Oktoobar 18-keedii^{(October 18th)} , waxaa nalagu martiqaaday Cisco Connect 2017 . Munaasabadan, waxaan kula kulanay khabiir dhanka amniga ah Jamey Heary . Isagu waa Injineer Nidaamyada^{(Systems Engineer)} Sharafta leh ee Nidaamyada ^(Systems)Sisiko^(Cisco) halkaas oo uu hoggaamiyo Kooxda Dhismaha Amniga Caalamiga ah^{(Global Security Architecture Team)} . Jamey waa lataliye ammaan oo la aamini karo iyo naqshadeeyaha qaar badan oo ka mid ah macaamiisha ugu waaweyn Cisco . Sidoo kale waa qoraa buug, horena u ahaan jiray blogger Network World . Waxaan kala hadalnay isaga oo ku saabsan amniga ganacsiga casriga ah, arrimaha amniga ee muhiimka ah ee saameeya ganacsiyada iyo ururada, iyo dayacanka ugu dambeeya ee saameeya dhammaan shabakadaha wireless-ka iyo macaamiisha (KRACK ). Waa kan waxa uu yidhi:

Dhegaystayaashayadu waxay ka kooban yihiin isticmaalayaasha dhamaadka iyo ganacsiga labadaba. Si aad u bilowdo, oo aad naftaada u barato xoogaa, sideed ku sifayn lahayd shaqadaada Sisiko^(Cisco) , si aan shirkad ahayn?

Dareenkaygu waa ammaan. Waxa aan ku dadaalo inaan sameeyo maalin kasta waa inaan baro macaamiishayda iyo isticmaalayaasha dhamaadka dhismaha. Tusaale ahaan, waxaan ka hadlaa alaabta amniga iyo sida ay ula midoobaan alaabta kale (anaga ama qolo saddexaad). Sidaa darteed waxaan wax ka qabtaa qaab-dhismeedka nidaamka marka laga eego dhinaca amniga.

Waayo-aragnimadaada khabiir amni ahaan, waa maxay khataraha ugu muhiimsan ee amniga ku wajahan ganacsiga casriga ah?

Kuwa ugu waaweyn waa injineernimada bulshada iyo ransomware. Tan dambe waxay burbur ku keentaa shirkado badan, wayna ka sii dari doontaa sababtoo ah lacag badan baa ku jirta. Waxay u badan tahay inay tahay waxa ugu faa'iidada badan ee abuurayaasha malware ay garteen sida loo sameeyo.

Waxaan aragnay in diiradda "nin xun" ay ku jiraan isticmaalaha ugu dambeeya. Isaga ama iyada waa isku xirka ugu daciifsan hadda. Waxaan isku daynay warshad ahaan inaan dadka u tababarno, warbaahintu waxay qabatay shaqo wanaagsan si ay u hesho ereyga ku saabsan sida aad naftaada u ilaalin karto si ka sii wanaagsan, laakiin weli, waa wax aan macquul ahayn in qof loo diro e-mail bartilmaameed ah oo uu ku qaato Ficil aad rabto: guji xiriiriyaha, fur lifaaq, wax kasta oo aad rabto.

Khatarta kale waa lacagaha online-ka ah. Waxaan sii wadi doonaa inaan aragno hagaajinta siyaabaha ay shirkaduhu lacag-bixinta ku qaataan khadka laakiin, ilaa warshaduhu ka hirgeliyaan habab aamin ah oo lacag-bixinta online-ka ah, goobtani waxay noqon doontaa arrin khatar weyn leh.

Marka ay timaado dhanka amniga, dadku waa isku xirka ugu liita iyo sidoo kale diiradda koowaad ee weerarrada. Sideen ula qabsan karnaa arrintan, maadaama injineernimada bulshadu uu yahay mid ka mid ah khataraha ugu horreeya ee amniga?

Waxaa jira tignoolajiyada badan oo aan codsan karno. Waxaa jira wax badan oo aad u qaban karto qofka, gaar ahaan warshadaha halkaas oo dadka qaarkiis ay u muuqdaan inay ka caawin karaan kuwa kale. Tusaale ahaan, warshadaha daryeelka caafimaadka, dadku waxay rabaan kaliya inay caawiyaan kuwa kale. Markaa waxaad u soo dirtaa e-mail xaasidnimo ah, waxayna u badan tahay inay gujiyaan waxaad u dirto marka loo eego dadka warshadaha kale, waax booliis ahaan.

