Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes Cisco network devices and provides various detailed reports on the devices deployed in customer networks. To help ensure customers stay informed about important alerts announced by Cisco, Inventory Reporting, Collection, and Analysis also includes a Product Alerts/Advisory report displaying Cisco alerts that affect devices in customer networks. Inventory Reporting, Collection, and Analysis also allows customers to customize reports displaying only the inventory data that is of most interest and importance and omit the information that is not relevant. Q. What is the Inventory Collection, Reporting, and Analysis deployment model? A. Inventory Reporting, Collection, and Analysis is a system composed of Cisco Network Collector; Transport Gateway; Inventory Reporting, Collection, and Analysis; and the Inventory Reporting, Collection, and Analysis portal. The Cisco Network Collector collects network device inventory and network device configuration data based on product and collection rules from the customer network and uploads the data securely to the Cisco back end (that is, Inventory and Reporting) for analysis and reporting. Cisco Network Collector relies on Transport Gateway, which securely transports customer network data collected by Cisco Network Collector to Inventory and Reporting, which resides in the Cisco back-end system (that is, behind the Cisco firewall). The Inventory Reporting, Collection, and Analysis web portal enables the Inventory Reporting, Collection, and Analysis user to register other users for access to Inventory Reporting, Collection, and Analysis and to securely view reports of a user s network devices and configuration. The Inventory Reporting, Collection, and Analysis web portal is the only mechanism from which a user can generate and view various reports and export the reports to PDF or CSV format. Q. What security policy does Inventory Reporting, Collection, and Analysis address? A. Inventory Reporting, Collection, and Analysis security covers data use and data security measures for customer network data collected by Cisco Network Collector and processed by Inventory Reporting, Collection, and Analysis. Q. What is considered customer network data? A. Customer network data includes network inventory, configuration, syslog, audit, and diagnostic data collected and analyzed by Cisco Service Technology Solutions (STS) tools. Also included within scope is the customer seedfile data identifying customer network hostnames, IP addresses, and device accounts and passwords, which is gathered prior to the collection process. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7
Q. What is Security Alert Manager? A. Security Alert Manager is a web-based threat and vulnerability intelligence service that provides early warning, analysis, decision support, and threat management tools to aid our clients in protecting their electronic infrastructure. It issues alerts that cover the entire threat landscape: security vulnerabilities, malicious codes (worms, viruses, and Trojans), and global security trends. IntelliShield Alert Manager enables you to filter out all of the "noise" and only receive information on technologies that are relevant to your environment. Q. How do I access Security Alert Manager? A. Security Alert Manager can be accessed at https://intellishield.cisco.com. Similar to Inventory Reporting, Collection, and Analysis, a username and password pair is required to access Security Alert Manager. Unlike Inventory Reporting, Collection, and Analysis, Security Alert Manager does not depend on the user s Cisco.com ID and requires a user to create username and password pair to log in the IntelliShield portal. Q. Is the connection to the IntelliShield web portal secure? A. Yes. Connection to the Security Alert Manager web portal is over HTTPS to protect the privacy and confidentiality of the reporting data. Q. What are your sources for Security Alert Manager? A. Security Alert Manager obtains alerts from public and private sources, including product vendors, government agencies, security firms, and more. Q. How quickly does Security Alert Manager publish alerts compared to other companies, like antivirus vendors? A. Cisco puts alerts out in as timely a fashion as possible. Our goal is to provide a more complete picture than any single source. Q. Why was Security Alert Manager not the first to come out with information on a threat or vulnerability? A. We cannot be first to publish every alert although we do strive to do so. We firmly believe that our content and our multiple sources, as well as our ongoing analysis, allow us to produce firstclass intelligence in a timely manner. Our multisource approach enables us to validate and verify information before we publish it as intelligence. Data Use Q. How does Cisco use customer network data? A. All customer network raw data collected by Cisco tools for service delivery will be used in the delivery of contracted services as well as for Cisco downstream services and business functions supporting Cisco customers and business. Q. Who at Cisco has access to customer network data? A. Customer network data is available to Cisco internal personnel for use in approved business functions that include but are not limited to product development, product testing, integration testing, HW replacement, and contract renewal. Q. How does Cisco control access to customer network data? A. All data use is controlled via individual user authentication with use limited to the stated business purpose. All use of customer network data for downstream services and businesses must be approved by Cisco STS and Legal. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7
