The routine goes something like this. First a breach of security occurs somewhere in the enterprise, it could be something as small as a single computer getting infected or it could be a massive data loss. It seems like that’s a wide range of events, but often the reaction in an enterprise is the same. The IT executives have a meeting to determine fault and then the analysts and engineers are given the task of making sure that that particular incident never happens again. The analysts and engineers then reply with budget requests for new software and hardware from their favorite vendors. Unfortunately the end result is generally that money is spent and security is only moderately improved, if at all.
In the midst of reacting, everyone forgets that technology doesn’t configure itself and that the weakest link are the people. Instead of ramming in the latest and greatest in technology, we should be leading our company to review, create (if necessary) and rewrite our security policies. Without a policy, security tools are like unguided missiles that we hope hit their target. Read More »
All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions.
On October 7, 2013 Cisco completed the acquisition of Sourcefire. At that time, I recognized this via Twitter and checked out the products on their website. I was excited to see the FirePOWER in action together with a Cisco ASA.
I had a good possibility to join the “ASA with FirePower Services” Workshop in Munich directly at Cisco. A big part of this Training was a Hands-on Lab, where the FirePOWER “Virus” infected me. I was thrilled, about the Cisco ASA with FirePOWER Services and the FireSIGHT Management Center.
This intelligent cyber security solution covers gaps in traditional security solutions. The threat-focused next-generation firewall provides next-generation security capabilities:
Traditional network security solutions have been built from disparate point technologies that create gaps in traditional defenses that sophisticated attackers exploit. With an integrated approach, organizations gain the full contextual awareness and dynamic controls necessary to automatically assess all threats, correlate intelligence, and optimize defenses to protect modern enterprise networks. An integrated threat defense also considers both network and endpoint perspective across the extended enterprise. Contrast this with point solutions that lack the visibility needed to spot multi-vector threats and to see what users, applications, content and devices are on the network and what each are doing.
In today’s dynamic network environment, point solutions lack the visibility and control required to implement effective security policy to accelerate threat detection and response. In addition, disparate solutions add to capital and operating costs and administrative complexity. They also result in higher implementation costs to integrate with the existing IT environment, work stream, and network fabric. By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack
Cisco ASA with FirePOWER Services is a new, adaptive, threat-focused next-generation firewall that delivers superior, multi-layered protection, improves visibility, and reduces security costs and complexity. It provides integrated threat defense for the entire attack continuum by combining proven ASA firewall skills with industry- leading Sourcefire next-generation IPS and advanced malware protection.
I know more than once now the Cisco ISR/ISR-G2’s Series have been dubbed as the ‘Swiss Army Knife’ of networking devices, simply due to the amount of flexibility & the number of technologies available to you when deploying these devices. Luckily for us, these devices provide even more features available to us to assist with troubleshooting and maintaining the overall health of the network. What is even better is that many of these useful troubleshooting features exist on many of the other product families not just ISR/ISR-G2’s. I’ve had the pleasure to work on networks all around the world for some decent size companies so I wanted to kick off this list with what I consider to be the most useful tools built-in to Cisco devices that are not very well known out there.
1. Embedded Packet Capture (EPC) – There is no doubt about it, but the ability to perform a packet capture at key points throughout the network can make troubleshooting particular issues that much easier. Luckily this feature exists on many different devices:
1. ISR G2’s – Even the older ISR’s have this ability
2. ASA Firewalls
3. IOS-XE devices – From the powerful ASR’s to the newer Catalyst 3850
4. NX-OS devices – Granted on NX-OS you can capture packets that are process switched, there is an easy way around this by creating an Access-list to match the traffic you want to capture.
5. Even in Cisco UCS we can configure a traffic monitoring policy to capture traffic directly from particular servers and capture directly off the Fabric Interconnects. *This is more of a SPAN-type session than Embedded Packet Capture. Read More »