Markaa dhibkan ayaanu leenahay, laakiin waxaan isticmaali karnaa tignoolajiyada. Mid ka mid ah waxyaalihii aan sameyn karno waa kala qaybinta, taas oo si weyn u yareeyn karta dusha weerarka ee uu heli karo isticmaale kasta. Waxaan u yeernaa tan "eber aaminaad": marka isticmaaluhu ku xiro shabakada shirkadda, shabakadu waxay fahmeysaa cidda adeegsaduhu yahay, doorka uu ku leeyahay ururka, codsiyada isticmaaluhu u baahan yahay inuu galo, waxay fahmi doontaa mashiinka isticmaalaha iyo waa maxay qaabka amniga ee mashiinka, ilaa heer aad u faahfaahsan. Tusaale ahaan, waxay xitaa sheegi kartaa waxyaabaha sida baahsanaanta codsiga isticmaaluhu haysto. Faafitaanka^(Prevalence) waa wax aan helnay waxtar, oo macnaheedu waa inta qof ee kale ee adduunka ku nool ayaa isticmaala codsigan, iyo inta urur la siiyay. Sisico^(Cisco) _, waxaanu ku samaynaa falanqayntan iyada oo loo marayo xashiishad: waxaanu qaadanaa xashiishad codsi ah, waxaanan haynaa malaayiin dhibcood oo dhamaadka ah, wayna soo laaban doonaan oo waxay odhan doonaan: "baahnaanta app this waa 0.0001%". Baahsanaanta^(Prevalence) ayaa xisaabisa inta abka loo isticmaalo aduunka iyo ka dib ururkaaga. Labadan tillaaboba waxay aad ugu wanagsanaan karaan in la ogaado haddii shay aad looga shakisan yahay, iyo inay mudan tahay in si dhow loo eego.

Waxaad haysataa maqaallo taxane ah oo xiiso leh gudaha Shabakadda Adduunka^{(Network World)} oo ku saabsan nidaamyada Maareynta Qalabka Mobilka^{(Mobile Device Management)} ( MDM ). Si kastaba ha ahaatee, sannadihii ugu dambeeyay, mawduucan wuxuu u muuqdaa mid si yar looga hadlay. Danta warshadaha ee nidaamyadan oo kale miyay hoos u dhacaysaa? Maxaa dhacaya, marka loo eego aragtidaada?

Waxyaabo yar ayaa dhacay, kuwaas oo mid ka mid ah ay tahay in nidaamyada MDM ay noqdeen kuwo si cadaalad ah uga buuxa suuqa. Ku dhawaad^(Almost) ​​dhammaan macaamiishayda waaweyn waxay leeyihiin hal nidaam oo noocaas ah. Waxyaabaha kale ee dhacay ayaa ah in xeerarka qarsoodiga ah iyo maskaxda sirta ee isticmaalayaashu ay isbeddeleen taasoo keentay in dad badani aysan siinayn qalabkooda gaarka ah (smartphone, tablet, iwm.) ururkooda oo u oggolaadaan software-ka MDM in la rakibo. Markaa waxaanu leenahay tartankan: Shirkaddu waxay doonaysaa inay si buuxda u hesho agabka ay shaqaalahoodu adeegsadaan si ay isu badbaadiyaan, shaqaaluhuna aad bay uga adkaysteen habkan. Dagaalkan joogtada ah ayaa u dhaxeeya labada dhinac. Waxaan aragnay in baahsanaanta MDMNidaamyadu way ku kala duwan yihiin shirkad ilaa shirkad, iyadoo ku xiran dhaqanka iyo qiyamka shirkadda, iyo sida urur kastaa rabo inuu ula dhaqmo shaqaalaheeda.

Tani ma saamaynaysaa qaadashada barnaamijyada sida Keen^(Bring) Qalabkaaga ( BYOD ) si ^(Device)uu^(BYOD) u shaqeeyo?