Data Collection Q. Where does the data collection take place? A. All data collection is done on the customer premises by Cisco Network Collector, which is installed on a server inside the customer network. Q. How is security controlled during the collection? A. Since the collection is done inside the customer network, data security from the customer network to Cisco Network Collector is controlled by the customer. Q. Is the customer responsible for the security of the data collected by Cisco Network Collector? A. Yes, until the data reaches Cisco Network Collector, the data security is now shifted to Cisco or the partner during the storage, transmission, and processing of the data. Data Transmission Q. Is the customer data secured when transmitting data from the customer network to Cisco back end? A. Yes. Prior to transmission, customer raw data is packaged and encrypted using the AES-128 encryption algorithm. The encrypted data is also signed using PKI. This extra effort helps ensure a customer cannot view other customers data except his/her own. The encrypted and signed package is then transported via the secured HTTPS to the Cisco back end for service processing. By using HTTPS, the customer data is again encrypted before it reaches the upload server in the Cisco back-end system. Q. What is AES-128 encryption? A. The Advanced Encryption Standard (AES) is adopted as an encryption standard by the U.S. government. This encryption algorithm is fast in both software and hardware, relatively easy to implement, and requires little memory. AES has been deployed on a large scale and offers strong encryption of the data to be transmitted. Q. What is PKI? A. PKI stands for Public Key Infrastructure. It is a system for managing public-key encryption and digital certificates or signature services. By managing keys and certificates through a PKI, an organization establishes and maintains a trustworthy networking environment. A PKI enables the use of encryption and digital signature services across a wide variety of applications. Q. Why is PKI important? A. To protect the security and privacy of customer network data, a digital certificate with digital signature containing: The user's name in the format of a distinguished name. The distinguished name specifies the user's name and any additional attributes required to uniquely identify the user (for example, the distinguished name could contain the user's employee number). A public key of the user. The public key is required so that others can encrypt for the user or verify the user's digital signature. The validity period (or lifetime) of the certificate (a start date and an end date). The specific operations for which the public key is to be used (whether for encrypting data, verifying digital signatures, or both). By using PKI, Cisco provides customer the confidence that the key obtained from the certificate is valid and can be used only in the manner for which it is intended. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7
Q. Why does Cisco use HTTPS to transmit customer network data? A. HTTPS encrypts and decrypts the information between the client and server using SSL. By using SSL, the customer network data is again encrypted, thus adding more security to the data during the transmission. Data Storage Q. After collection, where is the customer network data stored? A. Cisco Network Collector performs data collection on the customer premises only. Cisco Network Collector may reside on Cisco and partner laptops and notebooks or on dedicated collector servers at the customer premises. In order to protect against inappropriate access or use of the collector technology, Cisco Network Collector and the server it runs on are protected via security mechanisms including but not limited to the following: Passwords are kept in encoded state in the db to minimize vulnerability. Cisco Network Collector services are performed via unprivileged user accounts (no read/write access to the db). Cisco Network Collector technology is access-restricted via CLI and/or web interfaces. Q. After the customer network data is transmitted to Cisco back-end system, where is it stored? A. When the customer network data reaches the Cisco back end, it is stored in an upload server. The data will be automatically purged three weeks after it is uploaded. Q. When does Inventory Collection, Reporting, and Analysis retrieve the data from the upload server? A. Inventory Reporting, Collection, and Analysis polls the upload server every minute to identify and pull over the newly collected data. Q. How secure is the upload server? A. There is strict access control to the upload server. The only persons who can log in to the upload servers are within Cisco (limited to a few user IDs who provide support from STS/IT). Servers are also monitored by Infosec/IT for inappropriate activity (since they're within Cisco DMZ) and do have firewall protection to help ensure no new ports are opened up on the server. Q. Is the customer network data on the Inventory Reporting, Collection, and Analysis server encrypted? A. Data stored on Inventory Reporting, Collection, and Analysis server is not encrypted. However, Cisco complies with stringent requirements and internal policies for data protection of all internal Cisco servers. Inventory Reporting, Collection, and Analysis will validate the signature on the encrypted data before starting the decryption. If Inventory Reporting, Collection, and Analysis detects any discrepancy with the signature, it will not decrypt the data and notify the user about the problem. The user then has an option to reupload the data or investigate the root cause of the problem. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7
