Cisco ISE with VPN overview: ASA Version 9.2.1 with ISE 1.2 remediation without an IPN

remote access Cisco ISE with VPN overview: ASA Version 9.2.1 with ISE 1.2 remediation without an IPN

One common question I’ve been asked is what are the current requirements to perform authentication, authorization, and remediation when using VPN (usually Cisco ASA VPN) and Cisco Identity Services Engine ISE. This post will cover this subject however I suggest for those with Cisco ASA 9.2.1 and ISE should reference this really good configuration guide found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Security Manager CSM Overview – 4.6 SP1 Update Available

CSM 11 Cisco Security Manager CSM Overview   4.6 SP1 Update Available

This week’s product overview is Cisco Security Manager also known as CSM. For some people, hearing CSM makes them cringe as older versions from 4+ years ago had some issues. Personally, I consider the recent CSM release a completely different solution and I’m sure just by the screenshots, people familiar with the old version will not recognize anything as its been completely rebuilt.

Cisco Security Manager is used to manage multiple Cisco security products. Management includes centralizing configuration, quickly troubleshooting security events, unifying software versions, backing up configuration, enforcing policies for best practice, and reporting. Products that can be managed by CSM include ASAs, IPS modules / Appliances, Firewall Service Modules, ISR routers, Switches and VPN. Its installed as a software package but can also be purchased as a bundle with a UCS server for those looking for a appliance feel. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

ASA CX 9.3.1.1 Out Now – New Features And Upgrade Overview

GUI 2 ASA CX 9.3.1.1 Out Now   New Features And Upgrade OverviewCisco has been in the firewall business since the mid 90s. They have built upon that platform by adding VPN and now various “next generation” security features such as IPS/IDS, Reputation blocking and Application Visibility and Controls all from a single solution. This is know as ASA CX (more on ASA CX found HERE and how to build a lab found HERE). The latest release just came out June 30th and available for download. The ASA 9.3 release notes can be found HERE.

Here is an overview of whats new with 9.3 Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Using Lancope to identify Putter Panda, Heartbleed and other attacks

what is forensic locksmithing Using Lancope to identify Putter Panda, Heartbleed and other attacks Lancope is a NetFlow based tool that can turn your network into a gigantic sensor grid. This includes routers, switches, wireless access points, virtual systems aka servers in your data center and so on. So rather than having a handful of security tools looking for threats, your entire network takes part in your security defense against cyber attacks. I’ve wrote about Lancope HERE as well as how to build your own Lancope lab HERE. Lancope Infographic option2 Using Lancope to identify Putter Panda, Heartbleed and other attacks The Lancope team runs a blog found HERE that has provided posts about using their solution to identify the latest cyber attacks. Some interesting articles recently posted focus on threats like Heartbleed, Putter Panda and Saffron Rose. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Interview with Aamir Lakhani Co-Author of Web Penetration Testing with Kali Linux

SecurityOrb2 Interview with Aamir Lakhani Co Author of Web Penetration Testing with Kali Linux

Here is the other SecurityOrb Interview with my good buddy Aamir Lakhani. Kellep Charles interviewed both of us regarding our book and other general security topics. You can find the Aamir Lakhani interview HERE or on the Security ORB website. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Sourcefire Defense Center Overview

Cisco acquired Sourcefire in 2013 as part of a strategic move to enhance Cisco’s security portfolio. Sourcefire’s catalog covers IPS/IDS, Application Security and Control, Firewalling, Malware Detection and a slew of open source tools such as SNORT, ClamAV, and Razorback.

One key piece to the Sourcefire puzzle is the management of the various solutions. This is done through Defense Center, which is the centralized management tool used for visibility of security and network events across the entire network. This post will provide a overview of using Defense Center from a administrative viewpoint.

SourceFireLogin1 Sourcefire Defense Center Overview

Sourcefire login screen Continue reading

VN:F [1.9.22_1171]
Rating: 3.7/5 (3 votes cast)

How Internet Forensics Changed Criminal Investigations

The people from Cyber Crimebusters developed a Infographic about how Internet forensics has changed criminal investigations. The original can be found HERE.

The interesting points to me are how social media and mobile devices are becoming a common source for investigations. I find it humorous when people post pictures of themselves doing crazy things on social media sources and shocked when that comes back to haunt them later such as in job interviews. I’ve provided examples of how I used people’s data on Facebook (previous job roles, friend’s current location, etc) to pretend I’m a friend from years ago using a fake Facebook ID to obtain data during an authorized penetration testing (more on that HERE). Its critical to know what you have public about yourself and question anybody that seems fishy. Trust me, its better to ask for proof of identity when you don’t know who you are speaking with rather than assume the wrong person is a trusted friend.  Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)

Days After a Federal Seizure, Another Type of Ransomware Gains Ground

cryptolocker Days After a Federal Seizure, Another Type of Ransomware Gains Ground

Nicole Perlroth wrote a interesting post on the NewYorkTimes blog about a new type of Ransomware and Cisco’s view as it spreads in the wild. The original post can be found HERE

It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. More on Ransomware such as CryptoLocker can be found HERE

Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)