Haa, gabi ahaanba wuu sameeyaa. Waxa dhacaya, inta badan, waa in dadka isticmaalaya qalabkooda shabakada shirkadaha, ay u isticmaalaan meel aad loo maamulo. Mar labaad^(Again) , qaybintu way soo galaysaa. Haddii aan keeno qalabkayga shabakada shirkadda, markaa waxaa laga yaabaa inaan geli karo internetka, qaar ka mid ah server-yada gudaha ee shirkadaha gudaha, laakiin sinaba, waxaan awood u yeelanayaa inaan galo server-yada xogta, barnaamijyada muhiimka ah ee shirkaddayda ama xogta muhiimka ah, laga bilaabo qalabkaas. Taasi waa wax aan ku sameyno barnaamij ahaan Cisco si uu isticmaaluhu u tago meesha uu u baahan yahay ee shabakadda shirkadda laakiin maaha meesha shirkadu aysan rabin in isticmaaluhu aado, qalab shakhsi ahaaneed.

Arrinka ugu kulul ee amniga raadaarka qof walba waa " KRACK " ( Weerarka Dib-u-soo-celinta Furaha ah^{(Key Reinstallation AttaCK)} ), oo saameeya dhammaan macaamiisha shabakadaha iyo qalabka isticmaalaya nidaamka sirta ah ee WPA2 . Maxey sameyneysaa Cisco si ay uga caawiso macaamiishooda dhibaatadan?

Waa wax aad loola yaabo in mid ka mid ah waxyaalihii aan ku tiirsaneynay sanado badan uu hadda dillaaco. Waxay ina xasuusinaysaa arrimaha SSL , SSH iyo dhammaan waxyaalaha aan aasaas ahaan aaminsanahay. Dhammaantood waxay noqdeen "aan u qalmin" kalsoonidayada.

Arrintaan, waxaan u aqoonsannay toban baylah. Tobankaas, sagaal ka mid ah waxay ku salaysan yihiin macmiilka, markaa waa inaan hagaajinnaa macmiilka. Mid ka mid ah waa shabakad la xiriirta. Midkaas , Cisco ayaa sii deyn doonta balastarrada. Arrimuhu waxay gaar u yihiin barta gelitaanka, mana aha inaan hagaajino router-yada iyo furayaasha.

Aad ayaan ugu faraxsanahay inaan arko in Apple ay ku heshay hagaajintooda koodhka beta sidaa darteed aaladaha macaamiishooda ayaa dhowaan si buuxda loo dhejin doonaa. Daaqadaha^(Windows) horeyba waxay u leeyihiin balastar diyaarsan, iwm. Sicisko^(Cisco) , jidku waa toosan yahay: hal nuglaanshaha meelahayada gelitaanka waxaanan sii deyn doonaa balastar iyo hagaajin.

Ilaa wax walba la hagaajiyo, maxaad kula talin lahayd macaamiishaada inay sameeyaan si ay naftooda u ilaaliyaan?

Xaaladaha qaarkood, uma baahnid inaad wax sameyso, sababtoo ah mararka qaarkood sirta ayaa loo isticmaalaa gudaha sirta. Tusaale ahaan, haddii aan tago bogga bangigayga, waxay isticmaashaa TLS ama SSL amniga isgaarsiinta, taas oo aan saameyn ku yeelan arrintan. Marka, xitaa haddii aan marayo WiFi ballaaran oo furan , sida kan Starbucks , dhib ma leh. Meesha ay arrintani WPA2 ku leedahay in badan oo ka mid ah ciyaarta ayaa ah dhinaca sirta ah. Tusaale ahaan, haddii aan tago mareegaha oo aanan rabin in kuwa kale ogaadaan taas, hadda way ogaan doonaan sababtoo ah WPA2 ma aha mid waxtar leh.

Hal shay oo aad samayn karto si aad naftaada u nabadgeliso ayaa ah inaad dejiso isku xirka VPN . Waxaad ku xidhi kartaa wireless-ka, laakiin waxa ku xiga ee ay tahay inaad samayso waa daar VPN -kaaga . VPN - ku waa fiican yahay sababtoo ah waxay abuurtaa tunnel sir ah oo dhex mara WiFi -ga . Way shaqayn doontaa ilaa sirta VPN sidoo kale la jabsado oo aad u baahan tahay inaad xalliso xal cusub. 🙂

Suuqa macaamiisha, qaar ka mid ah iibiyaasha amniga ayaa ku xiraya VPN -ka fayraska iyo amniga guud. Waxay sidoo kale bilaabayaan inay baraan macaamiisha in aysan ku filneyn in la haysto firewall, iyo antivirus, waxaad sidoo kale u baahan tahay VPN . Waa maxay habka Cisco^(Cisco) ee ku saabsan ammaanka ganacsiga? Miyaad sidoo kale si firfircoon u dhiirrigelisaa VPN sida lakabka ilaalinta lagama maarmaanka ah?

