Cisco ASDM GUI tips and tricks for managing your Cisco ASA

Cisco's Adaptive Security Device Manager (ASDM) is the GUI tool used to manage the Cisco ASA security appliances.  In this blog I'll reveal to you some of my favorite tips, tricks and secrets found inside ASDM.  If you haven't dealt with it before, ASDM is a free configuration, monitoring and troubleshooting management tool that comes with the ASA.  In a nutshell, ASDM will manage all the features of the ASA appliance including FW, IPS and VPN.  Unlike its big brother Cisco Security Manager (CSM), ASDM is made to configure a standalone ASA one at a time.  CSM is the

Read more

Mobile Device Management Spotlight: AirWatch

There is little doubt that smart mobile devices are a boon for individual productivity, but corporate IT groups are scrambling to accommodate them on their networks.  Accordingly, there has been an explosion of interest in Mobile Device Management (MDM) solutions.  One of the top tier players in this space is AirWatch.  AirWatch sits in the Gartner Leaders MQ  and was named a w

Read more

Cisco releases Application Visibility and Control on Routers

Layer 7 application visibility and control (AVC) seems like the hottest buzz in the industry right now.  Cisco has had web AVC in its Ironport Web Security appliances but just announced it on its routers for all protocols.  Cisco ISR G2 and ASR 1000 routers will now have the ability to detect applications and use QoS MQC to control them.  Some examples of control mechanisms include bandwidth control, class-based marking, traffic shaping and policing, drop, weighted fair queuing and low latency queuing.  The Cisco AVC engine recognizes and classifies a wide variety of pro

Read more

Cisco Hires New Security SVP from VMWare and formerly RSA Security

Cisco just announced it will be hiring Chris Young to head up its security group. This is the first time Cisco will have an SVP leading its security business. Chris will be reporting directly to Mrs. Warrior (CTO).

Read more

Cisco ASA Upgrade Adds Identity Firewalling

Identity aware firewalling seems to be all the rage right now. Having the ability to make firewall policy decisions based on user and group information from Active Directory can have enormous benefits if used properly. The Cisco ASA recently acquired the identity aware firewalling ability with the release of 8.4.2 code. It works with Microsoft Active Directory, cut-through proxy and VPN authentications today for user/group to flow matching. This new feature allows you to write access control policies that take a source username or group membership as match criteria.

Read more

I cannot sleep at night because I just got back from Black Hat

I've attended the Black Hat Security conference in Las Vegas for many, many years now. It is by far the best security event each year and this year was no exception. Each year seems to go something like this for me:

Read more

Samsung Androids get first SSLVPN client

Last month Cisco announced the release of it Anyconnect SSLVPN client for Android devices. The Android Anyconnect client is available for download on the Android Market. This client is based on the 2.4 version of the Anyconnect PC agent. As such it supports the following major features:

DTLS, certificate authentication and enrollment, two-factor authentication, Widgets, GUI Theming, auto-reconnect, 3G-wifi seamless roaming, full tunneling, split tunneling, and full statistics and debug logs on the device. See a screenshot of the client below.

Read more

Tutorial: Cisco Routers Add Web Security with Cisco ScanSafe

Cisco launched this feature to the market last month at Interop. In a nutshell, it provides IOS routers with intelligent, identity aware, traffic redirection to the Cisco ScanSafe web security cloud offering. ScanSafe provides the following web security features as a cloud service:

Read more

• URL Filtering
• Scanlets analyze all elements of a web request including HTML, JavaScript, Flash and even obfuscated active scripts
• Zero-day malware prevention
• Protection against Phishing attacks
• Granular Reporting with a multi-tenant design

PCI Council Releases Virtualization Guidance

Today the PCI council released its PCI DSS VIRTUALIZATION GUIDELINES Information Supplement. This supplement does not add any new requirements to the standard but rather provides guidance on how to interpret the PCI DSS 2.0 standard in a virtual environment. It covers hypervisor, virtual machine, cloud computing, virtual networking and several other topics of interest. The supplement will tackle these areas:

 Explanation of the classes of virtualization including virtualized operating systems, hardware/platforms and networks

Read more

PCI Board of Advisors Election Results Released

Gartner releases first MDM Magic Quadrant Report

Mobile Device Management (MDM) is all the rage right now in corporate IT circles. Everyone it seems is rushing to find the perfect MDM that balances security, functionality and ease of use. IT is scrambling to figure out how to best allow and control both corporate and personal mobile devices like iPhones and iPads. MDM is one of the few tools that can provide IT some control over these things. Neither Apple or Google have released their own MDM solution yet (like blackberry has) so several companies are starting to enter into the young MDM marketplace.

