to Network World confirmed the problem was caused by a "Cisco-based network issue."
"Cisco has provided a fix that has been applied to Duke's network and the problem has not occurred since," according to the e-mail.
No other details were provided, and no reply has been received yet to an e-mail and two phone requests to Cisco for more details. No additional details have been provided by Duke University or by Apple.
The wireless problem crystallized exactly a week ago, on Friday, July 13 as it happens, when Duke's IT staff identified the source of intermittent floods of Address Resolution Protocol (ARP) requests as at least two Apple iPhones connecting via the phone's built in wireless LAN adapter to Duke's campus-wide net. The ARP floods, up to 30,000 requests per second, knocked offline sometimes as many as 30 access points, for between 10 and 15 minutes.
That conclusion was based on an early analysis of traffic trace data by Duke IT staff. Frank Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology, was firmly convinced that the iPhone was the instigator. "I don't believe it's a Cisco problem in any way, shape, or form," he said at the time.
The Cisco spokeswoman's e-mail said Cisco "worked closely with Duke and Apple to identify the source of this problem."
A two-sentence e-mail from a Cisco PR spokeswoman to Network World confirmed the problem was caused by a "Cisco-based network issue."
"Cisco has provided a fix that has been applied to Duke's network and the problem has not occurred since," according to the e-mail.
No other details were provided, and no reply has been received yet to an e-mail and two phone requests to Cisco for more details. No additional details have been provided by Duke University or by Apple.
The wireless problem crystallized exactly a week ago, on Friday, July 13 as it happens, when Duke's IT staff identified the source of intermittent floods of Address Resolution Protocol (ARP) requests as at least two Apple iPhones connecting via the phone's built in wireless LAN adapter to Duke's campus-wide net. The ARP floods, up to 30,000 requests per second, knocked offline sometimes as many as 30 access points, for between 10 and 15 minutes.
That conclusion was based on an early analysis of traffic trace data by Duke IT staff. Frank Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology, was firmly convinced that the iPhone was the instigator. "I don't believe it's a Cisco problem in any way, shape, or form," he said at the time.
The Cisco spokeswoman's e-mail said Cisco "worked closely with Duke and Apple to identify the source of this problem."
Thursday, July 19, 2007
Cisco Wide Area Application Services Edge Services SYN Flood Denial of Service
Software: Cisco Wide Area Application Services (WAAS)
Description:
A vulnerability has been reported in Cisco Wide Area Application Services (WAAS), which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in Edge Services, which uses CIFS optimisation, when handling packets sent to ports 139/TCP and 445/TCP. This can be exploited to cause a device running WAAS to stop processing all traffic by sending a TCP SYN flood to port 139/TCP or 445/TCP.
Successful exploitation requires that WAAS is configured for Edge Services.
The vulnerability is reported in WAE appliances and the NM-WAE-502 network modules running WAAS versions 4.0.7 or 4.0.9.
Solution:
Update to version 4.0.11.
Description:
A vulnerability has been reported in Cisco Wide Area Application Services (WAAS), which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in Edge Services, which uses CIFS optimisation, when handling packets sent to ports 139/TCP and 445/TCP. This can be exploited to cause a device running WAAS to stop processing all traffic by sending a TCP SYN flood to port 139/TCP or 445/TCP.
Successful exploitation requires that WAAS is configured for Edge Services.
The vulnerability is reported in WAE appliances and the NM-WAE-502 network modules running WAAS versions 4.0.7 or 4.0.9.
Solution:
Update to version 4.0.11.
Wednesday, July 18, 2007
Cisco Catalyst 3750G test
The product is an amalgamation of Cisco’s wireless LAN controller and its Catalyst 3750 switch. At its foundation are 24 copper Gigabit Ethernet ports, all of which are 802.3af PoE enabled, and the switch has a meaty 32Gb/sec switching backplane. The primary purpose of the Gigabit ports is to facilitate the distribution of Cisco’s Aironet access points. These act as the system’s eyes and ears on the wireless network, but only those running the LWAPP (lightweight access point protocol) are supported.
More >>
Tuesday, July 17, 2007
Web 2.0 will speed up business
As a man who has the ear of Alan Greenspan, the former chairman of the US Federal Reserve, John Chambers, chairman of Cisco Systems, has become respected for his crystal-ball gazing.
Yesterday, the head of the world’s biggest maker of data networking equipment was at it again: he predicted consumer-led technologies, amid Web 2.0, will spark a boom in productivity.
Social networks, teleconferencing, wikis and other technologies that allow interaction on a large scale could also change traditional business models, Mr Chambers reportedly said.
But before he elaborated, and explained what the second growth phase of the internet might look like over the next decade, he verified Cisco’s track record as a soothsayer of all things ICT.
“If you go back to what we said in the mid-1990s, we made predictions on productivity that people thought were mathematically impossible and yet it was over-achieved beyond what any economist thought,” Mr Chambers told the Financial Times yesterday.