VPN waa qayb ka mid ah xidhmooyinkayada ganacsiga. Xaaladaha caadiga ah, kama hadalno VPN gudaha tunnel qarsoon iyo WPA2 waa tunnel sir ah. Caadiyan, sababtoo ah waa kiil xad dhaaf ah oo waxaa jira kharash dheeraad ah oo ay tahay inay ka dhacdo dhinaca macmiilka si ay dhammaantood si fiican u shaqeeyaan. Inta badan, uma qalanto. Haddii kanaalka mar hore la siray, maxaad mar kale u siraysaa?

Xaaladdan oo kale, marka lagugu qabto surwaalkaaga hoos sababtoo ah nidaamka amniga WPA2 ayaa asal ahaan jabay, waxaan dib ugu dhici karnaa VPN , ilaa arrimuhu ay xaliyaan WPA2^(WPA2) .

Laakiin markii uu sheegay in, goobta sirta ah, ururada amniga sida waaxda ^(Department)gaashaandhigga^(Defense) ee hay'ad, waxay tan samaynayeen sanado badan. Waxay ku tiirsan yihiin VPN , oo ay weheliso sirta wireless-ka iyo, marar badan codsiyada ku yaal bartamaha VPN -kooda sidoo kale waa la sir, markaa waxaad heleysaa sir saddex-gees ah, dhammaantoodna isticmaalaya noocyo kala duwan oo qarsoodi ah. Waxay sidaas u sameeyaan sababtoo ah waxay yihiin "paranoid" sida ay tahay inay noqdaan. :))

Bandhigaaga Cisco Connect , waxaad ku sheegtay automation-ku inuu yahay mid aad muhiim ugu ah amniga. Waa maxay habka lagugula taliyay ee otomaatigga ah ee amniga?

Automation-ku wuxuu noqon doonaa shuruud degdeg ah sababtoo ah annagu, bini'aadam ahaan, kuma socon karno si ku filan si aan u joojinno jebinta amniga iyo khataraha. Macmiil wuxuu haystay 10.000 mashiin oo lagu sireeyay ransomware 10 daqiiqo gudahood. Ma jirto qaab aadaminimo oo macquul ah oo aad uga falcelin karto taas, marka waxaad u baahan tahay otomaatig ah.

Habkayaga maanta maaha mid culus sida laga yaabo inay noqoto, laakiin, markaan aragno wax shaki leh, dabeecad u eg jebinta, nidaamyadayada amnigu waxay u sheegaan shabakada inay geliyaan qalabkaas ama isticmaalahaas karantiil. Tani ma aha purgatory; wali waxaad samayn kartaa waxyaabo qaar: waxaad wali aadi kartaa intarneedka ama waxaad ka heli kartaa xogta server-yada maaraynta balastar-ka. Gebi ahaanba ma tihid cidlo Mustaqbalka, waxaa laga yaabaa inaan bedelno falsafadaas oo aan nidhaahno: mar haddii lagu karantiilo, ma lihid wax galaangal ah sababtoo ah waxaad khatar ugu tahay ururkaaga.

Sidee Cisco ugu isticmaashaa automation-ka galka alaabta amniga?

Meelaha qaarkood, waxaan isticmaalnaa qalab badan. Tusaale ahaan, Cisco Talos , kooxdayada cilmi-baarista khatarta ah, waxaan ka helnaa xogta telemetry dhammaan aaladaha amniga iyo xog kale oo badan oo ilo kale ah. Kooxda Talos waxay adeegsataa barashada mashiinka iyo sirdoonka macmal si ay u kala saaraan malaayiin diiwaan maalin kasta. Haddii aad eegto waxtarka wakhti ka dib dhammaan alaabtayada amniga, waa wax cajiib ah, dhammaan imtixaanada waxtarka dhinac saddexaad.

