Cisco Blogs


Cisco Blog > Mobility

What Next for BYOD?

One of the interesting and challenging aspects of working in the Mobility space is the sheer pace at which the industry is moving.  I’m fortunate to work with many Customers in EMEA to help support and shape their strategy towards Mobile technology.  A great example of this has been the reaction to BYOD.

The influx of personal devices into the Enterprise caused by the BYOD trend poses numerous challenges to IT Departments.  Understandably, initial reaction was to focus on network and device level Security.

Cisco responded by introducing a BYOD Solution to remove some of the burden from IT Departments and provide them with a central point for managing many aspects of the BYOD lifecycle: onboarding, device profiling, authentication, authorization, offboarding and self-service management.

Almost at the same time, a new industry segment was created: Mobile Device Management. The intent of MDM systems is Read More »

Tags: , , , , , , , , , , , , , , , ,

Cisco ISE in the lab.

November 6, 2013 at 7:38 pm PST

My company is in the very early stages of an MDM BYOD project.  As part of that we are looking at the Cisco Identity Service Engine (ISE) as a central piece.  I am about half way through my testing and I thought that I would pass on some of what I have learned so far.  I am far from being an ISE expert and I don’t mention profiling or the advanced features in this post. I have tried them but don’t feel knowledgeable enough to go into these details.

ISE

ISE is an excellent NAC system but it does much more than that.  One of the advantages of trying to configure a new piece of technology yourself is that you learn much more and also other ways to increase the ROI.  The main reason we are interested in ISE is as the enforcement point on our wireless network.  When a device tries to connect to our BYOD network we want ISE to query the MDM server to verify if the device is registered and if not to redirect the device to the MDM provisioning portal.  If the device is registered with MDM ISE will then query AD and verify the user credentials.  This is a core function of ISE and went fairly well. Read More »

Tags: , , ,

TMA? Get Some Relief from Acronym Overload

I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.

Network Infrastructure

AAAAuthentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.

ACL/tACL/iACL/VACL/PACLAccess Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.

FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.

IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it  should be maintained using Cisco’s IPS subscription service.

DNSSECDomain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »

Tags: , , , , , , , , ,

Identity and Device Aware IT Platforms Make Life Easier

Life is generally a lot easier when you have all the facts.  Especially if those facts are actually accurate.  Nowhere does this ring more true than in the life of an IT professional.

Often times a day in an IT shop is a lot like that grade school game of telephone where information gets passed down the line but gets distorted (or is just plain wrong) because no single player has the complete context.  This scenario gets played out everyday in the IT infrastructure where siloed operations, monitoring and policy platforms only work from the information they possess.  But that information is generally just a snapshot viewed through the bias of that system’s siloed purview.  As a result, mistakes get made, security is substandard or perhaps even dysfunctional, and everything from configuration to event management and investigation takes far longer than it should.  Net-net – time is wasted, costs increase, and many things still don’t work that well.  Read More »

Tags: , , , , , ,

Have You Registered for Centralize Policy, Control and Enforcement May 15th?

Activate the IT Transformation with Unified Access: Part 4 --  Centralized Policy, Control, and Enforcement 

Wednesday, May 15, 2013  10am-11am PDT     |       Register Now

Don’t miss the next in line of our five-part Unified Access Webinar Series  on May 15th to hear how organizations in education and healthcare rely on Cisco Identity Services Engine (ISE) to provide the identity enforcement and secure access control that allow employees, contractors, students, faculty, and guests (choose the user) to use their own devices on the network. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,