In an interview with the paper, he continued: “We said [internet protocol] would be the future and it wouldn’t be separate voice, and video and data networks, and that has happened.
“We said there would be a brutal industry consolidation among the data communication companies and that clearly happened.
“We said that all electronic devices past a given price point would connect to the internet. That’s clearly happened.”
For the future, Cisco’s growth will come not just from network infrastructure, but from applications that help customers leverage connections between themselves and their customers.
Yesterday, the head of the world’s biggest maker of data networking equipment was at it again: he predicted consumer-led technologies, amid Web 2.0, will spark a boom in productivity.
Social networks, teleconferencing, wikis and other technologies that allow interaction on a large scale could also change traditional business models, Mr Chambers reportedly said.
But before he elaborated, and explained what the second growth phase of the internet might look like over the next decade, he verified Cisco’s track record as a soothsayer of all things ICT.
“If you go back to what we said in the mid-1990s, we made predictions on productivity that people thought were mathematically impossible and yet it was over-achieved beyond what any economist thought,” Mr Chambers told the Financial Times yesterday.
In an interview with the paper, he continued: “We said [internet protocol] would be the future and it wouldn’t be separate voice, and video and data networks, and that has happened.
“We said there would be a brutal industry consolidation among the data communication companies and that clearly happened.
“We said that all electronic devices past a given price point would connect to the internet. That’s clearly happened.”
For the future, Cisco’s growth will come not just from network infrastructure, but from applications that help customers leverage connections between themselves and their customers.
Thursday, July 12, 2007
Cisco Unified Communications Manager and Presence Server Security Bypass
Description:
Two vulnerabilities have been reported in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Cisco Unified Presence Server (CUPS), which can be exploited by malicious users to bypass certain security restrictions.
The vulnerabilities are caused due to unspecified errors and can be exploited by an unauthorized administrator to e.g. activate and terminate system services or to view SNMP configuration information in a CUCM/CUPS cluster environment.
The vulnerabilities affect the following versions:
- Cisco Unified CallManager 5.0 and Communications Manager 5.1 versions up to and including 5.1(2)
- Cisco Unified Presence Server versions 1.0 to 1.0(3)
Solution:
Apply updates.
Two vulnerabilities have been reported in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Cisco Unified Presence Server (CUPS), which can be exploited by malicious users to bypass certain security restrictions.
The vulnerabilities are caused due to unspecified errors and can be exploited by an unauthorized administrator to e.g. activate and terminate system services or to view SNMP configuration information in a CUCM/CUPS cluster environment.
The vulnerabilities affect the following versions:
- Cisco Unified CallManager 5.0 and Communications Manager 5.1 versions up to and including 5.1(2)
- Cisco Unified Presence Server versions 1.0 to 1.0(3)
Solution:
Apply updates.
Tuesday, July 10, 2007
Microsoft, EMC, Cisco join in effort to secure government data
Microsoft Corp., EMC Corp. and Cisco Systems Inc. Tuesday jointly unveiled plans to build a Secure Information Sharing Architecture (SISA) that will let various government agencies and their vendors securely share sensitive information.
The SISA Alliance, which also includes three smaller vendors, will create a set of common IT architectures which grant only authorized personnel and communities the ability to access, store and exchange protected data within secure virtualized networks, according to officials at Hopkinton, Mass.-based EMC.
The goal of SISA, according to officials of the sponsoring firms, is to remove silos of data management and data protection that have been commonly instituted within specific government entities.
Cisco will lend its network protection and secure virtualized network links capabilities, EMC will provide its networked storage systems and information lifecycle management tools, and Microsoft will add its identity management software, client system and operating system expertise, the executives said.
The other vendors include Liquid Machines Inc., which will provide content protection expertise, Swan Island Networks, Inc., which specializes in trusted computing environments and Titus Labs, a provider of email and document classification.
The companies agreed to jointly unveil technology developed under the program, and to require that all distributors of the technology be certified under a SISA Alliance program. The program will require such distributors to complete a SISA training program, thereby validating their ability to offer system integration or professional services expertise to support SISA implementation, officials said.
Monday, July 9, 2007
Cisco launch Linksys One range for SMBs
Cisco has launched a range of routers designed to provide small businesses with packaged routing and switching for voice and wireless applications.
The Linksys One Services Routers (SVR200 and 3500) combine broadband or T-1 connectivity with Power over Ethernet (PoE) ports. The software included provides firewall, VPN, remote network management and monitoring and device detection for IP phones.
For small business with a staff of about 10 people, the SVR200 includes ADSL and Ethernet WAN links and built-in 802.11g wireless LAN connectivity. The SVR3500, which is aimed at larger offices with more than 100 staff, has dual T-1 connections and a 24-port PoE switch.
