Tag Archive for IOS

Whats Up With Cisco?

Whats Up With Cisco?What is up with Cisco? Their fiscal results for the recently closed 2017 Q3 showed revenue of $11.9 billion, a 1% decline in revenue, compared to the same quarter last year. This is the 6th consecutive down quarter. The networking goliath also issued downward guidance for 2017 Q4. They estimated a revenue declines of 4-6% year-over year.

Cisco logoOn the earnings call, Cisco CEO Chuck Robbins blamed several factors for the lower guidance. He cited:

  • “a pretty significant stall right now” in the U.S. federal public sector
  • Service provider revenues were down in Mexico.
  • United Kingdom business is being dampened by currency issues.
  • Middle East, there is “pressure… relative to oil prices.”

Then there are the layoffs. Cisco buried the announcement in a footnote in the company’s SEC 8-K report that 1,100 more layoffs are coming, on top of the 5,500 announced Layoffsin August 2016.

In May 2017, we extended the restructuring plan to include an additional 1,100 employees with $150 million of estimated additional pretax charges.

According to SDXCentral, the Cisco CEO stressed several times on the earnings call, that the company is transitioning to more software and subscription-based business. He declared,

I am pleased with the progress we are making on the multi-year transformation of our business.

These weak fiscal results and the move to a subscription-based business have led to speculation about what the Cisco business will look like in the future. TechTarget speculates that Cisco may go so far as to separate the Network Operating System (NOS) from the hardware. They contend that such a move would be a dramatic departure from Cisco’s traditional business model of bundling high-margin hardware with its NOS. The author believes that market trends will likely force the vendor to release an open NOS.

Cisco Catalyst 3750-E.TechTarget cites reports from the The Information that a hardware-independent NOS called Lindt is coming. Reportedly Lindt will run on a white box powered by merchant silicon. According to the article, a number of market trends are driving the move to a hardware-independent NOS.

The first market trend forcing Cisco to release a hardware-independent NOS is the company’s declining dominance of the Ethernet switch market. Since 2011, the company’s share has dropped from about 75% to less than 60% last year, according to the financial research site Trefis. The decline is important to Cisco’s bottom line because switches accounted for 40% of Cisco’s product sales in 2016, 30% of net revenues and 20% of the company’s $162 billion valuation, Trefis reported.

Infrastructure as a ServiceCisco’s weakening performance in switching is tied to the second market trend forcing Cisco to release a hardware-independent NOS. It’s customers are turning to public cloud providers, such as Amazon (AMZN) Web Services, Microsoft (MSFT) Azure and IBM (IBM) SoftLayer, for their IT infrastructure. The more enterprises subscribe to infrastructure as a service, the less networking gear they need in their data centers.

The shift to cloud providers is found in the latest numbers from Synergy Research Group. Revenue from public cloud infrastructure services is growing at almost 50% a year. In the fourth quarter of last year, revenues topped $7 billion.

Cloud providersThe third market trend forcing Cisco to release a hardware-independent NOS is the trend where enterprises that were Cisco’s largest customers are joining cloud providers in building open networking hardware and software to replace inflexible proprietary systems that lock them to a vendor. Those companies include large financial institutions, like Bank of America, Goldman Sachs and Fidelity Investments, and communication service providers, such as AT&T (T), Deutsche Telekom and Verizon (VZ).

The technology shift is driving an enormous amount of spending on IT infrastructure. Worldwide spending on public and private cloud environments will increase 15% this year from 2016 to $42 billion, according to IDC. Meanwhile, spending in Cisco’s core market of traditional infrastructure for noncloud data centers will fall by 5%.

Arista NetworksWhile Cisco is ignoring the trend away from proprietary hardware, the article says Cisco’s rivals are embracing it. Juniper Networks (JNPR) and Arista Networks (ANET) have released a version of their NOS for white boxes favored by cloud providers and large enterprises. Both companies reported year-to-year revenue growth in switching last year. Even Cisco’s patent lawsuit against upstart Arista was set-back by the courts.

Rohit Mehra, an analyst at IDC hypothesized that Cisco’s resistance to change is likely due to fear that giving customers other hardware options would accelerate declining sales in switching. “There would be potentially some risk of cannibalization in the enterprise space,” he added.

