Skip Links

Network World

Jamey Heary

Cisco ASDM GUI tips and tricks for managing your Cisco ASA

A look at some of the ASA ASDM features that will make your life a bit easier
Submitted by jheary on Tue, 01/24/12 - 8:44pm.

Cisco's Adaptive Security Device Manager (ASDM) is the GUI tool used to manage the Cisco ASA security appliances.  In this blog I'll reveal to you some of my favorite tips, tricks and secrets found inside ASDM.  If you haven't dealt with it before, ASDM is a free configuration, monitoring and troubleshooting management tool that comes with the ASA.  In a nutshell, ASDM will manage all the features of the ASA appliance including FW, IPS and VPN.  Unlike its big brother Cisco Security Manager (CSM), ASDM is made to configure a standalone ASA one at a time.  CSM is the

Read more

Cisco releases Application Visibility and Control on Routers

ASR1000 provides 10Gig Layer 7 AVC for hundreds of applications
Submitted by jheary on Wed, 11/30/11 - 11:24pm.

Layer 7 application visibility and control (AVC) seems like the hottest buzz in the industry right now.  Cisco has had web AVC in its Ironport Web Security appliances but just announced it on its routers for all protocols.  Cisco ISR G2 and ASR 1000 routers will now have the ability to detect applications and use QoS MQC to control them.  Some examples of control mechanisms include bandwidth control, class-based marking, traffic shaping and policing, drop, weighted fair queuing and low latency queuing.  The Cisco AVC engine recognizes and classifies a wide variety of pro

Read more

Cisco Hires New Security SVP from VMWare and formerly RSA Security

Chris Young will be going to Cisco as its new Security Group Leader
Submitted by jheary on Tue, 11/01/11 - 12:30pm.

Cisco just announced it will be hiring Chris Young to head up its security group. This is the first time Cisco will have an SVP leading its security business. Chris will be reporting directly to Mrs. Warrior (CTO).

Read more

Cisco ASA Upgrade Adds Identity Firewalling

User and group based policies
Submitted by jheary on Thu, 10/27/11 - 3:01pm.

Identity aware firewalling seems to be all the rage right now. Having the ability to make firewall policy decisions based on user and group information from Active Directory can have enormous benefits if used properly. The Cisco ASA recently acquired the identity aware firewalling ability with the release of 8.4.2 code. It works with Microsoft Active Directory, cut-through proxy and VPN authentications today for user/group to flow matching. This new feature allows you to write access control policies that take a source username or group membership as match criteria.

Read more

I cannot sleep at night because I just got back from Black Hat

You would think security is improving but Black Hat speakers always prove otherwise
Submitted by jheary on Fri, 08/12/11 - 1:25am.

I've attended the Black Hat Security conference in Las Vegas for many, many years now. It is by far the best security event each year and this year was no exception. Each year seems to go something like this for me:

Read more

Samsung Androids get first SSLVPN client

Cisco Anyconnect for Samsung Android devices or any rooted Android device available
Submitted by jheary on Mon, 08/01/11 - 5:23pm.

Last month Cisco announced the release of it Anyconnect SSLVPN client for Android devices. The Android Anyconnect client is available for download on the Android Market. This client is based on the 2.4 version of the Anyconnect PC agent. As such it supports the following major features:

DTLS, certificate authentication and enrollment, two-factor authentication, Widgets, GUI Theming, auto-reconnect, 3G-wifi seamless roaming, full tunneling, split tunneling, and full statistics and debug logs on the device. See a screenshot of the client below.

Read more

Tutorial: Cisco Routers Add Web Security with Cisco ScanSafe

IOS adds in proxy features to forward web traffic to cloud web security offering
Submitted by jheary on Wed, 06/15/11 - 3:33pm.

Cisco launched this feature to the market last month at Interop. In a nutshell, it provides IOS routers with intelligent, identity aware, traffic redirection to the Cisco ScanSafe web security cloud offering. ScanSafe provides the following web security features as a cloud service:

Read more

  • URL Filtering
  • Scanlets analyze all elements of a web request including HTML, JavaScript, Flash and even obfuscated active scripts
  • Zero-day malware prevention
  • Protection against Phishing attacks
  • Granular Reporting with a multi-tenant design

PCI Council Releases Virtualization Guidance

PCI 2.0 DSS Virtualization Guidlines doc sheds light on compliance in the virtual world
Submitted by jheary on Tue, 06/14/11 - 8:06pm.

Today the PCI council released its PCI DSS VIRTUALIZATION GUIDELINES Information Supplement. This supplement does not add any new requirements to the standard but rather provides guidance on how to interpret the PCI DSS 2.0 standard in a virtual environment. It covers hypervisor, virtual machine, cloud computing, virtual networking and several other topics of interest. The supplement will tackle these areas:

 Explanation of the classes of virtualization including virtualized operating systems, hardware/platforms and networks

Read more

PCI Board of Advisors Election Results Released

Many new companies win election
Submitted by jheary on Sat, 05/21/11 - 5:47pm.

Read more

Gartner releases first MDM Magic Quadrant Report

Mobile Device Management (MDM) Solutions Aplenty. Here are the Leaders. A good MDM can secure your iPhones, iPads and Android devices
Submitted by jheary on Sat, 04/30/11 - 11:26pm.

Mobile Device Management (MDM) is all the rage right now in corporate IT circles. Everyone it seems is rushing to find the perfect MDM that balances security, functionality and ease of use. IT is scrambling to figure out how to best allow and control both corporate and personal mobile devices like iPhones and iPads. MDM is one of the few tools that can provide IT some control over these things. Neither Apple or Google have released their own MDM solution yet (like blackberry has) so several companies are starting to enter into the young MDM marketplace.