The products launched under the Linksys One brand include its Linksys One Service Router, Wireless Services Router, Gigabit Smart Switch and the Cisco Service Node for Linksys One XA Series.
Linksys has included capabilities that let users transfer more calls from IP phones to a cell phone, as well as improved automatic customer provisioning capabilities.
The Linksys One Services Routers (SVR200 and 3500) combine broadband or T-1 connectivity with Power over Ethernet (PoE) ports. The software included provides firewall, VPN, remote network management and monitoring and device detection for IP phones.
For small business with a staff of about 10 people, the SVR200 includes ADSL and Ethernet WAN links and built-in 802.11g wireless LAN connectivity. The SVR3500, which is aimed at larger offices with more than 100 staff, has dual T-1 connections and a 24-port PoE switch.
The products launched under the Linksys One brand include its Linksys One Service Router, Wireless Services Router, Gigabit Smart Switch and the Cisco Service Node for Linksys One XA Series.
Linksys has included capabilities that let users transfer more calls from IP phones to a cell phone, as well as improved automatic customer provisioning capabilities.
Thursday, July 5, 2007
Cisco announces new product, application for effective biz
Cisco today announced new products and applications that allow organizations to use their network as a platform for more effective and more personalized business collaboration.
Cisco Unified Communications system 6.0 is a comprehensive communications system for voice, video and data. This new release introduces capabilities that will dramatically improve the productivity of mobile employees and cost-effectively deliver Unified Communications to small and medium-sized businesses. It also extends new collaboration features and third-party application integration across the portfolio. The system integrates wired, wireless and mobile devices to create a secure solution for the entire organization, regardless of a worker's location.
Further, marking the next major evolution of its small and medium-sized business (SMB) strategy, Cisco® today introduced several advancements designed to help maximize business efficiency and improve customer and employee collaboration. The advancements include the Cisco Unified Communications Manager Business Edition which combines key Unified Communications applications for mid-sized businesses (100-500 person) on a single platform with common provisioning and management and the Cisco Smart Business Communications System for small businesses.
A few highlights of the Cisco UC System 6.0 are:
- Mobility
- Small and Medium-Sized Businesses
- Collaboration
- A New Way of Communicating for Small Businesses
More >>
Cisco Unified Communications system 6.0 is a comprehensive communications system for voice, video and data. This new release introduces capabilities that will dramatically improve the productivity of mobile employees and cost-effectively deliver Unified Communications to small and medium-sized businesses. It also extends new collaboration features and third-party application integration across the portfolio. The system integrates wired, wireless and mobile devices to create a secure solution for the entire organization, regardless of a worker's location.
Further, marking the next major evolution of its small and medium-sized business (SMB) strategy, Cisco® today introduced several advancements designed to help maximize business efficiency and improve customer and employee collaboration. The advancements include the Cisco Unified Communications Manager Business Edition which combines key Unified Communications applications for mid-sized businesses (100-500 person) on a single platform with common provisioning and management and the Cisco Smart Business Communications System for small businesses.
Cisco Unified Communications System 6.0
A few highlights of the Cisco UC System 6.0 are:
- Mobility
- Small and Medium-Sized Businesses
- Collaboration
- A New Way of Communicating for Small Businesses
More >>
Tuesday, July 3, 2007
Technology adoption increases business growth
According to a study by Cisco, companies that actively try to promote use of new technologies alongside more flexible working conditions, are more likely to successful than those that don’t.
Cisco polled more than 600 business and IT directors across the UK, representing companies with staff of 20-1,000 employees.
They found that those companies that actively utilised technology as a strategic asset, such as Wi-Fi, as well as allowing remote or home networking, were much more likely to have increased turnover by more than 15% over the past year.
However, the study also underlined that the use of technology for improving business efficiency and working conditions had to be directed by senior management, and that the company had to have a clear idea of where and how to invest in technology before implementing it.
Additionally, while a significant number of managers responding to the poll highlighted talent acquisition retention in employees as a major priority, actual working environment conditions were regarded as low priority.
This was especially in the case of home networking, with far fewer companies willing to allow employees to work from home than was necessarily required.
Cisco polled more than 600 business and IT directors across the UK, representing companies with staff of 20-1,000 employees.
They found that those companies that actively utilised technology as a strategic asset, such as Wi-Fi, as well as allowing remote or home networking, were much more likely to have increased turnover by more than 15% over the past year.
However, the study also underlined that the use of technology for improving business efficiency and working conditions had to be directed by senior management, and that the company had to have a clear idea of where and how to invest in technology before implementing it.
Additionally, while a significant number of managers responding to the poll highlighted talent acquisition retention in employees as a major priority, actual working environment conditions were regarded as low priority.
This was especially in the case of home networking, with far fewer companies willing to allow employees to work from home than was necessarily required.
