Cisco Anyconnect 4.0 – Whats New – Why Consider – Free Migrations

AnyconnectLogo1Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.

Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Identity Services Engine ISE 1.2 – Updated First Look

I recently posted about the new release of ISE 1.2 HERE. I finally got a new server and configured my lab. Here are some comments to build on my last ISE 1.2 post

Main interface: I really like the new look. The homepage and tabs at the top are cleaner.

Screen Shot 2013-08-30 at 2.48.22 PM Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Cisco ISE helps achieve at least half of SANS 20 Critical Security Controls

Aman Diwakar did a great post on how Cisco ISE aligns with the SANS 20 Critical Security Controls. The original post can be found here

Also, Lancope offers more ways to meet the SANS 20 Critical Security Controls. More on that can be found HERE

digital-globe Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How to build a basic Cisco Identity Services Engine ISE home lab

I’ve posted about configuring Cisco Identity Services Engine ISE for a few use cases however have had requests to explain the steps to setup a basic lab. This post serves as a guide to get a basic ISE lab running to test LAN or Mobile devices. My lab uses an Apple Macmini as an ESXI 5.1 server hosting the ISE virtual machine (explained HERE).  See the configuration guides for details on configuring a lab.

Virtual Machine Setup: Download the latest ISE .ISO file from cisco.com. Access the ESXI GUI and select New Machine. The recommended specs for a custom New Machine:

  • Virtual Machine version 7
  • Linux 5 32 bit
  • 2 virtual CPU
  • 4 gig of memory
  • 60 gig of space – thin provisioning (I find thick isn’t necessary for a lab) Continue reading
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Post NAC: Cisco Identity Services Engine (ISE) and Lancope StealthWatch for Total Access Control

Controlling who and what access your network is a critical element to keep your resources safe from malicious threats. Network Admission Control (NAC) solutions like the Cisco Identity Services Engine (ISE) can police who and what is permitted network access as well as enforce policy for those devices. Examples would be permitting an administrator with a government furnished Windows 7 laptop access to VLAN 10, which holds internal servers, while provisioning a marketing professional’s iPad with VLAN 20 access, which is limited to Internet and email through the use of ACLs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Situational Awareness For Cyber Threat Defense

Aamir Lakhani did a great post on Situational Awareness. The original post ca be found HERE

Illustration-Kekai-Kotaki-Red-Dragon-992x712

Illustration by Kekai Kotaki

Problem

Cisco Systems in their Cyber Security Threat Defense white papers outlines how the network security threat landscape is evolving. They describe how modern attacks are stealthy and evade traditional security perimeter defenses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco’s Cyber Solutions – What Is Happening In Your Network

WatchingToday’s threat landscape is loaded with malicious websites, malware and other risks that attack users every nanosecond of the day.  There isn’t a single product available that can guarantee protection from cyber threats. Older solutions leveraging static technologies such as signatures are not good enough. The best approach for dealing with advanced threats is continuously monitoring the entire network through layering security technologies. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

The Business Value Of NetFlow : Why Invest In NetFlow Technology?

LadyWallThere has been a rapid increase in demand for security solutions that can defend against Advanced Persistent Threats (APTs). Why? Because today, cyber criminals don’t use a specific attack to compromise targeted networks. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)