Jamey Heary
Cisco ASDM GUI tips and tricks for managing your Cisco ASA
Cisco's Adaptive Security Device Manager (ASDM) is the GUI tool used to manage the Cisco ASA security appliances. In this blog I'll reveal to you some of my favorite tips, tricks and secrets found inside ASDM. If you haven't dealt with it before, ASDM is a free configuration, monitoring and troubleshooting management tool that comes with the ASA. In a nutshell, ASDM will manage all the features of the ASA appliance including FW, IPS and VPN. Unlike its big brother Cisco Security Manager (CSM), ASDM is made to configure a standalone ASA one at a time. CSM is the Read more
Cisco releases Application Visibility and Control on Routers
Layer 7 application visibility and control (AVC) seems like the hottest buzz in the industry right now. Cisco has had web AVC in its Ironport Web Security appliances but just announced it on its routers for all protocols. Cisco ISR G2 and ASR 1000 routers will now have the ability to detect applications and use QoS MQC to control them. Some examples of control mechanisms include bandwidth control, class-based marking, traffic shaping and policing, drop, weighted fair queuing and low latency queuing. The Cisco AVC engine recognizes and classifies a wide variety of pro Read more
Cisco Hires New Security SVP from VMWare and formerly RSA Security
Cisco just announced it will be hiring Chris Young to head up its security group. This is the first time Cisco will have an SVP leading its security business. Chris will be reporting directly to Mrs. Warrior (CTO). Read more
Cisco ASA Upgrade Adds Identity Firewalling
Identity aware firewalling seems to be all the rage right now. Having the ability to make firewall policy decisions based on user and group information from Active Directory can have enormous benefits if used properly. The Cisco ASA recently acquired the identity aware firewalling ability with the release of 8.4.2 code. It works with Microsoft Active Directory, cut-through proxy and VPN authentications today for user/group to flow matching. This new feature allows you to write access control policies that take a source username or group membership as match criteria. Read more
I cannot sleep at night because I just got back from Black Hat
I've attended the Black Hat Security conference in Las Vegas for many, many years now. It is by far the best security event each year and this year was no exception. Each year seems to go something like this for me: Read more
Samsung Androids get first SSLVPN client
Last month Cisco announced the release of it Anyconnect SSLVPN client for Android devices. The Android Anyconnect client is available for download on the Android Market. This client is based on the 2.4 version of the Anyconnect PC agent. As such it supports the following major features:
DTLS, certificate authentication and enrollment, two-factor authentication, Widgets, GUI Theming, auto-reconnect, 3G-wifi seamless roaming, full tunneling, split tunneling, and full statistics and debug logs on the device. See a screenshot of the client below. Read more
Tutorial: Cisco Routers Add Web Security with Cisco ScanSafe
Cisco launched this feature to the market last month at Interop. In a nutshell, it provides IOS routers with intelligent, identity aware, traffic redirection to the Cisco ScanSafe web security cloud offering. ScanSafe provides the following web security features as a cloud service: Read more
- URL Filtering
- Scanlets analyze all elements of a web request including HTML, JavaScript, Flash and even obfuscated active scripts
- Zero-day malware prevention
- Protection against Phishing attacks
- Granular Reporting with a multi-tenant design
PCI Council Releases Virtualization Guidance
Today the PCI council released its PCI DSS VIRTUALIZATION GUIDELINES Information Supplement. This supplement does not add any new requirements to the standard but rather provides guidance on how to interpret the PCI DSS 2.0 standard in a virtual environment. It covers hypervisor, virtual machine, cloud computing, virtual networking and several other topics of interest. The supplement will tackle these areas:
Explanation of the classes of virtualization including virtualized operating systems, hardware/platforms and networks
Read more
PCI Board of Advisors Election Results Released
Read more
Gartner releases first MDM Magic Quadrant Report
Mobile Device Management (MDM) is all the rage right now in corporate IT circles. Everyone it seems is rushing to find the perfect MDM that balances security, functionality and ease of use. IT is scrambling to figure out how to best allow and control both corporate and personal mobile devices like iPhones and iPads. MDM is one of the few tools that can provide IT some control over these things. Neither Apple or Google have released their own MDM solution yet (like blackberry has) so several companies are starting to enter into the young MDM marketplace. Read more
ASA Tech Tip: Deploy SSLVPN and VMware View Securely
