1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Recently, Cisco dropped some “unofficial” hints on new CCIE Security v4 track in a Cisco Small Business post. Probably, the official annoucement will be made soon so, if you are planning to sit CCIE Security Lab, it’s time to get ready.

Some tidbits from the relevant posts here :

The Real Life of an Expert: Introducing the New CCIE Security

CCIE Security 4.0 is unusual among security certificates for its up-to-date, real-world content. It emphasizes security competency and efficient problem solving in networks that use cloud services, carry voice and multimedia traffic, and are accessed by a variety of wireless devices.

The content, currently in development, may include real-world applications that involve:

  • Securing both wireless and wired networks, including managing security policy by device and service
  • Extending application awareness to security devices, moving security up to Layer 7 from the stateless packets of Layers 3 and 4, and applying policy on a per-identity basis
  • Applying security policy in a network that has voice and video traffic
  • Securing networks that use managed services, dual ISPs, IPv6, or IP multicast

Cisco will soon announce the blueprints for the CCIE Security 4.0 written and lab exams; the first exam will take place approximately six months later.

Although there are no prerequisites for registration, Cisco offers a preparation path through its CCNA and/or CCNP Security levels, and recommends that candidates have at least three years of hands-on network security experience. Read more about CCIE Security Version 4 Expected Soon! »

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Generally, there are two forms of approaches that are used widely in networks today for User Credentials management i.e.  Username & Password based authentication and/or Certificate based authentication.First approach is easier to manage but if you choose easy passwords or your passwords are stolen, your identity can get compromised. 2nd approach requires little bit of management overhead but offers most security since your Identity Certificates can’t be forged that easily. However, if your laptop which has your Certificate installed gets stolen , your identity gets compromised. Both methods offer single layer of authentication.

Using any of the above methods alone, your identity can be compromised. Despite of losing user credentials (someone decoding your company’s global VPN Client group authentication key from the Cisco VPN Client PCF file – ) or certificates (stolen laptops , smartphones etc), is there any way to still protect your identity ? Well , this is where Two Factor Authentication comes into play.So, would you be able to ensure that even if your credentials were compromised , your identity is still secure ? Answer is Read more about Two factor authentication for Cisco VPN Solutions »

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Since Cisco Secure ACS 5.X is based on a rule-based policy model, you can configure Policies (rules) based on a particular “condition” & apply a “result” if that condition is matched. In ACS terms, these conditions & results are called Policy Elements which constitute a Policy i.e. a Time based Access Restriction policy to allow VPN users access only on Weekend would have Weekend (Sat/Sun) as a Condition to match & apply an Authorization Profile to a user to grant them network/resource access.

We would focus on “Session Conditions” i.e. Date and Time conditions to define specific time/date on which you wish to grant access. Date and Time Conditions would be based on current date & time so it’s important to have NTP/time-zone configured correctly on ACS 5.X appliance. Configuring NTP is covered in detail here

Based on aforementioned Session Conditions, we would apply an action to it i.e. in ACS terms, it would be a result applied to match a condition in a policy. You can configure results under ‘Authorization & permissions‘. Results(action) could be any of following :

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

In this blog post, i would cover steps you need to setup an Enterprise Certificate Authority (CA) & in subsequent posts, i would demonstrate how to install an Enterprise CA issued Identity Certificate on Cisco Secure ACS 5.X Server . I would also walk-through a scenario with Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) authentication setup for a Client.

As you might already know , Cisco Secure ACS 5.X already has a Self-Signed certificate (created during installation phase) . However, it can only be used for managing ACS via an administrative session (using HTTPS). This Self-Signed certificate cannot be used for any other purpose e.g EAP-TLS authentication etc. For this purpose, you require an External Certificate Authority to issue a certificate to an ACS Server 5.x . This post will show you how to setup an Certificate Authority (CA) on a Windows 2008 R2 Server. In next post, i would show how to generate a Certificate Signing Request (CSR) from ACS Server 5.X ,using CA to issue certificate & importing that certificate to Cisco Secure ACS 5.x & using it in EAP-TLS authentication scenario. More scenarios are covered in underlying Cisco Secure ACS 5.X Scenario based deployment Guide

 

Let’s first setup a Certificate Authority on a Windows 2008 R2 Server Read more about Configuring Cisco Secure ACS 5.X with an Enterprise CA issued Identity Certificate »

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

This tutorial will help you learn & integrate Microsoft Office Communication Server 2007 (MOCS) to Unified Presence Server (CUPS) using Remote Call Control (RCC) feature .Its covered in 2 parts. This tutorial is part of  CUPS Deployment Video Guide here

Cisco Unified Presence is a standards-based enterprise platform that brings people together in and across organizations in the most effective way. This open and extensible platform facilitates the highly secure exchange of availability and instant messaging (IM) information between Cisco Unified Communications and other applications.

Here is the tutorial : Read more about How to integrate Microsoft Office Communication Server 2007 (MOCS) to Presence Server using Remote Call Control (RCC) »

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

In this tutorial , you will earn to perform sniffing using CUPS builtin-application sniffer and analyze traffic using SIP Workbench and Wireshark tools.This tutorial is part of  CUPS Deployment Video Guide here .

Cisco Unified Presence is a standards-based enterprise platform that brings people together in and across organizations in the most effective way. This open and extensible platform facilitates the highly secure exchange of availability and instant messaging (IM) information between Cisco Unified Communications and other applications.

Here is the Tutorial link : Read more about Setup CUPS Built-In Application Sniffing »

hide totop
  • RSS
  • Facebook
  • Twitter
  • RSS
  • Facebook
  • Twitter