Securing the modern mobile OS

Securing the modern mobile OS

Researchers from the Talos intelligence group recently published some research about a malicious MDM server pwning some mobile devices. In this blog post, we discuss how these mobile endpoints leverage MDMs and how the mobile OS is...

07/31/2018

Protecting iOS against the aLTEr attacks

Protecting iOS against the aLTEr attacks

The new aLTEr attack can be used against nearly all LTE connected endpoints by intercepting traffic and redirecting it to malicious websites. This article summarizes how the attack works, and suggests ways to protect yourself from it...

07/10/2018

A first-hand account of Cisco Live 2018 in Orlando

A first-hand account of Cisco Live 2018 in Orlando

The Cisco Live experience – from the perspective of a long-term attendee and speaker. A peak behind the curtain, learning Cisco technology, culture, education, beer and even kilts! See the options that are available to you through...

06/21/2018

AMP and ThreatGrid Integration into Meraki UTMs

A fun overview of Cisco's AMP and Threat Grid technology, a little history, and a look into "Meraki-fying" the technology.

08/01/2017

Cisco Rapid Threat Containment quickly detects, removes infected end points

Cisco Rapid Threat Containment quickly detects, removes infected end points

Set up and use Cisco's Rapid Threat Containment with Cisco Firepower Management Center and Identity Services Engine to detect, remove infected end points.

02/21/2017

Troubleshooting Cisco's ISE without TAC

Troubleshooting Cisco's ISE without TAC

Aaron Woland examines the top troubleshooting and serviceability features in Cisco's Identity Services Engine (ISE).

06/07/2016

Triggered NetFlow — A Trick of the Trade

Triggered NetFlow — A Trick of the Trade

A deployment methodology for profiling difficult endpoints designed to enable NetFlow when needed, and disable when not.

06/01/2016

How to use Anycast to provide high availability to a RADIUS server

How to use Anycast to provide high availability to a RADIUS server

A brilliant solution for providing high availability in a small RADIUS server/ISE deployment

05/25/2016

Device administration with Cisco WLC

My experience with a deep dive into device administration AAA with Cisco Wireless LAN controllers and the SourceFire/Cisco FirePower Manager software.

12/15/2015

10 cool things about ISE 2.0

Now that Cisco has Finally Released the Identity Service Engine 2.0 (ISE) it seems only appropriate to call out some of the BEST things about it.

11/03/2015

AnyConnect Day 0 Support for Windows 10 and OSX El Capitan

A summary of what versions are needed. What needs to be uninstall and re-installed. Best practices to get AnyConnect support on Day-1 of Windows 10, and what to do BEFORE you upgrade.

07/29/2015

Machine Authentication and User Authentication

I am often asked about Machine Authentications, how they differ from User Authentications, and how to authenticate both identities togethers.

07/18/2015

Cisco ISE API for Certificate Provisioning

Here is a walk-through to write a script that leverages the certificate authorities RESTful API to generate certificate pairs.

05/15/2015

Give me my Attribute mapping back for Sponsor Groups

Cisco ISE 1.3 introduced a completely re-written Guest solution that greatly simplifies the deployment and allows for high-levels of customization. Things have been simplified GREATLY, but unfortunately some of the power got lost at...

05/08/2015

RADIUS versus TACACS+

An explanation and comparison of RADIUS and TACACS+ for Authentication, Authorization and Accounting (AAA).

10/26/2014

Industry Standards for Secure Network Access

As someone who is passionate not only about innovation in security but also about the standardization of those innovations, I thought I'd point out a few of the recent efforts that I've either been involved in, or am just very...

08/18/2014

MAB with Non-Cisco Switches

Blog describing MAC Authentication Bypass (MAB), and how to integrate Non-Cisco Switches with Cisco Identity Services Engine (ISE) for MAB.

08/07/2014

Simply put: How does certificate-based authentication work?

Simply put: How does certificate-based authentication work?

Here's a look at how certificate-based authentications actually works.

03/10/2014

A primer on support for 'Realm Stripping'

I am often asked about support for “Realm Stripping,” albeit mostly by those in the university space. It’s an interesting concept, certainly. The idea is that someone will issue an identity that includes some “routing” information...

01/27/2014

Using the DogTag CA with ISE 1.2

Dog Tag is an Enterprise-class open source Certificate Authority that Red Hat purchased from AOL back in 2004.  Red Hat opened it up to the open source community in 2008.  Dog Tag supports all aspects of certificate lifecycle...

08/14/2013

Load More