Monday, July 2, 2007
Cisco switches to consumer-oriented strategy
Network equipment maker Cisco Systems aims to make its way into Chinese consumers' living rooms with consumer-oriented gear and services, which could generate a new revenue stream for the US tech giant.Cisco mainly makes routers and switches, which direct the Internet and e-mail traffic and form the backbone of the worldwide Internet networks.
Although it was ranked 77th in Fortune 500 this year, the firm is much less known by average consumers as other brands, such as Apple, Microsoft and Nokia, as it is perceived as mainly a corporate technology vendor.
Susan Bostrom, chief marketing officer of Cisco, said in an exclusive interview with China Daily yesterday that Cisco needs to refashion itself as a more consumer-oriented company by changing the way consumers communicate with each other. "If you look back to 1990s, it's really about getting connected," she said. "But now it's about the power of end-users. We need to create human networks."
Cisco has been on a buying spree, acquiring a number of companies making consumer electronics devices including set-top box maker Scientific-Atlanta for $6.9 billion.
Cisco now hopes gear such as set-top boxes, wireless networked DVD players and video services could help it woo average consumers. "Now the work-life environment is much blurred," Bostrom said.
The consumer-oriented approach would help Cisco tap into China's booming consumer electronics market, the world's second-largest, second only to the United States, according to the Development Research Center of the State Council.
Although it was ranked 77th in Fortune 500 this year, the firm is much less known by average consumers as other brands, such as Apple, Microsoft and Nokia, as it is perceived as mainly a corporate technology vendor.
Susan Bostrom, chief marketing officer of Cisco, said in an exclusive interview with China Daily yesterday that Cisco needs to refashion itself as a more consumer-oriented company by changing the way consumers communicate with each other. "If you look back to 1990s, it's really about getting connected," she said. "But now it's about the power of end-users. We need to create human networks."
Cisco has been on a buying spree, acquiring a number of companies making consumer electronics devices including set-top box maker Scientific-Atlanta for $6.9 billion.
Cisco now hopes gear such as set-top boxes, wireless networked DVD players and video services could help it woo average consumers. "Now the work-life environment is much blurred," Bostrom said.
The consumer-oriented approach would help Cisco tap into China's booming consumer electronics market, the world's second-largest, second only to the United States, according to the Development Research Center of the State Council.
Thursday, June 28, 2007
Cisco IOS Exploitation Techniques
This paper is a result of research carried out by IRM to analyse and understand the check_heaps() attack and its impact on similar embedded devices. Furthermore, it also helps developers understand security-specific issues in embedded environments and developing mitigation strategies for similar vulnerabilities.
The paper primarily focuses on the techniques developed for bypassing the check_heaps() process, which has traditionally prevented reliable exploitation of memory-based overflows on the IOS platform. Using inbuilt IOS commands, memory dumps and open source tools IRM was able to recreate the vulnerability in a lab environment.
The material is divided in three sections, which cover the ICMPv6 source-link attack vector, IOS Operating System internals, and finally the analysis of the attack itself.
Download PDF >>>
The paper primarily focuses on the techniques developed for bypassing the check_heaps() process, which has traditionally prevented reliable exploitation of memory-based overflows on the IOS platform. Using inbuilt IOS commands, memory dumps and open source tools IRM was able to recreate the vulnerability in a lab environment.
The material is divided in three sections, which cover the ICMPv6 source-link attack vector, IOS Operating System internals, and finally the analysis of the attack itself.
Download PDF >>>
Wednesday, June 27, 2007
Run Cisco IOS on your PC
Started in August of 2005 by Christophe Fillot, Dynamips is a Linux and Windows based application that is used to emulate the hardware of the Cisco 7200 and 3600 series routing platforms. Unlike traditional router “simulators" Dynamips allows you to boot real Cisco IOS software images and build complex network topologies to test the functionality of IOS on your desktop PC. As of November 2006 Dynamips currently supports Ethernet, Serial, ATM, and POS interfaces for the 7200 series routers and Ethernet, Serial, and Etherswitch modules for the 3600 series routers. Best of all Dynamips is open-source and free to download!
To run Dynamips first you must install libpcap or winpcap depending on your platform. Windows users will need to install winpcap 4.0 or later which is currently in beta.
Next download the appropriate Linux or Windows executables for Dynamips. To do this I would recommended to download the Dynagen installer package, a front end written by Greg Anuzelli which uses an INI-like configuration file to provision the Dynamips emulator.
Next you'll need a Cisco IOS software image for a 7206, 3620, 3640, or 3660 router depending on which platform you will be emulating. IOS can be downloaded from http://www.cisco.com for users with a valid service contract. Once you have downloaded the appropriate IOS image it is recommended that you extract the image to save time in the Dynamips booting process. This can be accomplished with programs such as gunzip for Linux or WinRAR for Windows.