Isticmaalka weerarrada DDOS miyuu hoos u dhacayaa?

Nasiib darro, DDOS sida habka weerarku waa nool yahay oo wanaagsan yahay, wayna ka sii daraysaa. Waxaan ogaanay in weerarada DDOS ay u janjeeraan in lala beegsado noocyada shirkadaha qaarkood. Weerarada noocaan oo kale ah ayaa loo isticmaalaa labadaba sida khiyaano iyo sida hubka aasaasiga ah ee weerarka. Waxa kale oo jira laba nooc oo weerarrada DDOS ah: volumetric iyo app ku salaysan. Cabbirka cabbirka ayaa faraha ka baxay haddii aad eegto tirooyinka ugu dambeeya ee inta xog ee ay soo saari karaan si qof hoos loogu dhigo. Waa wax lagu qoslo.

Mid ka mid ah noocyada shirkadaha ee lagu bartilmaameedsado weerarrada DDOS waa kuwa tafaariiqda, badiyaa inta lagu jiro xilliga fasaxa ( Madow Jimcaha^{(Black Friday)} ayaa soo socda!). Nooca kale ee shirkadaha ay bartilmaameedsadaan weerarada DDOS waa kuwa ka shaqeeya meelaha lagu muransan yahay, sida saliidda iyo gaasta. Xaaladdan oo kale, waxaanu la macaamilaynaa dadka leh sabab gaar ah oo anshax iyo akhlaaqeed, kuwaas oo go'aansada in ay DDOS urur ama mid kale sababtoo ah ma ogola waxa ay samaynayaan. Dadka caynkaas ahi waxay tan u sameeyaan sabab, ujeeddo, ee maaha lacag ay ku lug leeyihiin.

Dadku waxay soo galaan ururadooda ma aha oo kaliya qalabkooda laakiin sidoo kale nidaamyadooda daruuraha ( OneDrive , Google Drive , Dropbox , iwm.) Tani waxay ka dhigan tahay khatar kale oo amniga ah ee ururada. Sidee buu nidaamka sida Cisco Cloudlock ula tacaalayaa arrintan?

Cloudlock waxay qabataa laba shay oo aasaasi ah: marka hore, waxay ku siinaysaa xisaab hubinta dhammaan adeegyada daruuriga ah ee la isticmaalayo. Waxaan ku dhex darnaa Cloudlock^(Cloudlock) alaabadayada shabakadda si dhammaan diiwaannada shabakadda ay u akhriyi karaan Cloudlock . Taasi waxay kuu sheegi doontaa meesha qof kasta oo ka tirsan ururka uu aadayo. Markaa waad ogtahay in dad badan ay isticmaalayaan Dropbox iyaga u gaar ah , tusaale ahaan.

Waxa labaad ee uu Cloudlock sameeyo waa in dhammaan laga sameeyay API -yada la xidhiidha adeegyada daruuraha. Sidan, haddii isticmaale uu ku daabacay dukumeenti shirkadeed sanduuqa^(Box) , Box isla markiiba wuxuu u sheegaa Cloudlock^(Cloudlock) in dukumeenti cusub uu yimid waana inuu eego. Markaa waxaan eegi doonaa dukumeentiga, kala saari doonaa, ogaan doonaa astaanta khatarta ah ee dukumeentiga, iyo sidoo kale kuwa kale ayaa lala wadaagay ama lama wadaagin. Iyada oo ku saleysan natiijooyinka, nidaamku wuxuu joojin doonaa wadaagga dukumeentigaas iyada oo loo marayo Sanduuqa^(Box) ama uu oggolaan doono.

Iyadoo Cloudlock waxaad dejin kartaa shuruuc sida: "Tani waa inaan marnaba lala wadaagin qof ka baxsan shirkadda. Haddii ay tahay, dami wadaagista." Waxa kale oo aad samayn kartaa sirta baahida, iyada oo ku saleysan muhiimada dukumeenti kasta. Sidaa darteed, haddii isticmaalaha ugu dambeeya uusan sir qarin dukumeenti ganacsi oo muhiim ah, marka lagu dhejiyo sanduuqa^(Box) , Cloudlock wuxuu si toos ah u qasbi doonaa sirta dukumeentigaas.

