CCIE Quest

Generally, there are two forms of approaches that are used widely in networks today for User Credentials management i.e.  Username & Password based authentication and/or Certificate based authentication.First approach is easier to manage but if you choose easy passwords or your passwords are stolen, your identity can get compromised. 2nd approach requires little bit of management overhead but offers most security since your Identity Certificates can’t be forged that easily. However, if your laptop which has your Certificate installed gets stolen , your identity gets compromised. Both methods offer single layer of authentication.

Using any of the above methods alone, your identity can be compromised. Despite of losing user credentials (someone decoding your company’s global VPN Client group authentication key from the Cisco VPN Client PCF file – ) or certificates (stolen laptops , smartphones etc), is there any way to still protect your identity ? Well , this is where Two Factor Authentication comes into play.So, would you be able to ensure that even if your credentials were compromised , your identity is still secure ? Answer is Read more about Two factor authentication for Cisco VPN Solutions »

Since Cisco Secure ACS 5.X is based on a rule-based policy model, you can configure Policies (rules) based on a particular “condition” & apply a “result” if that condition is matched. In ACS terms, these conditions & results are called Policy Elements which constitute a Policy i.e. a Time based Access Restriction policy to allow VPN users access only on Weekend would have Weekend (Sat/Sun) as a Condition to match & apply an Authorization Profile to a user to grant them network/resource access.

We would focus on “Session Conditions” i.e. Date and Time conditions to define specific time/date on which you wish to grant access. Date and Time Conditions would be based on current date & time so it’s important to have NTP/time-zone configured correctly on ACS 5.X appliance. Configuring NTP is covered in detail here

Based on aforementioned Session Conditions, we would apply an action to it i.e. in ACS terms, it would be a result applied to match a condition in a policy. You can configure results under ‘Authorization & permissions‘. Results(action) could be any of following :

• Authorization Profiles
• Shell Profiles
• Command Sets
• Downloadable ACLs Read more about ACS 5.X : Time-based Access Restrictions »

In this blog post, i would cover steps you need to setup an Enterprise Certificate Authority (CA) & in subsequent posts, i would demonstrate how to install an Enterprise CA issued Identity Certificate on Cisco Secure ACS 5.X Server . I would also walk-through a scenario with Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) authentication setup for a Client.

As you might already know , Cisco Secure ACS 5.X already has a Self-Signed certificate (created during installation phase) . However, it can only be used for managing ACS via an administrative session (using HTTPS). This Self-Signed certificate cannot be used for any other purpose e.g EAP-TLS authentication etc. For this purpose, you require an External Certificate Authority to issue a certificate to an ACS Server 5.x . This post will show you how to setup an Certificate Authority (CA) on a Windows 2008 R2 Server. In next post, i would show how to generate a Certificate Signing Request (CSR) from ACS Server 5.X ,using CA to issue certificate & importing that certificate to Cisco Secure ACS 5.x & using it in EAP-TLS authentication scenario. More scenarios are covered in underlying Cisco Secure ACS 5.X Scenario based deployment Guide

Let’s first setup a Certificate Authority on a Windows 2008 R2 Server Read more about Configuring Cisco Secure ACS 5.X with an Enterprise CA issued Identity Certificate »

This tutorial will help you learn & integrate Microsoft Office Communication Server 2007 (MOCS) to Unified Presence Server (CUPS) using Remote Call Control (RCC) feature .Its covered in 2 parts. This tutorial is part of  CUPS Deployment Video Guide here

Cisco Unified Presence is a standards-based enterprise platform that brings people together in and across organizations in the most effective way. This open and extensible platform facilitates the highly secure exchange of availability and instant messaging (IM) information between Cisco Unified Communications and other applications.

Here is the tutorial : Read more about How to integrate Microsoft Office Communication Server 2007 (MOCS) to Presence Server using Remote Call Control (RCC) »

In this tutorial , you will earn to perform sniffing using CUPS builtin-application sniffer and analyze traffic using SIP Workbench and Wireshark tools.This tutorial is part of  CUPS Deployment Video Guide here .

Cisco Unified Presence is a standards-based enterprise platform that brings people together in and across organizations in the most effective way. This open and extensible platform facilitates the highly secure exchange of availability and instant messaging (IM) information between Cisco Unified Communications and other applications.

Here is the Tutorial link : Read more about Setup CUPS Built-In Application Sniffing »

This tutorial will cover setting up SFTP Server and SFTP Client as a pre-requisite to CUPS day to day operations/maintenance tasks..This tutorial is part of  CUPS Deployment Video Guide here .

Cisco Unified Presence is a standards-based enterprise platform that brings people together in and across organizations in the most effective way. This open and extensible platform facilitates the highly secure exchange of availability and instant messaging (IM) information between Cisco Unified Communications and other applications.

Here is the Tutorial link : Read more about How to Setup an SFTP Server and SFTP Client for Unified Presence Server backup tasks »