Cisco insists its customers are not interested in buying networking software that’s separate from the underlying switch. The Cisco spokesperson told TechTarget:

Cisco insists its customers are not interested

The vast majority of our customers see tremendous value in the power and efficiency of Cisco’s integrated network platforms, and the tight integration of hardware and software will continue to be the basis of the networking solutions we offer our customers

TechTarget adds that Cisco doesn’t say the article is wrong. Instead, the company falls back on a corporate cliché for refusing to discuss a media report. “We don’t comment on rumor or speculation,” a Cisco spokesperson said.

The networking market is evolving away from the hardware that Cisco depends on for much of its valuation. Cisco will resist changing its market approach for as long as possible. But in the end, the company will have to become a part of the trend with an open NOS capable of running on whatever hardware the customer chooses.

Mergers and acquisitionsRather than change its model for selling networking gear, Cisco has spent billions of dollars on acquisitions over the last few years to create software and subscription-based businesses in security and analytics. But Cisco’s software push has yet to pay off with 5 conservative down quarters.

Finally, Cisco just recently patched a flaw in IOS software that affected more than 300 models of its switches. Despite issuing an advisory on March 17, Cisco did not release the patch for this vulnerability until May 8, 2017. The Cisco vulnerability was part of the Vault 7 WikiLeaks dump of alleged CIA hacking tools.

Alleged CIA hacking toolsThe vulnerability, rated a critical 9.8 out of 10 by the Common Vulnerability Scoring System, is in the Cluster Management Protocol, or CMP. could allow a remote, unauthenticated attacker to reload devices or execute code with elevated privileges. This vulnerability can be exploited during Telnet session negotiation over either IPv4 or IPv6.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Cisco Loves Apple

Cisco Loves AppleApple has announced a new partnership with network giant Cisco. If you believe Fortune, the goal is to sell more iPhones and iPads to business customers. The move is intended to make it easier for businesses to use Cisco products like its video and web conferencing services and chatting software on Apple‘s (AAPL) mobile devices. Fortune says that now, no new products have been announced under the partnership.

Apple and CiscoIn fact this collaboration seems to a deal looking for a plan. Rowan Trollope, Cisco’s senior vice president and general manager of Cisco’s collaboration technology group, told the author that both Cisco (CSCO) and Apple sales teams would soon meet with business leaders at other companies to discuss their technology needs. The conversations are intended to help give Cisco and Apple ideas about the products they will develop together. He also declined to confirm if any Cisco or Apple engineers are engaged or any timeline for when the new products will hit the market.

Even though there are no plans, the Cisco VP claimed that customers will be able to prioritize mobile traffic on their networks so that workers watching YouTube videos on their iPhones won’t hog all of a company’s bandwidth. Apparently Cisco and Apple engineers will work on updating iOS Apple’s mobile operating system, to prioritize network traffic from Apple devices, which “would be difficult without a joint engineering project,” according to the article.

Prioritization would be a good start, iOS updates have crushed networks in the past. The number of hoops you have to jump through to make AppleTV’s Bonjour work on an enterprise network is stupid.  Just proof that Apple is not ready for the enterprise.

TelePresence Cisco has tried to create new product lines outside of its core networking and switching businesses to help boost its sales. Sales of its collaboration products are so stagnant that the firm has resorted to 85% discounts on telepresence gear.

Cisco has a history of buying consumer-orientated business like Apple, destroying the business and then jettisoning the remains LinkSys and Flip Video come to mind.

Apple has also buddied up to IBM (IBM). The plan seems to be to add an IBM markup to overpriced Apple mobile devices and sell them to firms that have too much money. The combination has developed pushed-based apps that target specific industries, like healthcare or law enforcement.

rb-

The fanboyz are drooling over this deal – Apple Will Change the World (again?) – Maybe if they clean up their proprietary non-routable protocols.

It has been a while since Cisco has done something notable. Maybe new CIO Chuck Robbins will shake things up at Cisco now that King Chambers has mostly moved on.

 

 

RaRalph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Prevent Pervy Pics

Prevent Pervy PicsFrom the world of unintended consequences, iPhone users have become the victims of a new phenomenon known as cyber-flashing. Reports out of London state that iPhone users are being sent unsolicited and indecent photographs over an Apple feature called AirDrop.

