Identity Services Engine (ISE) 2.0 First Look – Compared to 1.4

ISEI recently posted about the new release of Cisco’s flagship access control solution Identity Services Engine (ISE) 2.0 HERE. That post lists the highlights of the new features including the highly requested TACACTS+ support. I downloaded the .ova file and performed a fresh install using the virtualized version supporting up to 6,000 devices. This post provides a first look overview of the new features as well as compares ISE 2.0 to the last release 1.4. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (4 votes cast)

Cisco ISE 2.0 Out Now Supporting TACACTS+ and more

ISEimageCisco just released the latest Identity Services Engine (ISE) software today via ISE 2.0. This is a huge release with many new features including the most popular asked … TACTACTS+ support. I haven’t had time to upgrade yet but will provide a first look post next week. Here is a list of the new features that come with ISE 2.0 according to the data sheet found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Juniper Networks sells Junos Pulse to Siris Capital for $250 million

Juniper-Networks

Juniper Networks announced that it sold its Junos Pulse product to Siris Capital for approximately $250 million. Junos Pulse software enables dynamic SSL VPN connectivity, network access control (NAC), mobile security, and collaboration, through a simple end-user interface. It simplifies and optimizes connectivity to end users at the same time it check their device type and security state, location, identity, and adherence to corporate access control policies. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

NSS Labs Breach Detection Systems (BDS) Comparative Analysis Report

nsslabs3

NSS labs just released their Breach Detection Systems Report found HERE. The purpose for this report is based on the concept that there is a need for security solutions that extend beyond defense measures found in common security products such as Anti-Virus and IPS network appliances. NSS labs have developed a name for the feature designed to stop advanced threats known as having “Breach Detection” capabilities.  Its pretty much technology you would implement as a last layer in the event a threat breaches your firewall, AV and network security defenses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Identity Services Engine ISE 1.2 – Updated First Look

I recently posted about the new release of ISE 1.2 HERE. I finally got a new server and configured my lab. Here are some comments to build on my last ISE 1.2 post

Main interface: I really like the new look. The homepage and tabs at the top are cleaner.

Screen Shot 2013-08-30 at 2.48.22 PM Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Cisco ISE helps achieve at least half of SANS 20 Critical Security Controls

Aman Diwakar did a great post on how Cisco ISE aligns with the SANS 20 Critical Security Controls. The original post can be found here

Also, Lancope offers more ways to meet the SANS 20 Critical Security Controls. More on that can be found HERE

digital-globe Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How to build a basic Cisco Identity Services Engine ISE home lab

I’ve posted about configuring Cisco Identity Services Engine ISE for a few use cases however have had requests to explain the steps to setup a basic lab. This post serves as a guide to get a basic ISE lab running to test LAN or Mobile devices. My lab uses an Apple Macmini as an ESXI 5.1 server hosting the ISE virtual machine (explained HERE).  See the configuration guides for details on configuring a lab.

Virtual Machine Setup: Download the latest ISE .ISO file from cisco.com. Access the ESXI GUI and select New Machine. The recommended specs for a custom New Machine:

  • Virtual Machine version 7
  • Linux 5 32 bit
  • 2 virtual CPU
  • 4 gig of memory
  • 60 gig of space – thin provisioning (I find thick isn’t necessary for a lab) Continue reading
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Post NAC: Cisco Identity Services Engine (ISE) and Lancope StealthWatch for Total Access Control

Controlling who and what access your network is a critical element to keep your resources safe from malicious threats. Network Admission Control (NAC) solutions like the Cisco Identity Services Engine (ISE) can police who and what is permitted network access as well as enforce policy for those devices. Examples would be permitting an administrator with a government furnished Windows 7 laptop access to VLAN 10, which holds internal servers, while provisioning a marketing professional’s iPad with VLAN 20 access, which is limited to Internet and email through the use of ACLs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)