Read more

ASA Tech Tip: Deploy SSLVPN and VMware View Securely

My previous article compared the security features between Citrix XenDesktop and VMware View VDI solutions. This time around I will cover how to securely deploy VMware View with Cisco SSLVPN when you don't control or can't trust the host that View will be running on. As the bring your own PC to work craze heats up and VDI catches on as the preferred access method for B2B partners, vendor and contractor access, knowledge of how to securely deploy VDI becomes very important. I'll layout some ways that you can secure your View environment when used with a Cisco ASA SSLVPN solution.

Read more

VDI Security Comparison Citrix XenDesktop and VMWare View

The absolute explosion of VDI deployments recently is driving security teams nuts. Everyone is scrambling to figure out which VDI solution is the most secure, what security features they have and most importantly how can I securely roll out VDI.

Read more

Best Laptop Bags and Essential Items to put in them

Laptop bags are a dime a dozen for sure, but I've picked a couple that I think stand apart from the rest. Why this topic you ask. Well, over the many years I've owned countless laptop bags, most of which were junk even if pricey. A laptop bag is something that you interact with all day long so having a good one can make each day that much more enjoyable. The bags I've picked range from techie to formal business personalities.

Read more

Cisco Announces ASA Service Module for the Cat6K

Today Cisco announced the ASA Services module for its Catalyst 6500 switching line. This module runs the same code as the other Cisco ASA form factors so going forward you'll have the same code base across all of your ASA platforms. Here are the specs for the ASA-SM firewall as taken from their datasheet:

With twice the performance and four times the session count of competitive network security modules, it supports up to:
• 20 Gbps maximum firewall throughput (max)
• 16 Gbps of maximum firewall throughput (multi-protocol)
• 300,000 connections per second

Read more

Cisco releases first all-in-one security agent

It has been a long time coming but it is finally here, the Cisco uber security agent AnyConnect 3.0 has been released. Cisco's AnyConnect agents used to be just for SSLVPN connectivity. With the 3.0 release all that changes and the agent gets a new face-lift too. AnyConnect going forward is a single modular agent that can provide connectivity and always-on security from any location, any connection type and with any device (well, almost any device). Check out the connectivity and security options now available with the AnyConnect 3.0 Secure Mobility Client:
-SSLVPN (both TLS and DTLS)

Read more

Mobile Device Management Wish List. Secure those iPhones and Androids

Mobile Device Management(MDM) is a hot topic in businesses the world over right now. As is no surprise, the proliferation of iPhone, Android, iPad and other smart mobile devices are driving the need for solutions that can secure these devices. Several start-ups, as well as a few established players, are trying to capture this new security market. All sorts of ideas and solutions are being given a go. However, I have yet to find one that really hits the mark yet.

Read more

Cisco offers Managed Security Services

Not many folks know that Cisco has been in the managed security services business for a few years now. It is certainly not something that Cisco markets aggressively that’s for sure. The service is called Remote Management Services (RMS) for Security. The RMS-sec service offers both security event monitoring and security device management. They can also do a co-managed management of your security infrastructure.

Read more

RSA Security Conference 2011

The annual, and 20th anniversary, RSA security conference in San Francisco is fast approaching. It runs from February 14th-18th at the moscone center. It is looking to be a great show this year with lots of exciting announcements sure to be made by the various security vendors, especially Cisco. Here is a look at some of the highlights I am looking forward to at the event:

-Over 200 industry sessions, but their focus this year on cloud security is what I want to hear about.
-Keynote by President Clinton should be interesting

Read more

Apple iOS Facetime: Is anyone really using it?

Apple is targeting to have about 85 million Facetime video conferencing enabled devices sold by the end of 2011. Facetime or skype video calling are super easy to use, integrated and work great but almost never get used. Ok, that is pure speculation on my part. I don't know for a fact that it rarely gets used, but it sure seems that way with the folks I know. I was excited about the facetime feature before I bought my iPhone 4 many months ago but I still have yet to use it. Not even once.

Read more