Next you need to build a Dynagen .net file to provision the Dynamips emulator, or you can download prebuilt ones to emulate the Internetwork Expert Routing& Switching and Service Provider topologies from here:
Click here to download the Internetwork Expert Topologies for Dynagen
Note that these files may need minor modification to specify your working directories and the names and locations of your Cisco IOS images. Also included in the Internetwork Expert topologies for Dynagen is a router instance that is designated as a Terminal Server (Access Server). This instance can be used like a Cisco 2511 series router to reverse telnet to the console ports of the virtual Dynamips router instances, similar to how the Terminal Server is used in the CCIE Lab Exam.
To use the Terminal Server instance first create a Loopback interface on your PC with the IP address 169.254.0.1/16. For Windows clients see http://support.microsoft.com/kb/839013 for instructions how to add a Loopback interface in Windows. Once the Loopback is created reboot your PC and then run the Dynamips shortcut “Network Device List" located on the desktop. This output will show you the hardware address for the Loopback which will look something like {4065B11C-2A6C-4FD2-8204-A12A9A8328A4}. Next edit the .net file for the appropriate Internetwork Expert topology, and under the [[Router TermServ]] entry edit the line E0/0 = NIO_gen_eth:\Device\NPF_{4065B11C-2A6C-4FD2-8204-A12A9A8328A4} to insert the hardware address of your Loopback. If successful you should be able to ping the IP address of the Terminal Server (169.254.0.2) from your local PC when the Dynamips instance for it is booted.
Next boot the Dynamips hypervisor. For Windows users this will be the “Dynamips Server" shortcut on your desktop that was created by the Dynagen installer package. Next run the appropriate .net file for Dynagen, and “start" your devices from the Dynagen command line. Once booted the Dynamips router processes can be telneted to with any terminal emulation software such as SecureCRT, PuTTY, HyperTerminal, or command line telnet.
Note that as the number of device you boot in Dynamips increases as do the processor, memory, and disk space requirements of your desktop.
More >>
50 School Districts Choose Parent Notification Solution from SchoolMessenger and Cisco
SchoolMessenger, a leading U.S. parental notification company, and Cisco, today announced that more than 50 school districts across the country have adopted their integrated parental notification solution. In addition, SchoolMessenger for Cisco Unified Communications, which was introduced last summer, now includes SMS text messaging to supplement voice and e-mail notification to reach a large audience using a range of devices.
Reports show that when notification solutions are used in schools, parents report improved peace of mind, and truancy rates decrease by up to 13 percent. In addition, by managing a single, centralized solution, and using its existing telecom investment, districts report that the solution pays for itself in less than two years when compared with annual subscription-based notification services.
SchoolMessenger for Cisco Unified Communications is a Web-based communications solution that integrates with a district's existing investment in Cisco Unified Communications. It is currently in use in 15 states, with the greatest concentration found in Texas and California.
More >>
Reports show that when notification solutions are used in schools, parents report improved peace of mind, and truancy rates decrease by up to 13 percent. In addition, by managing a single, centralized solution, and using its existing telecom investment, districts report that the solution pays for itself in less than two years when compared with annual subscription-based notification services.
SchoolMessenger for Cisco Unified Communications is a Web-based communications solution that integrates with a district's existing investment in Cisco Unified Communications. It is currently in use in 15 states, with the greatest concentration found in Texas and California.
More >>
Tuesday, June 26, 2007
Cisco overhauls networking certification to address skills shortage
Cisco has announced the addition of a new entry-level certification,
CCENT (Cisco Certified
Entry Network Technician), along with enhancements to the
popular Cisco CCNA associate-level certification.
Simultaneously, Cisco also plans to localise both the curricula and
certification exams to meet the worldwide demand for networking skills. Analyst IDC is predicting as much as a 40% gap between
the demand and supply of technical networking skills by 2012. To address these
needs, Cisco is making significant investments in its education and
certification programs to equip more people for successful careers in networking.
CCENT presents a new point of entry to those just beginning to build a career
in networking. As an optional stepping-stone to CCNA, CCENT validates the skills
required to successfully install and verify basic networks – a requirement for
most entry-level network support positions. At the same time, Cisco's
foundational CCNA curriculum has been revised to include a greater breadth of
networking topics and more focus on performance-based skills to differentiate
Cisco certified applicants in the IT job market. The CCNA curriculum will be
released in English on 26 July 2007, and the exams will be released in English
on 1 August 2007. Additional languages will be announced as translation plans
are finalised.
Wim Elfrink, chief globalisation officer and senior vice-president of
customer advocacy at Cisco, said, "We are dedicated to leading worldwide development
of the right technical expertise, in the right place and at the right time.
“The introduction of CCENT and localisation plans for our foundational
curricula, underscore our commitment to accelerate the learning curve for
technical talent across the globe," he said.
Laying the groundwork for more rigorous certification, CCENT validates the
knowledge and skills needed to configure and verify small routed and switched
networks, including the ability to configure IP addressing, implement basic
security measures and understand the concepts of wireless networking.