My previous article compared the security features between Citrix XenDesktop and VMware View VDI solutions. This time around I will cover how to securely deploy VMware View with Cisco SSLVPN when you don't control or can't trust the host that View will be running on. As the bring your own PC to work craze heats up and VDI catches on as the preferred access method for B2B partners, vendor and contractor access, knowledge of how to securely deploy VDI becomes very important. I'll layout some ways that you can secure your View environment when used with a Cisco ASA SSLVPN solution. Read more
VDI Security Comparison Citrix XenDesktop and VMWare View
The absolute explosion of VDI deployments recently is driving security teams nuts. Everyone is scrambling to figure out which VDI solution is the most secure, what security features they have and most importantly how can I securely roll out VDI. Read more
Best Laptop Bags and Essential Items to put in them
Laptop bags are a dime a dozen for sure, but I've picked a couple that I think stand apart from the rest. Why this topic you ask. Well, over the many years I've owned countless laptop bags, most of which were junk even if pricey. A laptop bag is something that you interact with all day long so having a good one can make each day that much more enjoyable. The bags I've picked range from techie to formal business personalities. Read more
Cisco Announces ASA Service Module for the Cat6K
Today Cisco announced the ASA Services module for its Catalyst 6500 switching line. This module runs the same code as the other Cisco ASA form factors so going forward you'll have the same code base across all of your ASA platforms. Here are the specs for the ASA-SM firewall as taken from their datasheet:
With twice the performance and four times the session count of competitive network security modules, it supports up to: Read more
• 20 Gbps maximum firewall throughput (max)
• 16 Gbps of maximum firewall throughput (multi-protocol)
• 300,000 connections per second
Mobile Device Management Wish List. Secure those iPhones and Androids
Mobile Device Management(MDM) is a hot topic in businesses the world over right now. As is no surprise, the proliferation of iPhone, Android, iPad and other smart mobile devices are driving the need for solutions that can secure these devices. Several start-ups, as well as a few established players, are trying to capture this new security market. All sorts of ideas and solutions are being given a go. However, I have yet to find one that really hits the mark yet. Read more
Cisco offers Managed Security Services
Not many folks know that Cisco has been in the managed security services business for a few years now. It is certainly not something that Cisco markets aggressively that’s for sure. The service is called Remote Management Services (RMS) for Security. The RMS-sec service offers both security event monitoring and security device management. They can also do a co-managed management of your security infrastructure. Read more
RSA Security Conference 2011
The annual, and 20th anniversary, RSA security conference in San Francisco is fast approaching. It runs from February 14th-18th at the moscone center. It is looking to be a great show this year with lots of exciting announcements sure to be made by the various security vendors, especially Cisco. Here is a look at some of the highlights I am looking forward to at the event:
-Over 200 industry sessions, but their focus this year on cloud security is what I want to hear about. Read more
-Keynote by President Clinton should be interesting
Apple iOS Facetime: Is anyone really using it?
Apple is targeting to have about 85 million Facetime video conferencing enabled devices sold by the end of 2011. Facetime or skype video calling are super easy to use, integrated and work great but almost never get used. Ok, that is pure speculation on my part. I don't know for a fact that it rarely gets used, but it sure seems that way with the folks I know. I was excited about the facetime feature before I bought my iPhone 4 many months ago but I still have yet to use it. Not even once. Read more
Most businesses confident they properly secure their credit card data
In one of the most comprehensive PCI related surveys ever completed we find some very interesting results. This Cisco commissioned survey of 500 U.S. based companies asked IT decision makers questions around their PCI compliance efforts. The survey covers a broad scope of verticals such as healthcare, retail, education, government and financial sectors. Over 22% of the businesses surveyed had over 10,000 employees and 49% were over 1000 employees in size. Over 43% of those surveyed were either a level 1 or level 2 merchant. Read more
Cisco security Live twitter chat Tuesday 1-10
I will be hosting a live twitter chat Tuesday. The topic is all things cisco security as well as all things PCI compliance.
Please come join me.
Here are the details:
January 11 9am pst
twitter hashtag #cl11
See you there.
-
Network World, Inc
The Connected Enterprise