Cisco on Cisco

Virtual panel discussion highlights the value of security monitoring for Cisco TelePresence.

At the 2008 VoiceCon conference in Orlando, Florida, a Cisco TelePresence business-to-business call connected a virtual panel discussion among Nobel laureate Al Gore (joining from Nashville, Tennessee), Cisco CEO John Chambers (joining from San Jose, California), and moderator and ITN correspondent Lawrence McGinty (joining from London). In addition to the audience watching the event at the conference, the discussion was also displayed live to audiences in London, Paris, Dubai, and Warsaw, creating a unique experience in which participants were virtually sitting across the table from these high-profile leaders from around the world.

Securing the network connections for all sites participating in this Cisco TelePresence session was an important part of assuring a smooth and successful event. Members of the Cisco Computer Security Incident Response Team (CSIRT) team used several Cisco products and best practices to monitor security and address traffic anomalies as they arose during the call.

Real-Time Session Monitoring

The primary monitoring capabilities were provided by Cisco IDS 4260 Sensor event data, Cisco IOS NetFlow data, and system log (syslog) messages from Cisco routers. These data were exported to the Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) and analyzed for possible threats. Using these tools, the security team could monitor all traffic on the network connections among the TelePresence devices and sites, and identify attempted attacks and other unusual traffic that might disrupt the TelePresence session.

The team easily identified and resolved the small number of concerns that arose during the VoiceCon event. In one case, the intrusion detection sensor identified a traffic stream that normally indicates an attempted denial-of-service attack. Further investigation revealed this stream to be a long-running Internet Control Message Protocol (ICMP) ping session executed by a Cisco engineer to continually check device status. All of the identified issues were corrected and none of the links experienced external threats during the VoiceCon discussion.

“We closely monitored the traffic and asked whether we could justify every connection we saw on the network link and devices,” says Jeff Bollinger, IT Security Engineer/Incident Manager for Cisco CSIRT.

Security for Business-to-Business TelePresence Calls

Cisco CSIRT personnel provide similar security monitoring support for TelePresence calls between Cisco and its customers. “Because these calls involve separate networks, we want to make sure that no security threat enters the customer network from the Cisco network and vice versa,” says Bollinger.

These business-to-business TelePresence calls are managed by another Cisco team. “When we planned for our business-to-business TelePresence calls, one of the most important items that we considered was the security of the calls going through company’s firewall,” says Rami Mazid, senior director of emerging technology IT at Cisco. “We have engaged our internal information security expert team to ensure that all calls that are made over TelePresence are fully secured. Our TelePresence codecs will also display a security icon as soon as the call is made over a business-to-business link.”

Continuous Refinement of Security Measures

“By using information provided by the Cisco network monitoring technologies, we’re able to monitor for potential threats before each TelePresence call, which helps to ensure a smoother session and reduces the activity we need to monitor in real-time,” says Bollinger.

In addition, knowledge gained from these early TelePresence meetings about what is normal and expected traffic during a TelePresence session can be used to remove normalized network events (false positives) in the Cisco Security MARS system, which means fewer unnecessary alerts during a call.

With the experience gained from involvement in many Cisco TelePresence calls, Cisco CSIRT is able to continuously improve its security monitoring activities while sustaining growth to meet the burgeoning needs of more specialized monitoring engagements.

For More Information

Cisco on Cisco TelePresence Solutions
Cisco on Cisco Security Solutions
Climate Change and Technology Video with Al Gore
Cisco on Cisco