Data Access Q. What is Cisco s policy to protect the security and privacy of customer network data? A. Cisco is committed to protecting the privacy and confidentiality of the customer data we store. To help ensure this the following steps are taken: The Inventory Reporting, Collection, and Analysis application that processes customer data is located behind the Cisco firewalls and on a secure switched segment of the network. The data that resides on these production machines is managed and controlled by Cisco IT. The installation process for all Cisco IT machines follows a rigorous standard of security. This includes the installation of titan scripts to harden these machines. The machines are kept in a lock-and-key facility where access is restricted to Cisco IT administrators only. These machines are distributed in numerous geographical locations. The data is backed up daily. The uploaded customer network information is uncompressed and decrypted only on Cisco production machines inside the Cisco firewalls. Additional steps are taken to help ensure the signature on the encrypted data matches with the signature maintained in Inventory Reporting, Collection, and Analysis for the entitled company. If Inventory Reporting, Collection, and Analysis detects any change or mismatch of the signature, it will not decrypt the data. Moreover, Cisco intrusion detection systems are deployed throughout the corporate network and the restricted network on which the back-end data is stored. Q. Who has access to the raw customer network data? A. The Inventory Reporting, Collection, and Analysis server automates many tasks to process customer network data. If needed, only authorized staff is allowed to access the data. Moreover, all Cisco employees are required to protect and preserve the privacy of customer network data. Reports Q. How do customers access their data reports? A. After Inventory Collection, Reporting, and Analysis processes the customer network data, users can access the Inventory Reporting, Collection, and Analysis web portal to generate reports. The web portal provides a secure interface that lets users select a variety of reports in several different format types. Reports can also be exported to CSV or PDF format. Q. Who has access to customer network data? A. To access the Inventory Reporting, Collection, and Analysis portal, a user must have been registered for the data of the entitled company whose data reports the user wishes to access. Q. Can a registered user access reports of another user s network data? A. No, each user has a profile created in Inventory Reporting, Collection, and Analysis, and the profile dictates the entitled company for which the user can gain access. Furthermore, in order to register with Inventory Reporting, Collection, and Analysis, the user must have a valid Cisco.com ID, which is mapped to the entitled company of the user. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7
Q. Is the connection to the Inventory Reporting, Collection, and Analysis web portal secure? A. Connection to the Inventory Reporting, Collection, and Analysis web portal is over HTTPS to protect the privacy and confidentiality of the reporting data. Q. Are the reports kept on the Inventory Reporting, Collection, and Analysis server? A. No, the Inventory Reporting, Collection, and Analysis reports are generated dynamically and are not kept on the Inventory Reporting, Collection, and Analysis servers. Data Management Q. How often does Cisco back up the customer network data? A. Cisco supports regular daily backups for raw customer data stored on the Inventory Reporting, Collection, and Analysis server residing inside the Cisco firewall. First, the data is backed up to a second disk. Periodically, the data on the second disk is stored on backup media and shipped to a third-party security vendor for storage in compliance with government regulatory standards. Q. Does Inventory Reporting, Collection, and Analysis back up the raw data stored on the Cisco Network Collector server? A. No. Raw customer data stored on local collection Cisco laptops/notebooks residing in the customer facility is not backed up. Q. How long does the upload server keep the uploaded customer network data? A. The data residing in the upload server will be purged after three weeks, starting from the time it was uploaded to the Cisco back-end system. A nightly job is run by Cisco IT to detect and purge data that resides in the upload servers for three weeks or longer. Q. How long does the Inventory Reporting, Collection, and Analysis server retain the processed customer network data? A. At the present time there is no policy in place to purge this data with any regularity. However, this data can be purged manually if the customer requests Cisco to delete the data. Customer data is stored on the Inventory Reporting, Collection, and Analysis server inside the Cisco firewall. Q. Is the customer network data covered under the Cisco disaster recovery policy? A. Yes. Cisco supports an enterprisewide disaster recovery plan for all data stored and managed inside the Cisco firewall. Inventory Reporting, Collection, and Analysis subscribes to Cisco disaster recovery and business continuity info/guidelines. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7
Printed in USA C67-508149-00 11/08 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7