BluetoothAirDrop is a feature on the iPhone, iPad, and Mac computers where users can send files, such as images, to each other at close range up to 33 feet (10 m) via a Bluetooth connection. Apparently even if the receiver rejects the photo, they are still shown an uncensored preview of the image.

AirDrop initially establishes a connection over Bluetooth, but then uses a direct Wi-Fi connection between the two iPhones to send files, making the transfer much quicker.  It’s supported by devices from the iPhone 5 onwards with iOS 7 released back in 2013.

To prevent the pervy pics from appearing on your iDevice, you need to take action. Mark James, security specialist at ESET UK, explains, you have to set your AirDrop settings to “Contacts only” which will only permit AirDrop file transfers from people in your address book or disable AirDrop entirely. He explains that AirDrop is not turned on by default, but it’s easy to set AirDrop to receive from Everyone, and then forget all about it.

ESET explains how to prevent cyber flashing:

  1. On the home screen of your iPhone, swipe up to open the Control Center.
  2. Tap on AirDrop, below the media playback and volume controls.Tap ‘Off’ or ‘Contacts Only’ to prevent files being sent from strangers.

iPhone

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Mobile Apps Leaking Your Info

Mobile Apps Leaking Your InfoJust in time for Blackhat, San Francisco based Appthority released its Q2 2015 Enterprise Mobile Threat Report. The big headline from the Appthority report is that enterprise mobile apps are sending personal identifiable information (PII) and other sensitive information all over the world often without the enterprise’s knowledge.

AppthorityFierceMobileIT says that the Appthority Enterprise Mobile Threat Team (EMTT) collected and analyzed security and risky behaviors in three million apps and found that the top iOS apps sent data to 92 different countries, while the top Android apps sent data to 63 different countries.

The report found another threat to all data. Appthority’s all-in-one App Risk Management service shows that 100% of enterprises they surveyed have zombie apps in their environments. Zombie apps are apps that have been revoked by the app stores and are no longer getting security updates. Zombie apps can give attackers a conduit into the enterprise.

App StoreThe report estimates that 5.2% of the Apple (AAPL) iOS apps on employee devices in an enterprise are dead apps, and 37.3% are stale Apps. On Google (GOOG) Android devices,  3.9% are dead apps and 31.8% are stale apps.

One threat from zombie apps, Appthority cites is that malicious third parties could use a man-in-the-middle attack to hijack the update mechanism for these apps to install new malware on user devices.

Despite the threats, app stores run by Apple, Google, and Microsoft (MSFT) are under no regulatory obligation to tell users of revoked apps — either for copyright infringements or serious security/privacy concerns discovered after release — the report points out. Domingo Guerra, president and co-founder of Appthority classified this as a stealthy risk; “The ongoing threat of zombie apps and stale apps continues to be an ‘under the radar’ threat to the enterprise“.

programmersA third risk to the firm’s data comes from their own programmers. The venture capital backed Appthority claims over-taxed enterprise app development teams are increasingly relying on third-party libraries and software development kits. Vulnerabilities in the third-party packages can put enterprise data at risk when they get baked into a corporate app.

The company, told CSO that few mobile devices have security applications installed. In particular, only 4 percent of Android devices in use within enterprises had on-device scanning solutions.

Rb-
Firms that depend on mobile solutions as part of a Bring Your Own Device (BYOD) effort need to look after their apps as well as connectivity and hardware and data and governance and reimbursements. Bring your own device hardly seems like a cost saver to me.

I have said this repeatedly, it seems like costs are just being moved around. From spending on a PC in the office that is very less likely to be lost and that can be controlled to a bunch of new enterprise applications like EMM, mobile anti-malware to app monitoring.

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

SmartWatches – Not Ready for Primetime

PSmartWatches - Not Ready for Primetimeundits predict that Apple iWatch sales will surpass iPad first year sales. The experts expect Apple to sell 21 million iWatches in fiscal 2015. Many believe that the iWatch will drive wearable tech into the enterprise. With this kind of hype, security vendors have started to take a look at the iWatch and its kin.

SMARTWATCHFierceMobileIT reports that just in time for BlackHat, MobileIron released a report looking at the security risks smartwatches pose to corporate data. According to the enterprise mobility management firm, workers are increasingly using smartwatches to connect wirelessly to their smartphones and access corporate email, calendar, contacts and apps.