Read more

ASA Tech Tip: Deploy SSLVPN and VMware View Securely

Best practices to secure VMware View on untrusted PCs using Cisco AnyConnect SSLVPN
Submitted by jheary on Mon, 04/25/11 - 2:38pm.

My previous article compared the security features between Citrix XenDesktop and VMware View VDI solutions. This time around I will cover how to securely deploy VMware View with Cisco SSLVPN when you don't control or can't trust the host that View will be running on. As the bring your own PC to work craze heats up and VDI catches on as the preferred access method for B2B partners, vendor and contractor access, knowledge of how to securely deploy VDI becomes very important. I'll layout some ways that you can secure your View environment when used with a Cisco ASA SSLVPN solution.

Read more

VDI Security Comparison Citrix XenDesktop and VMWare View

A look at the security features that matter and who has them
Submitted by jheary on Fri, 04/15/11 - 10:36pm.

The absolute explosion of VDI deployments recently is driving security teams nuts. Everyone is scrambling to figure out which VDI solution is the most secure, what security features they have and most importantly how can I securely roll out VDI.

Read more

Best Laptop Bags and Essential Items to put in them

A Laptop bag needs to be functional, stylish and full of gadgets. These are the best of the best.
Submitted by jheary on Fri, 04/08/11 - 5:51pm.

Laptop bags are a dime a dozen for sure, but I've picked a couple that I think stand apart from the rest. Why this topic you ask. Well, over the many years I've owned countless laptop bags, most of which were junk even if pricey. A laptop bag is something that you interact with all day long so having a good one can make each day that much more enjoyable. The bags I've picked range from techie to formal business personalities.

Read more

Cisco Announces ASA Service Module for the Cat6K

The ASA Services Modules provide up to 64Gbps FW for the Cat6K chassis
Submitted by jheary on Thu, 03/31/11 - 12:03pm.

Today Cisco announced the ASA Services module for its Catalyst 6500 switching line. This module runs the same code as the other Cisco ASA form factors so going forward you'll have the same code base across all of your ASA platforms. Here are the specs for the ASA-SM firewall as taken from their datasheet:

With twice the performance and four times the session count of competitive network security modules, it supports up to:
• 20 Gbps maximum firewall throughput (max)
• 16 Gbps of maximum firewall throughput (multi-protocol)
• 300,000 connections per second

Read more

Mobile Device Management Wish List. Secure those iPhones and Androids

Here are the things I'd like to see in an iPhone, Android, iPad enterprise security management solution
Submitted by jheary on Tue, 02/01/11 - 9:05pm.

Mobile Device Management(MDM) is a hot topic in businesses the world over right now. As is no surprise, the proliferation of iPhone, Android, iPad and other smart mobile devices are driving the need for solutions that can secure these devices. Several start-ups, as well as a few established players, are trying to capture this new security market. All sorts of ideas and solutions are being given a go. However, I have yet to find one that really hits the mark yet.

Read more

Cisco offers Managed Security Services

A quick look at Cisco Managed Security Services
Submitted by jheary on Mon, 01/31/11 - 9:08pm.

Not many folks know that Cisco has been in the managed security services business for a few years now. It is certainly not something that Cisco markets aggressively that’s for sure. The service is called Remote Management Services (RMS) for Security. The RMS-sec service offers both security event monitoring and security device management. They can also do a co-managed management of your security infrastructure.

Read more

RSA Security Conference 2011

Why I am going this year and you should too
Submitted by jheary on Mon, 01/31/11 - 8:57pm.

The annual, and 20th anniversary, RSA security conference in San Francisco is fast approaching. It runs from February 14th-18th at the moscone center. It is looking to be a great show this year with lots of exciting announcements sure to be made by the various security vendors, especially Cisco. Here is a look at some of the highlights I am looking forward to at the event:

-Over 200 industry sessions, but their focus this year on cloud security is what I want to hear about.
-Keynote by President Clinton should be interesting

Read more

Apple iOS Facetime: Is anyone really using it?

Perhaps we don't really want video calling to be the preferred communication method
Submitted by jheary on Sun, 01/30/11 - 11:59pm.

Apple is targeting to have about 85 million Facetime video conferencing enabled devices sold by the end of 2011. Facetime or skype video calling are super easy to use, integrated and work great but almost never get used. Ok, that is pure speculation on my part. I don't know for a fact that it rarely gets used, but it sure seems that way with the folks I know. I was excited about the facetime feature before I bought my iPhone 4 many months ago but I still have yet to use it. Not even once.

Read more

Most businesses confident they properly secure their credit card data

Cisco surveyed over 500 businesses about their PCI experiences. Some surprises for sure
Submitted by jheary on Wed, 01/12/11 - 5:55pm.

In one of the most comprehensive PCI related surveys ever completed we find some very interesting results. This Cisco commissioned survey of 500 U.S. based companies asked IT decision makers questions around their PCI compliance efforts. The survey covers a broad scope of verticals such as healthcare, retail, education, government and financial sectors. Over 22% of the businesses surveyed had over 10,000 employees and 49% were over 1000 employees in size. Over 43% of those surveyed were either a level 1 or level 2 merchant.

Read more

Cisco security Live twitter chat Tuesday 1-10

I will be hosting a Cisco security twitter chat. Come and get your questions answered.
Submitted by jheary on Mon, 01/10/11 - 9:00pm.

I will be hosting a live twitter chat Tuesday. The topic is all things cisco security as well as all things PCI compliance.
Please come join me.

Here are the details:
January 11 9am pst
twitter hashtag #cl11

See you there.