NetworkingNexus.net

Firepower Access Control Policies

The Firepower ecosystem is a powerful NGIPS/NGFW solution. At that heart of the configuration construct is what is known as the Access Control Policy. Comparing this to something familiar is possible by thinking about the much simpler filtering feature in the ASA. For comparison, an ASA’s access-list (ACL) has multiple access-control entries (ACE’s). Each of these entries can refer to object-groups, networks, and protocols and can apply a permit or deny action.

The Access Control Policy in Firepower is a similar concept, but there are many additional facets that are pulled together to provide a more comprehensive policy application mechanism. This article only covers the major areas of this policy control construct. There are items which are beyond the scope including variable sets and manipulating the behavior of http response pages.

Specific to the policy application, there are two main areas of the the Access Control Policy. The first area is what is known as Security Intelligence. In the policy, this is found on the second tab from the left and provides a framework for blacklisting. There are many feeds provided directly from Cisco’s Talos organization and are ready for consumption by the security policy.

The action for each feed that is Continue reading

Special Pre-Prime Discount on Jaybird X2 Sport Wireless Bluetooth Headphones – Deal Alert

With a regular list price of $149.99, the current discount makes the Jaybird X2 Sport is now available with a 45% discount for this pre-Prime Day deal. Features include: Premium Bluetooth Audio For Skip-Free Music Outdoors 8 Hours of Music + Calls With Complete Remote Controls Secure Over/Under-Ear Fit Options Lifetime Sweat proof Warranty Includes Comply Premium Sport Memory Foam Ear Tips, Patented Secure-Fit Ear Fins, Friction-Fit Silicone Sport Carrying Case, Silicone Ear Tips, Charging Cable & Cord Management Clips. Jump to Amazon now for additional details, and to explore buying options.To read this article in full or to leave a comment, please click here

$30 off Lumo Lift Posture Coach, Today Only – Deal Alert

If your posture needs to be improved, this deal may be worth your consideration. With Lumo Lift, get gentle vibrational reminders for your posture whenever you slouch. Track your posture hours, steps taken, distance travelled and calories burned through the companion iOS, Android or Windows Desktop Lumo Lift app. For today only, Amazon is discounting the Lumo Lift posture coach by $30, making it available for just $50. It currently averages 4 out of 5 stars from over 1,900 customers (read reviews). Take advantage of today's deal on Amazon right now.To read this article in full or to leave a comment, please click here

Omni Hotels was hit by point-of-sale malware

Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information.The attack on the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.Omni in Dallas, Texas, said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.To read this article in full or to leave a comment, please click here

Omni Hotels was hit by point-of-sale malware

Houston, we have code!

Did you know that the computer that coordinated the Apollo 11 mission that landed on the moon, the Apollo Guidance Computer, had about 0.08 percent of the processing power of an iPhone 5s? That it had just 2K of RAM and ran at 1.024MHz and its external signaling ran at 512Khz ? That it had only four 16-bit registers and 32KB of storage? Despite having so little power, the AGC guided the Apollo 11 mission across more than 221,000 miles of space to land on the moon then brought them back again. Amazing. And check out the AGC's user interface:To read this article in full or to leave a comment, please click here

I hunted Pokemon by two of the world’s most famous landmarks and all I caught was a lousy Zubat

If you’ve not seen it, the new Pokemon Go mobile game lets you walk around town interacting with local landmarks via your phone’s screen. You’ll likely find plaques, artworks and other local facts about where you live and work that you never knew existed. And then, every once in a while, a wild Pokemon will appear on the ground next to you (it’s invisible but you can see it on your phone’s screen) and you’ve gotta catch it by flicking Pokeballs at it. There are some exotic Pokemon and many boring ones. Perhaps I was hoping for too much when I stood beneath Sydney’s iconic Harbour Bridge, looking out across the water to the enormously-famous Sydney Opera House only to be notified that the wild Pokemon that had appeared was this.To read this article in full or to leave a comment, please click here

Performance Review of Overlay Tunnels with Open vSwitch

In my previous article I presented various encapsulation techniques used to extend Layer 2 reachability across separate networks using tunnels created with Open vSwitch. Although the initial intention was to include some iperf test results, I decided to leave these for a separate post (this one!) because I hit few problems.

Cayenne, how to manage a frustration of IoT devices

Collective nouns are fascinating. You start with the basics — a flock of seagulls, a herd of buffalo, a school of fish, an army of ants — then you move on to the more interesting ones — a lodge of beaver, a mob of kangaroos, a warren of rabbits, a covey of grouse. Now we come to the truly great collective nouns: An unkindness of ravens, a murder of crows, a parliament of owls, an implausibility of gnus, an ambush of tigers, and a descent of woodpeckers. We also have collective nouns for things: A box of crayons, a pad of paper, and so on. There are also the invented collective nouns; a purchase of senators, a deficit of economists, a shortage of dwarves, and for all you GoT fans, a weyr of dragons (okay, so that was made up by Anne McCaffrey but it works even better for GoT). To read this article in full or to leave a comment, please click here

BRKEWN-2019 — 7 Ways to Fail as a Wireless Expert

Presenter: Steven Heinsius, Product Manager, Enterprise Networking Group

I'm hoping the title of this session could also be “7 Ways to not be a TOTAL Wireless Noob” since that's more my level. ?

