How to configure an ASA with built-in Sourcefire Firepower home lab

ASASF How to configure an ASA with built in Sourcefire Firepower home labFor those following Cisco security, you probably know Cisco acquired Sourcefire last year (more found HERE). The most anticipated release has been adding Sourcefire’s flagship Firepower offering inside Cisco’s most popular firewall offering the Adaptive Security Appliance (ASA). As of September 16th, this offering is officially available. You can find data sheets, configuration guides and more on the new release HERE. This post will cover steps I used to build my ASA with Soucefire lab. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Fun building a CCIE Security home Lab

homelab Fun building a CCIE Security home LabI built a CCIE lab a while back and found the process to be a bit cumbersome. The hardware and software requirements were clear (4.0 version found HERE), but not the actual construction of a home lab. Here is an explanation of how I built my lab. This is my experience so I’m not saying it’s the right way, but its how I did it. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Advanced Malware Protection AMP for Endpoints Overview

AMP2 Advanced Malware Protection AMP for Endpoints Overview

Detecting threats on endpoints like laptops and mobile devices is important but not enough to defend against the threats we see against our users. Reason why is Anti-Virus and host IPS/IDS can only scan for so many signatures and leverage so many behavior checks before they must let the traffic go through or it will impact the user experience. This is why many users get compromised by clicking the wrong email, accessing the wrong website, share the wrong USB drive and so on. Detection needs to extend beyond the doorway and look at files that have breached a host’s defense to determine if that system has been compromised as well as offer a method to remediate the entire outbreak. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Payment Card Industry PCI Security Best Practices

PCI 1 Payment Card Industry PCI Security Best PracticesMany industries rely on revenue generated by sales and if credit is used, Payment Card Industry (PCI) compliance is mandated. This includes all industries that process, store or transmit credit card information. Like any compliancy standard, this is the minimal level of real security and should not be considered the goal to protect sensitive data. All compliance mandates that matter must go through various review and audit processes that take time and cause the results to be dated compared to the speed of new attacks you should expect against your network. This means meeting mandates such as PCI should just be part of your overall security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Beating Telemarketers With Customized Automated Call Center Management

 Beating Telemarketers With Customized Automated Call Center Management

A buddy of mine at Cisco is truly a genius when it comes to thinking outside the box. He loves technology and hates annoying telemarketers. Over time, he developed a call management system that involves a combination of open source software and proprietary hardware. He took advantage of the numerous application programing interfaces (API’s) available to create a tightly integrated environment. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco ISE with VPN overview: ASA Version 9.2.1 with ISE 1.2 remediation without an IPN

remote access Cisco ISE with VPN overview: ASA Version 9.2.1 with ISE 1.2 remediation without an IPN

One common question I’ve been asked is what are the current requirements to perform authentication, authorization, and remediation when using VPN (usually Cisco ASA VPN) and Cisco Identity Services Engine ISE. This post will cover this subject however I suggest for those with Cisco ASA 9.2.1 and ISE should reference this really good configuration guide found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 2.0/5 (1 vote cast)

Juniper Networks sells Junos Pulse to Siris Capital for $250 million

Juniper Networks Juniper Networks sells Junos Pulse to Siris Capital for $250 million

Juniper Networks announced that it sold its Junos Pulse product to Siris Capital for approximately $250 million. Junos Pulse software enables dynamic SSL VPN connectivity, network access control (NAC), mobile security, and collaboration, through a simple end-user interface. It simplifies and optimizes connectivity to end users at the same time it check their device type and security state, location, identity, and adherence to corporate access control policies. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Security Manager CSM Overview – 4.6 SP1 Update Available

CSM 11 Cisco Security Manager CSM Overview   4.6 SP1 Update Available

This week’s product overview is Cisco Security Manager also known as CSM. For some people, hearing CSM makes them cringe as older versions from 4+ years ago had some issues. Personally, I consider the recent CSM release a completely different solution and I’m sure just by the screenshots, people familiar with the old version will not recognize anything as its been completely rebuilt.

Cisco Security Manager is used to manage multiple Cisco security products. Management includes centralizing configuration, quickly troubleshooting security events, unifying software versions, backing up configuration, enforcing policies for best practice, and reporting. Products that can be managed by CSM include ASAs, IPS modules / Appliances, Firewall Service Modules, ISR routers, Switches and VPN. Its installed as a software package but can also be purchased as a bundle with a UCS server for those looking for a appliance feel. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Splunk + Other YouTube Channels

splunkIntro1 Splunk + Other YouTube ChannelsCentralizing alerting from multiple devices and speeding up incident response are just some of the critical issues solved by investing in SIEM technology (more on choosing the best SIEM for your environment HERE).

There are many SIEM vendors however I continue to be impressed by what Splunk is doing in regards to their open source APPs developed by customers and Splunk engineering. I wrote a blog post HERE that showcases a Cisco management APP that can correlate events from various security products such as Cisco ISE, WSA, Firewalls, Sourcefire and so on. There isn’t a Cisco manager of managers so doing things like running a report on high level events against any security product for a particular IP address can only be accomplish by a SIEM solution.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)