A comprehensive understanding of networking fundamentals is the focus of CCNA,
said Cisco.
Certification at this level validates the knowledge and skills required to
install, operate and troubleshoot a small to medium-sized routed and switched
network, including the ability to implement and troubleshoot protocols to manage
addressing and authentication.
Students must also be able to establish and troubleshoot connections to
service providers over a wide-area network.
The CCNA Prep Center is
available to anyone with a Cisco.com login to help candidates prepare for the
CCENT and CCNA exams.
Configure static NAT for inbound connections
How to configure Network Address Translation (NAT) so that computers on the Internet could access his internal Web and mail server through his Cisco router. This requires configuring a static NAT translation between the dedicated public IP address and the dedicated private IP address. Here’s how to do it.
More >>
More >>
Monday, June 25, 2007
Cisco acquires e-mail security company
Cisco Systems is moving quickly to integrate technology it's gaining from buying e-mail security firm IronPort Systems.
Company officials said in interviews here about the US$850 million IronPort acquisition, which closed today, that e-mail and Web site reputation datastreams from IronPort appliances will be fed to Cisco firewalls by the end of this year, and then be extended to the company's routers, switches and other devices in 2008.
The service checks the source of e-mail and Web sites embedded in e-mail against a database of suspicious sites IronPort calls SendBase.
In addition, early next year IronPort's Layer 4 traffic monitor technology, which watches for spyware signatures, will also be added first to Cisco firewalls in the first quarter of next year and then to other products.
The capabilities should be able to pushed as a software upgrade to users of existing Cisco products, said Richard Palmer, senior vice-president and general manager of the company's security technology group, under which IronPort will operate as a separate business unit.
In buying IronPort, Cisco is expanding its security offerings from managing networks to include spyware and malware data inspection to begin offering what it dubs wide traffic inspection, correlating information from several network devices.
Company officials said in interviews here about the US$850 million IronPort acquisition, which closed today, that e-mail and Web site reputation datastreams from IronPort appliances will be fed to Cisco firewalls by the end of this year, and then be extended to the company's routers, switches and other devices in 2008.
The service checks the source of e-mail and Web sites embedded in e-mail against a database of suspicious sites IronPort calls SendBase.
In addition, early next year IronPort's Layer 4 traffic monitor technology, which watches for spyware signatures, will also be added first to Cisco firewalls in the first quarter of next year and then to other products.
The capabilities should be able to pushed as a software upgrade to users of existing Cisco products, said Richard Palmer, senior vice-president and general manager of the company's security technology group, under which IronPort will operate as a separate business unit.
In buying IronPort, Cisco is expanding its security offerings from managing networks to include spyware and malware data inspection to begin offering what it dubs wide traffic inspection, correlating information from several network devices.
Thursday, June 21, 2007
Spirent Communications Selected As Exclusive Test System Provider For Cisco IPTV
The European Advanced Networking Test Center AG (EANTC) selected Spirent testing solutions to analyze Cisco Systems' IPTV infrastructure in a test commissioned by Light Reading.
Spirent’s Global Services team collaborated with EANTC to conduct an independent test of Cisco Systems IPTV infrastructure to verify an end-to-end IPTV and triple-play solution focusing on the network service requirements of broadcast TV and video-on-demand (VOD) applications.
For this event, Spirent supplied Spirent TestCenter, Spirent Video Quality Test System and Spirent GEM Ethernet Network and Impairment Emulator. In addition to test equipment, Spirent provided a three-person engineering support team for the pre-staging and the intense two-week period of formal testing. The Spirent Professional Services team collaborated with EANTC to create the test scripts to run the test. With engineering support and equipment, Spirent offered load generators for emulation of 120 DSLAMs plus 65 service ports (GigE and 10GigE), performed video quality measurements, and conducted impairment generation for the duration of the test.
“IPTV is highly complex and requires a different, more holistic focus in implementation and testing than traditional broadband access technologies,” said Carsten Rossenhövel, managing director of EANTC. “We found that Spirent was a great testing partner for IPTV solutions and support services, and together we put Cisco’s network design under a rigorous test routine.”
Covering four main areas that included quality of service (QoS), massive scalability of broadcast services, high availability of all services and user experience during high network load conditions, this test event exposed the realities of IPTV service deployment and need for thorough testing before the service goes live. Spirent’s test systems enabled EANTC to analyze QoS from the perspective of the user, often referred to as quality of experience (QoE), and by the handling of preferential services by the network including network resource allocation in the case of limited resources. Furthermore, with Spirent TestCenter the test was able to identify small sub-parts-per-million loss in all the data, and to analyze the associated flows in detail, identifying the less than 0.00002 percent packet loss in IPTV multicast service.
More
Spirent’s Global Services team collaborated with EANTC to conduct an independent test of Cisco Systems IPTV infrastructure to verify an end-to-end IPTV and triple-play solution focusing on the network service requirements of broadcast TV and video-on-demand (VOD) applications.