Waxaan aad ugu mahadcelineynaa Jamey Heary wareysigan iyo jawaabaha hufan ee uu bixiyey. Haddii aad rabto in aad la xiriirto, waxaad ka heli kartaa isaga on Twitter .

Dhammaadka maqaalkan, nala wadaag ra'yigaaga ku saabsan mawduucyada aan ka wada hadalnay, adigoo isticmaalaya xulashooyinka faallooyinka ee hoose.

Jamey Heary from Cisco: Organizations that work with sensitive information, use encrypted WiFi, VPN, and encrypted apps

On Оctober 18th, we were invited to Cisсo Connect 2017. At this event, we met with security expert Jamey Heary. He is a Distinguished Systems Engineer at Cisco Systems where he lеadѕ the Global Security Architecture Team. Jamey is a trusted security advisor and architeсt for many of Cisco's largest customers. He iѕ also a book author and a former Network World blogger. We talked with him aboυt security in thе modern enterprise, the ѕignificant security issυeѕ that are impacting businesses аnd organizаtions, and the lаtest vulnеrabilities that affect all wireless networks and clients (KRACK). Here is what hе had to say:

Our audience is composed both of end-users and business users. To get started, and introduce yourself a bit, how would you describe your job at Cisco, in a non-corporate way?

My passion is security. What I strive to do every day is teach my customers and end-users about architecture. For example, I talk about a security product and how it integrates with other products (our own or from third parties). Therefore I deal with system architecture from a security perspective.

In your experience as a security expert, what are the most significant security threats to the modern enterprise?

The big ones are social engineering and ransomware. The latter wreaks devastation in so many companies, and it is going to get worse because there is so much money in it. It is probably the most lucrative thing that malware creators figured out how to do.

We've seen that the focus of the "bad guys" is on the end-user. He or she is the weakest link right now. We have tried as an industry to train people, the media has done a good job at getting the word out on how you could protect yourself better, but still, it is fairly trivial to send somebody a targeted e-mail and get them to take an action you want: click a link, open an attachment, whatever it is that you want.

The other threat is online payments. We are going to continue to see enhancements in the ways companies take payments online but, until the industry implements more secure ways to take payments online, this area is going to be a huge risk factor.

When it comes to security, people are the weakest link and also the primary focus of attacks. How could we cope with this issue, since social engineering is one of the leading security threats?

There is a lot of technology that we can apply. There is only so much you can do for a person, especially in an industry where some people tend to be more helpful than others. For example, in the healthcare industry, people just want to help others. So you send them a malicious e-mail, and they are more likely to click on what you send them than people in other industries, as a police department.

So we have this problem, but we can use technology. One of the things we can do is segmentation, which can drastically reduce the attack surface that is available to any end-user. We call this "zero trust": when a user connects to the company network, the network understands who the user is, what his or her role is in the organization, what applications the user needs to access, it will understand the user's machine and what is the security posture of the machine, to a very detailed level. For example, it can even tell things like the prevalence of an application the user has. Prevalence is something we found effective, and it means how many other people in the world use this application, and how many in a given organization. At Cisco, we do this analysis through hashing: we take a hash of an application, and we have millions of end-points, and they will come back and say: "the prevalence on this app is 0.0001%". Prevalence calculates how much an app is used in the world and then in your organization. Both of these measures can be very good at figuring out if something is very suspect, and whether it deserves to take a closer look at.

You have an interesting series of articles in the Network World about Mobile Device Management (MDM) systems. However, in recent years, this subject seems to be discussed less. Is the industry's interest in such systems slowing down? What is happening, from your perspective?

Few things have happened, one of which is that MDM systems have become fairly saturated in the market. Almost all of my larger customers have one such system in place. The other thing that has happened is that the privacy regulations and the privacy mindset of users have changed such that many people no longer give their personal device (smartphone, tablet, etc.) to their organization and allow an MDM software to get installed. So we have this competition: the enterprise wants to have full access to the devices that are used by their employees so that it can secure itself and the employees have become very resistant to this approach. There is this constant battle between the two sides. We have seen that the prevalence of MDM systems varies from company to company, depending on the company culture and values, and how each organization wants to treat its employees.

Does this affect the adoption of programs like Bring Your Own Device (BYOD) to work?

