Posted by: Pete Welcher
on Feb 19, 2010
This article continues the discussion started in a prior blog titled Configuring the Customer Side of an MPLS VPN WAN, Part 1 (of course). It can be found at http://www.netcraftsmen.net/resources/blogs/configuring-the-customer-side-of-an-mpls-vpn-wan-part-1.html.
Posted by: Rob Chee
on Feb 9, 2010
The Cisco AnyConnect VPN client is Cisco’s SSL VPN client offering. Cisco currently supports this VPN client and the legacy IPSec VPN client, called the Cisco VPN Client. The Cisco VPN client will be phased out over time. This can be seen by the Cisco VPN Client FAQ explaining that 64 bit operating systems are not supported by the Cisco VPN client, but are supported by the Cisco AnyConnect VPN client.
Posted by: Bob Bagheri
on Feb 8, 2010
For those of you that think professional hackers don't care about your small business, let me introduce you to Zeus, the number one threat of 2009. According to SC Magazine:
Posted by: Bob Bagheri
on Feb 2, 2010
Recently a client approached me about improving their VPN authentication. Although the current VPN authentication method had been in place for many years without any issues, the new IT manager's goal was to migrate the Windows server farm to the latest and greatest version (Windows Server 2008) and improve the authentication to the domain controllers by utilizing group memberships within AD. After a few months, this became an urgent issue because they were moving forward with their Microsoft domain controller upgrades to a Virtual Windows Server 2008 environment. This upgrade would require the use of LDAP as the communication protocol between the ASA and the server(s).
Posted by: Rob Chee
on Jan 17, 2010
MARS and Cisco IPS are synchronized for the official IPS signatures created by Cisco. This is done through the automatic updates that occur on the IPS side and on the MARS side. On the IPS side, this done by configuring “Configuration > Sensor Management > Auto/Cisco.com Update” within IPS Manager Express (IME). This is shown below
Posted by: Rob Chee
on Nov 25, 2009
Cisco NAC appliance 4.7.1 was just recently released. The main new features are support for Windows 7 and Apple Macintosh OS 10.6 (Snow Leopard).
Posted by: Rob Chee
on Nov 25, 2009
Email security is an important facet of data protection, both for enterprises and individuals. Email security can be implemented to perform email authentication and/or email encryption. Both authentication and encryption are provided using Secure/Multipurpose Internet Mail Extensions (S/MIME) with public key cryptography (PKI). The basic requirements for PKI are a certificate authority (CA), a private key, and a public key. An example is shown later that explains how to set up PKI for email using Comodo as the CA and Mozilla Thunderbird as the email client.
Posted by: Rob Chee
on Nov 21, 2009
The Cisco Security team had started a podcast series through iTunes in 2008. They had 7 podcasts and then it died out. The podcasts are still available, on iTunes. Just search on Cisco and you'll see the Cisco security podcasts as well as other Cisco podcasts.
Posted by: Rob Chee
on Nov 8, 2009
SNMP is one of the key technologies used in out-of-band Cisco NAC Appliance deployments. The NAC Manager sends SNMP GET commands to the access switches to learn about the switch port configuration. The NAC Manager also sends SNMP SET commands to the access switches to change individual switch ports from the authentication VLAN to the access VLAN and vice versa. The access switches send SNMP traps to the NAC Manager to tell the NAC Manager about individual switch ports that go up or down and switch ports that have new MAC addresses connected to them. With that information, the NAC Manager can decide whether the switch port should be moved back to the authentication VLAN.
Posted by: Pete Welcher
on Sep 18, 2009
I just spent some time on an interesting and somewhat obscure ASA troubleshooting problem. It ended up being resolved by a note in some of the Cisco web pages, something I suspect is an often-missed but important little tidbit. And I suspect it is quietly a potential problem or irritant for all those of us who missed it. It applies to any router or firewall doing NAT.
Resources 