For this event, Spirent supplied Spirent TestCenter, Spirent Video Quality Test System and Spirent GEM Ethernet Network and Impairment Emulator. In addition to test equipment, Spirent provided a three-person engineering support team for the pre-staging and the intense two-week period of formal testing. The Spirent Professional Services team collaborated with EANTC to create the test scripts to run the test. With engineering support and equipment, Spirent offered load generators for emulation of 120 DSLAMs plus 65 service ports (GigE and 10GigE), performed video quality measurements, and conducted impairment generation for the duration of the test.
“IPTV is highly complex and requires a different, more holistic focus in implementation and testing than traditional broadband access technologies,” said Carsten Rossenhövel, managing director of EANTC. “We found that Spirent was a great testing partner for IPTV solutions and support services, and together we put Cisco’s network design under a rigorous test routine.”
Covering four main areas that included quality of service (QoS), massive scalability of broadcast services, high availability of all services and user experience during high network load conditions, this test event exposed the realities of IPTV service deployment and need for thorough testing before the service goes live. Spirent’s test systems enabled EANTC to analyze QoS from the perspective of the user, often referred to as quality of experience (QoE), and by the handling of preferential services by the network including network resource allocation in the case of limited resources. Furthermore, with Spirent TestCenter the test was able to identify small sub-parts-per-million loss in all the data, and to analyze the associated flows in detail, identifying the less than 0.00002 percent packet loss in IPTV multicast service.
More
Tuesday, June 19, 2007
Network Traffic To Grow Up To Six-Fold Annually
The increased use of video and further online collaboration will drive network traffic to an annual growth rate of between 300% and 500% over the next several years, said Cisco Systems Inc. Chairman and Chief Executive John Chambers, who added this is beyond most expectations.
"It's the second phase of the Internet - it will be about collaboration," Chambers said during a keynote address at the NXTcomm telecommunications industry trade show on Tuesday.
Cisco supplies the switching network equipment for government, corporate and carrier customers. But Chambers said he believes the next phase of growth will come from layering services through that network. The executive touted the combination of different services like video and music integrated into various environments such as the car, mobile handset or home.
"It won't be about transport, it'll be about the changing business model," he said, adding that the consumer is now driving demand for new services.
Other services include the expanded use of telepresence, a high-end video conferencing product that many companies are offering.
Touting the increased productivity of collaboration, he cited Cisco's own acquisition history. In November 2005, Cisco closed the acquisition of television cable set-top box maker Scientific Atlanta in 45 days. The company took eight days to close the acquisition of WebEx earlier this year.
On net neutrality, Chambers said he is more concerned with building out the network and considers dividing up the lines and speeds a second priority.
"It's the second phase of the Internet - it will be about collaboration," Chambers said during a keynote address at the NXTcomm telecommunications industry trade show on Tuesday.
Cisco supplies the switching network equipment for government, corporate and carrier customers. But Chambers said he believes the next phase of growth will come from layering services through that network. The executive touted the combination of different services like video and music integrated into various environments such as the car, mobile handset or home.
"It won't be about transport, it'll be about the changing business model," he said, adding that the consumer is now driving demand for new services.
Other services include the expanded use of telepresence, a high-end video conferencing product that many companies are offering.
Touting the increased productivity of collaboration, he cited Cisco's own acquisition history. In November 2005, Cisco closed the acquisition of television cable set-top box maker Scientific Atlanta in 45 days. The company took eight days to close the acquisition of WebEx earlier this year.
On net neutrality, Chambers said he is more concerned with building out the network and considers dividing up the lines and speeds a second priority.
Monday, June 18, 2007
Making your apps faster!
Optimization is a constant worry of network executives who need to make unruly applications -- never designed to run over anything but a high-speed LAN -- perform smoothly on the WAN. These days, network executives need to boost application performance itself, as well as factor in how to optimize storage, encryption and server-to-server technologies, such as XML.
Cisco wants to help by putting everything related to optimization into an intelligent network layer. Then, for example, network executives can deploy optimization services as blades and software add-ons in their existing Cisco gear. The router giant's network-based application-optimization strategy splits along the lines of two product families: Application-delivery networks focus on user-to-application communications (including performance, security and so forth), while the Application Oriented Networking initiative centers on application-to-application communications. George Kurian, general manager for Cisco's application delivery business unit, explains how it all fits together in an interview with Julie Bort, a Network World editor.
Networkworld Interview
Cisco wants to help by putting everything related to optimization into an intelligent network layer. Then, for example, network executives can deploy optimization services as blades and software add-ons in their existing Cisco gear. The router giant's network-based application-optimization strategy splits along the lines of two product families: Application-delivery networks focus on user-to-application communications (including performance, security and so forth), while the Application Oriented Networking initiative centers on application-to-application communications. George Kurian, general manager for Cisco's application delivery business unit, explains how it all fits together in an interview with Julie Bort, a Network World editor.