Yes, it totally does. What is happening, for the most part, is that people that are using their own devices on the corporate network, use them in a very controlled area. Again, segmentation comes into play. If I bring my own device to the corporate network, then maybe I can access the internet, some internal corporate web server, but by no means, I am going to be able to access the database servers, the critical apps of my company or its critical data, from that device. That's something that we do programmatically at Cisco so that the user gets to go where it needs to in the company network but not where the company doesn't want the user to go, from a personal device.

The hottest security issue on everyone's radar is "KRACK" (Key Reinstallation AttaCK), affecting all network clients and equipment using the WPA2 encryption scheme. What is Cisco doing to help their customers with this problem?

It is a huge surprise that one of the things that we relied on for years is now crackable. It reminds us of the issues with SSL, SSH and all the things that we fundamentally believe in. All of them have become "not worthy" of our trust.

For this issue, we identified ten vulnerabilities. Of those ten, nine of them are client-based, so we have to fix the client. One of them is network related. For that one, Cisco is going to release patches. The issues are exclusive to the access point, and we don't have to fix routers and switches.

I was delighted to see that Apple got their fixes in beta code so their client devices will soon be fully patched. Windows already has a patch ready, etc. For Cisco, the road is straightforward: one vulnerability on our access points and we are going to release patches and fixes.

Until everything gets fixed, what would you recommend your customers do to protect themselves?

In some cases, you don't need to do anything, because sometimes encryption is used inside encryption. For example, if I go to my bank's website, it uses TLS or SSL for communications security, which isn't affected by this issue. So, even if I am going through a wide-open WiFi, like the one at Starbucks, it doesn't matter as much. Where this issue with WPA2 comes more into play is on the privacy side. For example, if I go to a website and I don't want others to know that, now they are going to know because WPA2 is not effective anymore.

One thing you can do to secure yourself is set up VPN connections. You can connect to wireless, but the next thing you have to do is turn on your VPN. The VPN is just fine because it creates an encrypted tunnel going through the WiFi. It will work until the VPN encryption gets hacked too and you need to figure out a new solution. 🙂

On the consumer market, some security vendors are bundling VPN with their antivirus and total security suites. They are also starting to educate consumers that it is no longer enough to have a firewall, and an antivirus, you also need a VPN. What is Cisco's approach regarding security for the enterprise? Do you also actively promote VPN as a necessary protection layer?

VPN is part of our packages for the enterprise. In normal circumstances, we don't talk about VPN within an encrypted tunnel and WPA2 is an encrypted tunnel. Usually, because it is overkill and there is overhead that has to happen on the client side to make it all work well. For the most part, it is not worth it. If the channel is already encrypted, why encrypt it again?

In this case, when you are caught with your pants down because the WPA2 security protocol is fundamentally broken, we can fall back on VPN, until the issues get fixed with WPA2.

But having said that, in the intelligence space, security organizations like a Department of Defense type of organization, they've been doing this for years. They rely on VPN, plus wireless encryption and, a lot of times the applications in the middle of their VPN are also encrypted, so you get a three-way encryption, all using different types of cryptography. They do that because they are "paranoid" as they should be. :))

In your presentation at Cisco Connect, you mentioned automation as being very important in security. What is your recommended approach for automation in security?

Automation will become a requirement quickly because we, as humans, we can't move fast enough to stop security breaches and threats. A customer had 10.000 machines encrypted by ransomware in 10 minutes. There is no way humanly possible that you can react to that, so you need automation.

Our approach today is not as heavy-handed as it might have to become but, when we see something suspicious, behavior that seems like a breach, our security systems tell the network to put that device or that user into quarantine. This isn't purgatory; you can still do some stuff: you can still go to the internet or get data from the patch management servers. You are not totally isolated. In the future, we might have to change that philosophy and say: once you are quarantined, you don't have any access because you are too dangerous for your organization.

How is Cisco using automation in its portfolio of security products?

In certain areas, we use a lot of automation. For example, in Cisco Talos, our threat research group, we get telemetry data from all our security widgets and a ton of other data from other sources. The Talos group uses machine learning and artificial intelligence to sort through millions of records every single day. If you look at the efficacy over time in all of our security products, it is amazing, in all the third-party efficacy tests.

Is the use of DDOS attacks slowing down?

