The Center for Internet Security (CIS) released a new version of their critical security controls white paper. You can download it for free HERE. Topics include best practices for network access control, having a inventory of authorized and unauthorized software, system configuration, vulnerability assessments, administrating role based access controls, email and web best practices, breach detection and so on. This is a really good document to evaluate your current state of security as well as learn some methods to improve your security posture. Continue reading →
Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.
Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading →
Juniper Networks announced that it sold its Junos Pulse product to Siris Capital for approximately $250 million. Junos Pulse software enables dynamic SSL VPN connectivity, network access control (NAC), mobile security, and collaboration, through a simple end-user interface. It simplifies and optimizes connectivity to end users at the same time it check their device type and security state, location, identity, and adherence to corporate access control policies. Continue reading →
I’ve posted about configuring Cisco Identity Services Engine ISE for a few use cases however have had requests to explain the steps to setup a basic lab. This post serves as a guide to get a basic ISE lab running to test LAN or Mobile devices. My lab uses an Apple Macmini as an ESXI 5.1 server hosting the ISE virtual machine (explained HERE). See the configuration guides for details on configuring a lab.
Virtual Machine Setup: Download the latest ISE .ISO file from cisco.com. Access the ESXI GUI and select New Machine. The recommended specs for a custom New Machine:
Virtual Machine version 7
Linux 5 32 bit
2 virtual CPU
4 gig of memory
60 gig of space – thin provisioning (I find thick isn’t necessary for a lab) Continue reading →
Controlling who and what access your network is a critical element to keep your resources safe from malicious threats. Network Admission Control (NAC) solutions like the Cisco Identity Services Engine (ISE) can police who and what is permitted network access as well as enforce policy for those devices. Examples would be permitting an administrator with a government furnished Windows 7 laptop access to VLAN 10, which holds internal servers, while provisioning a marketing professional’s iPad with VLAN 20 access, which is limited to Internet and email through the use of ACLs. Continue reading →