MobileIron looked at the security of smartwatches that can be paired with iOS and Android smartphones accessing enterprise resources as well as the pairing apps on the smartphones. The author says the EMM vendor analyzed the Apple (AAPL) Watch, Motorola Moto 360,Samsung (005930) Gear 2 Neo and Shenzhen Qini U8.

MOBILEIRONThe Qini U8 had a pairing app that displayed some “suspicious behaviors” that could pose a risk to personally identifiable data such as access to downloaded and cached content and phone hardware data, judged MobileIron. The pairing app was downloaded from an unknown IP address in China and not the relative safety of the official Google Play store, which scans apps from malicious traits.

Another security concern noted in the article is the implementation of passcodes on smartwatches. Smartphone passcodes are usually time-based, so that if the device is not used within a certain time period, the device is locked and access requires entering the passcode.

SmartDick Tracywatch passcodes examined by MobileIron are proximity-based, so that the device is locked when the smartwatch loses wireless connection with the smartphone. However, only the Apple Watch prompted the user to set up a passcode, suggesting that many users of the other smartwatches do not enable the passcode option.

In addition, smartwatches do not have enterprise mobility application programming interfaces to do policy enforcement on the devices. The Apple Watch stood out in terms of security by wiping enterprise apps from the device when its companion iPhone is quarantined or retired and the enterprise apps are removed from the phone.

CrackerIn terms of data encryption, there is no encryption on the Shenzhen Qini U8, while it is optional at the app level for the Motorola Mobility Moto 360 and the Samsung Gear 2 Neo. For the Apple Watch, encryption is enabled for the data on the watch and optional at the app level. The MobileIron report concluded, “As enterprises embrace these devices for enterprise applications …  we expect smartwatch vendors to place an even stronger emphasis on security” .

Not only has MobileIron recently scrutinized smartwatches so has HP. HP’s Fortify security unit tested 10 different smartwatches and found that all of them were vulnerable to cyber attacks.

HP (HPQ) did not say which brand of smartwatches it tested. However, FierceITSecurity reports that HP it did test the devices and their Android and iOS cloud and mobile app components, indicating that the Apple Watch was one of those tested.

HPHP Fortify found that all the smartwatches they tested were insecure. Jason Schmitt, general manager of HP security at Fortify said

[Smartwatches] … will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks 

HP combined manual testing and automated tools to check the devices against the open web application security project’s Internet of Things Top 10 security risks. HP found that data collected on the smartwatch was often sent to multiple backend destinations (often including third parties). The researchers used HP’s Fortify on Demand to find many more smartwatch  vulnerabilities (PDF, reg. req).

  • Broken watch100% tested were paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts.
  • 90% allowed watch communications to be easily intercepted.
    • 70% of the time firmware was transmitted without encryption.
    • Only 50% of tested devices offered the ability to add a screen lock (PIN or Pattern), which could hinder access if lost or stolen.
    •40% of the cloud connections were vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2. Transport encryption is critical because personal information is being moved to multiple locations in the cloud.

HP offered recommendations for consumers looking to use smartwatches more securely:

  1. Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor etc).
  2. Enable passcodes to prevent unauthorized access to your data, opening of doors, or payments on your behalf.
  3. Enable security functionality (passcodes, screen locks, two-factor and encryption).
  4. Use strong passwords for any interface such as mobile or cloud applications associated with your watch.
  5. Do not approve any unknown pairing requests to the watch.

These security measures are also critical as smartwatches enter the workplace and connected to corporate networks. HP recommends that enterprise technical teams:

  1. Ensure TLS implementations are configured and implemented properly.
  2. Require strong passwords to protect user accounts and sensitive data.
  3. Implement controls to prevent man-in-the-middle attacks.

rb-

As smartwatches become more mainstream, they will increasingly store more sensitive information such as health data, and enable physical access functions including unlocking cars and homes. HP’s Schmitt warns that,

Smartwatches … open the door to new threats to sensitive information and activities … vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.

All smartwatches collected some form of personal information, such as name, address, weight, gender, heart rate and other health information. Given the account issues and weak passwords identified by MobileIron and HP, the exposure of this personal information is a concern. I am calling smartwatches not ready for prime-time.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.