Networkworld Interview
Cisco Meshes With Cable
Cisco today announced it is launching the Cisco Cable ServiceMesh solution, the industry’s first integrated, end-to-end wireless architecture designed for cable operators who want to extend indoor Wireless Fidelity (Wi-Fi) to outdoor mesh networks in municipalities, tourism centers, small businesses and universities in North America. This new architecture offers the foundation layer for broadband mobility.
Building on the Cisco Internet Protocol Next-Generation Network (IP NGN) architecture, the Cisco Cable ServiceMesh solution is a fully integrated outdoor wireless platform that helps enable operators to quickly deploy a variety of value-added, revenue-generating services via a single network infrastructure. By using the Cisco Cable ServiceMesh solution, cable operators can create new revenue opportunities through the deployment of an outdoor wireless mesh solution that utilizes existing infrastructure to cost-effectively expand their service offerings and their market reach, bringing the Connected Life to customers at home, at work or on the move.
The new Cisco Cable ServiceMesh solution is a comprehensive wireless broadband system comprising:
- Cisco Aironet 1520 Series Lightweight Outdoor Mesh Access Points, a new set of wireless access points with integrated Data Over Cable Service Interface Specification (DOCSIS) 2.0 cable interfaces used to create metropolitan-scale, outdoor wireless networks, providing access to any Wi-Fi compliant device;
- Cisco Wireless Services Modules, which provide the control, scalability and reliability needed to build highly secure, carrier-grade indoor and outdoor 802.11 wireless networks;
- Cisco Wireless Control System software, an industry-leading platform for wireless local area network (LAN) planning, configuration, management, troubleshooting, and mobility services for the Cisco Cable ServiceMesh solution;
- Cisco Intelligent Services Gateway, which delivers advanced subscriber awareness, resource provisioning and access control capabilities. The
Cisco Intelligent Services gateway also simplifies the creation and speeds the delivery of advanced IP services over Cisco IP NGNs. The Cisco Intelligent Services Gateway has been designed to support both IP Multimedia Subsystem (IMS) and non-IMS based applications;
- Cisco Service Control Engine, a solution that controls packets on a Layer-7 application level while utilizing the existing IP wireless network infrastructure to provide a variety of services;
- Cisco 7600 Series Router, the industry’s leading edge router that delivers robust, high-performance IP/MultiProtocol Label Switching (MPLS) features for a range of service provider edge applications.
This combination makes possible multiple applications, including extending data, voice and video streaming outside the home, police, fire and emergency services, as well as those for city operations, such as remote access to city applications, automated meter reading, and permit verification and compliance.
Building on the Cisco Internet Protocol Next-Generation Network (IP NGN) architecture, the Cisco Cable ServiceMesh solution is a fully integrated outdoor wireless platform that helps enable operators to quickly deploy a variety of value-added, revenue-generating services via a single network infrastructure. By using the Cisco Cable ServiceMesh solution, cable operators can create new revenue opportunities through the deployment of an outdoor wireless mesh solution that utilizes existing infrastructure to cost-effectively expand their service offerings and their market reach, bringing the Connected Life to customers at home, at work or on the move.
The new Cisco Cable ServiceMesh solution is a comprehensive wireless broadband system comprising:
- Cisco Aironet 1520 Series Lightweight Outdoor Mesh Access Points, a new set of wireless access points with integrated Data Over Cable Service Interface Specification (DOCSIS) 2.0 cable interfaces used to create metropolitan-scale, outdoor wireless networks, providing access to any Wi-Fi compliant device;
- Cisco Wireless Services Modules, which provide the control, scalability and reliability needed to build highly secure, carrier-grade indoor and outdoor 802.11 wireless networks;
- Cisco Wireless Control System software, an industry-leading platform for wireless local area network (LAN) planning, configuration, management, troubleshooting, and mobility services for the Cisco Cable ServiceMesh solution;
- Cisco Intelligent Services Gateway, which delivers advanced subscriber awareness, resource provisioning and access control capabilities. The
Cisco Intelligent Services gateway also simplifies the creation and speeds the delivery of advanced IP services over Cisco IP NGNs. The Cisco Intelligent Services Gateway has been designed to support both IP Multimedia Subsystem (IMS) and non-IMS based applications;
- Cisco Service Control Engine, a solution that controls packets on a Layer-7 application level while utilizing the existing IP wireless network infrastructure to provide a variety of services;
- Cisco 7600 Series Router, the industry’s leading edge router that delivers robust, high-performance IP/MultiProtocol Label Switching (MPLS) features for a range of service provider edge applications.
This combination makes possible multiple applications, including extending data, voice and video streaming outside the home, police, fire and emergency services, as well as those for city operations, such as remote access to city applications, automated meter reading, and permit verification and compliance.
Subscribe to:
Posts (Atom)