Unfortunately, DDOS as an attack method is alive and well, and it is getting worse. We have found that DDOS attacks tend to be targeted towards certain types of corporations. Such attacks are used both as a decoy and as the primary attack weapon. There are also two types of DDOS attacks: volumetric and app based. The volumetric has gotten out of control if you look at the latest numbers of how much data they can generate to take somebody down. It is ridiculous.

One type of corporations that are targeted by DDOS attacks is those in retail, usually during the holiday season (Black Friday is coming!). The other kind of companies that get targeted by DDOS attacks is those that work in controversial areas, like oil and gas. In this case, we are dealing with people who have a particular ethical and moral cause, who decide to DDOS an organization or another because they don't agree with what they are doing. Such people do this for a cause, for a purpose, and not for the money involved.

People bring into their organizations not only their own devices but also their own cloud systems (OneDrive, Google Drive, Dropbox, etc.) This represents another security risk for organizations. How is a system like Cisco Cloudlock dealing with this issue?

Cloudlock does two fundamental things: first, it is giving you an audit of all the cloud services that are being used. We integrate Cloudlock with our web products so that all the web logs can be read by Cloudlock. That will tell you where everybody in the organization is going. So you know that a lot of people are using their own Dropbox, for example.

The second thing that Cloudlock does is that it is all made of API's that communicate with cloud services. This way, if a user published a company document on Box, Box immediately says to Cloudlock that a new document has arrived and it should take a look at it. So we will look at the document, categorize it, figure out the risk profile of the document, as well as has it been shared with others or not. Based on the results, the system will either stop the sharing of that document through Box or allow it.

With Cloudlock you can set rules like: "this should never be shared with anyone outside the company. If it is, turn the sharing off." You can also do encryption on demand, based on the criticality of each document. Therefore, if the end user did not encrypt a critical business document, when posting it on Box, Cloudlock will force the encryption of that document automatically.

We would like to thank Jamey Heary for this interview and his candid answers. If you want to get in touch, you can find him on Twitter.

At the end of this article, share your opinion about the subjects that we discussed, using the commenting options available below.

Related posts

• 8 tillaabo si aad kor ugu qaaddo amniga ASUS router kaaga ama ASUS Lyra mesh WiFi

• Amniga internetka iyada oo loo marayo waxbarashada: Kaspersky Interactive Protection Simulation

• Xayeysiisyada PowerLinks waxay halis geliyaan malaayiin akhristayaasha, laga bilaabo daabacaadaha waaweyn sida Verge, Vice News iyo in ka badan

• Abaalmarinnada - Alaabta antivirus ugu caansan sanadka 2017

• Maxaa ka cusub Windows 10 Cusbooneysii November 2019?

• Amniga qof walba - Dib u eegista Kaspersky Secure Connection VPN

• ReadyBoost ma shaqeeyaa? Miyay u horumarisaa waxqabadka kombuyuutarrada qunyar socodka ah?

• Abaalmarinnada: Alaabta antivirus-ka bilaashka ah ee ugu fiican sanadka 2018

• Synology DiskStation Manager 7: Beta waa la heli karaa, cusboonaysiin bilaash ah oo imanaya 2021 -

• Isbarbardhigga: Waa kuwee antiviruska ugu fiican aaladaha Windows, 2018?

• Sida loogu daro, u beddelo ama meesha looga saaro Xidhiidhada VPN gudaha Windows 8.1

• Amniga qof walba - Dib u eegista F-Secure Freedome VPN

• 7 shay oo aad ku samayn karto ESET Suganaanshaha Sugan

• Abaalmarinnada: Alaabta antivirus ugu fiican sanadka 2018

• Falanqaynta: Rakibaadda abka desktop-ka ee degdega ah waxay burburisaa waxqabadka kombayutarka!

• 9 shuruudood oo muhiim ah oo la isticmaalo marka aad dooranayso software-ka antivirus

• Sida loogu daro oo loogu isticmaalo VPN gudaha Windows 10 (dhammaan waxaad u baahan tahay inaad ogaato)

• 3 Sababood oo ay ugu daraan koodka QR gudaha Windows 10 BSODs waa fikrad xun

• Amniga qof walba - Dib u eegista TunnelBear 3 VPN ee Windows

• Sida loo abuuro, loo habeeyo oo loo isticmaalo xidhiidhka VPN ee iPhone (ama iPadka)