Using Geolocation in Firepower Access Control Policies

The use of geolocation is fairly obvious in monitoring networks with Firepower Management Center. What may be less obvious is that Continents and Countries can also be specified as the source or destination of connections in an Access Control Policy. Basically, this geographical information becomes one more match criteria that can be used to identify traffic for a block or allow action.

To get to this capability, open the Access Control Policy that is in use by the Firepower device. Within the policy, open or create an applicable rule. On the network tab (where you configure the source and destination addresses) a Geolocation tab can also be found. Clicking on this tab exposes Continents and Countries. These can be added as sources and/or destinations.

ACPGEO

Note to reader: All Firepower content can be accessed by clicking here (or choosing Firepower from the menu at the top of the page).

As can be seen in the diagram above, I am creating a rule to block traffic to France. Before I save and deploy the policy changes to the device, I will confirm reachability to an IP address that exists in that part of Europe.

Last login: Mon Jul 17 11:48:29 on ttys000
PAULS:~ pauls$  Continue reading

Tools for TE with EIGRP

In response to my article about what would cause a directly connected route to be overridden, Matt Love (@showflogi) made a good observation:

What Matt is saying is that longest prefix match (LPM) is a mechanism that can be used to steer traffic around the network in order to meet a technical or business need. This type of traffic steering is called traffic engineering (TE).

Bluetooth Mesh takes aim at enterprise IoT, but hasn’t taken flight

The mesh networking features introduced to Bluetooth this week are designed to make the technology more appealing for enterprise IoT use. A lot depends, however, on which enterprise use case you’re talking about.Put simply, Bluetooth Mesh is a new technology that lets Bluetooth endpoints form networks among themselves, instead of having a central hub do the processing and sending all the instructions. That’s a big advantage since it overcomes the limited range inherent to the technology – as long as an endpoint is close enough to at least one other endpoint, it’s connected to the rest of the network, too.It’s a big change for the technology, according to Farpoint Group principal and Network World contributor Craig Mathias.To read this article in full or to leave a comment, please click here

Amazon, VMware rumored to be developing data center software

Amazon Web Services (AWS) and VMware are reportedly in talks about possibly teaming up to develop data center software products, according to The Information, which cited anonymous sources.Unfortunately, the article doesn’t have much if any detail on what that product would be. The speculation is it might be a stack-like product, since VMware already provides what would be the base software for such a product and stacks are becoming the in thing.Already there is OpenStack, the open-source product that runs cloud services in a data center, and Microsoft just shipped Azure Stack, its answer to OpenStack that will allow the same features of its Azure public cloud to run within a company’s private data center.To read this article in full or to leave a comment, please click here

Amazon, VMware rumored to be developing data center software

Amazon Web Services (AWS) and VMware are reportedly in talks about possibly teaming up to develop data center software products, according to The Information, which cited anonymous sources.Unfortunately, the article doesn’t have much if any detail on what that product would be. The speculation is it might be a stack-like product, since VMware already provides what would be the base software for such a product and stacks are becoming the in thing.Already there is OpenStack, the open-source product that runs cloud services in a data center, and Microsoft just shipped Azure Stack, its answer to OpenStack that will allow the same features of its Azure public cloud to run within a company’s private data center.To read this article in full or to leave a comment, please click here

Ninth Circuit Rules on National Security Letter Gag Orders

As we’ve previously discussed on this blog, Cloudflare has been challenging for years the constitutionality of the FBI’s use of national security letters (NSLs) to demand user data on a confidential basis. On Monday morning, a three-judge panel of the U.S. Ninth Circuit Court of Appeals released the latest decision in our lawsuit, and endorsed the use of gag orders that severely restrict a company's disclosures related to NSLs.

CC-BY 2.0 image by a200/a77Wells

This is the latest chapter in a court proceeding that dates back to 2013, when Cloudflare initiated a challenge to the previous form of the NSL statute with the help of our friends at EFF. Our efforts regarding NSLs have already seen considerable success. After a federal district court agreed with some of our arguments, Congress passed a new law that addressed transparency, the USA FREEDOM Act. Under the new law, companies were finally permitted to disclose the number of NSLs they receive in aggregate bands of 250. But there were still other concerns about judicial review or limitation of gag orders that remained.

Today’s outcome is disappointing for Cloudflare. NSLs are “administrative subpoenas” that fall short of a warrant, and are frequently accompanied Continue reading

REVIEW: 3 free open source reporting tools

Producing professional reports on-demand from a back-end database, especially one connected to a Web application, remains one of the sticky wickets in Web development. Commercial products are few and their eye-popping cost can be a barrier to entry for independent developers or smaller IT shops.To read this article in full or to leave a comment, please click here(Insider Story)

IoT could benefit from mesh-networking capabilities in Bluetooth

Bluetooth is about to get some significant new mesh networking capabilities -- and the best bit is, you may not need new hardware to benefit from them.Mesh networking will make it simpler to connect sensors across industrial sites, or to create smart home or building automation networks. Rather than wasting energy shouting to be heard by a distant gateway, devices will be able to whisper to their neighbors, asking them to pass messages.It will offer a new way for devices to join the Internet of Things. Once a building has a mesh network to control lighting, say, other devices can use it as wireless infrastructure for other applications such as asset tracking and wayfinding, said Martin Woolley, technical program manager at Bluetooth SIG, the organization behind the Bluetooth standard.To read this article in full or to leave a comment, please click here

IoT could benefit from mesh-networking capabilities in Bluetooth

Bluetooth is about to get some significant new mesh networking capabilities -- and the best bit is, you may not need new hardware to benefit from them.Mesh networking will make it simpler to connect sensors across industrial sites, or to create smart home or building automation networks. Rather than wasting energy shouting to be heard by a distant gateway, devices will be able to whisper to their neighbors, asking them to pass messages.It will offer a new way for devices to join the Internet of Things. Once a building has a mesh network to control lighting, say, other devices can use it as wireless infrastructure for other applications such as asset tracking and wayfinding, said Martin Woolley, technical program manager at Bluetooth SIG, the organization behind the Bluetooth standard.To read this article in full or to leave a comment, please click here

1 2,008 2,009 2,010 2,011 2,012 3,872