BRKIOT-2109 — Connecting Oil and Gas Pipelines

Presenters:

Rick Irons-Mclean, Oil & Gas and Energy Architecture Lead
Jason Greengrass, IoT Solution Architect

Bugs & Bugs: As in, the software kind — and insects

Network World this past Friday afternoon launched the alpha version of our possibly regular new Facebook Live stream dubbed Bugs & Bugs, as in the software kind and actual insects.I've joined forces with our resident IT security expert, Tim Greene, who handles the software bugs side of things. I, an amateur entomologist, take charge of the insect news.Perhaps surprisingly, there is no shortage of either. Between Tim checking out the new Stuxnet documentary Zero Days and reviewing new research from New York University and others to help reduce software bugs, and me catching up on the Gypsy Moth invasiion and a cyborg locust, we had no shortage of material.To read this article in full or to leave a comment, please click here

Bugs & Bugs: As in, the software kind — and insects

Hacker claims to have breached Amazon server, dumped data on nearly 84,000 Kindle users

After a person claiming to be a security researcher “declared war on the Baton Rouge police” and took credit for the data breach after the shooting death of Alton Sterling, he took aim at Amazon. 0x2Taylor In a Twitter direct message, hacker @0x2Taylor told Mic the he and a buddy “’breached a server’ owned by Amazon that contained database files with more than 80,000 Kindle users’ information.”To read this article in full or to leave a comment, please click here

Hacker claims to have breached Amazon server, dumped data on nearly 84,000 Kindle users

CCIE DCv2 Techtorial @ Cisco Live US 2016

This morning I’m in Las Vegas for Cisco Live 2016, and am attending TECCCIE-3644 – CCIE DC Techtorial which focuses on the new CCIE Data Center v2 updates.

I’m live blogging the session so please feel free to submit your questions for the CCIE team as a comment here and I’ll try to get an answer for you.

Slides from the session are available here.

Update 6 – 13:55PDT - UCS will be running 3.x, not 2.x as currently listed on the blueprint.

Update 5 – 11:30PDT - Starting Storage Networking now. Interested to see what the scope is going to be now with the MDSes removed and the N9K’s added.

Update 4 – 09:15PDT - One major format change for the CCIE DCv2 Lab Exam is the introduction of the Diagnostics section, similar to other tracks such as RSv5. Here are some highlights and demo questions illustrating the format of the Diag section.

Diag section consists of one or more independent Tasks.
Each Task can have one or more Questions.
Questions are typically 1 point apiece, but could be 2 or 3 points.
Each Question within a task is graded individually. It is possible to get Task Continue reading

Pseudowire Headend Termination (PWHT) For Juniper MX

I’ve been doing quite a lot of MX BNG stuff this year, so I thought I’d run through another quite flexible way of terminating broadband subscribers onto a Juniper MX router.

The feature is called Psuedowire headend termination, “PWHT” or simply Psuedowire head-end “PWHE” depending on whether you work for Cisco or Juniper? but it essentially solves a relatively simple problem.

In traditional broadband designs – especially in DSL “FTTC” or Fibre Ethernet “FTTP” we’re used to seeing large numbers of subscribers, connecting into the ISP edge at layer-2 with PPPoE or plain Ethernet. This is normally performed with VLANS, either via an MSAN (DSL/FTTC) or as is the case with Ethernet FTTP subscribers – a plain switched infrastructure or some form of passive-optical (PON/GPON) presentation:

Capture

These subscribers then terminate on a BNG node on the edge of the network, which would historically have been a Cisco 7200, GSR10k, Juniper ERX or Redback router, which essentially bridges the gap between the access network and the internet.

For very large service providers with millions of subscribers this sort of approach normally works well, because their customer base is so large; it makes sense for them to provision a full-size BNG node Continue reading

Saving Money with IOT Water Heater

About six months ago I installed an Energy Efficient water heater. This unit is what is known as a heat pump water heater. For those not familiar with refrigeration, this works by moving heat instead of creating heat. By contrast, traditional electric water heaters use resistance coils to heat the water. This new unit also has traditional coils that can be used for high demand or high temperature settings as well.

I guess by now everyone is wondering what this has to do with the topics we discussed at PacketU. To better understand the relationship, you can see that this Water Heater is also Connected to the Internet. The primary reasons I wanted to connect it to the Internet was to schedule the modes around my family’s usage patterns and control vacation mode from a mobile phone. When purchasing this unit I was quite skeptical and was concerned about transitioning from a simple conventional model to a mode that literally has moving parts.

I wanted to follow up and share my experience and why I now believe this was a good decision. I have been tracking my energy usage since installation and the results are promising. Without changing any other habits Continue reading

Docker Security presentation at Bangalore meetup

This link captures the slides on “Docker Security Overview as of release 1.12” that I presented at Docker Meetup, Bangalore on July 9, 2016.

Firepower Indications of Compromise

Several days ago I wrote an article about Firepower Sinkhole rules. While I was confirming this in a lab, I temporarily created a custom DNS sinkhole rule. That rule classified requests for temp.packetu.com as Command and Control and returned an IP address of 1.1.1.1. What I later noticed is that this caused my laptop to be classified with an IOC.

Indications of Compromise (IOCs) can be thought of as reasons why Firepower Management Console believes a host cannot be trusted or is otherwise affected by malware. These can be found in multiple places in the UI. I find the Context Explorer to be a good middle ground for most SecOps team members and a good place to notice whether current IOC’s exist.

My network is rather simple and I only currently have one IOC. In any case, I can use the Context Explorer to launch the host information for the impacted host.

IOC Context Explorer

Once the Host Profile screen is launched, I can get a little more about information about the activity that causes Firepower to believe that this is a compromised host.

Also notice that there is a garbage can icon to the right of the Indication of Compromise that was Continue reading

« Previous 1 … 2,836 2,837 2,838 2,839 2,840 … 3,844 Next »