MFA All Things: Infrastructure

By now you should know that username and Password123 are not enough to protect access to your data. Even creating a complex password or a pass-phrase (which you should do) might not help you when your info gets dumped out on the internet from the latest data breach. Multi-factor Authentication (MFA) can help add another layer of verification to make sure you really are the person who is going to access a resource and not just someone who knows a username and password. In this entry, we will use Duo as our MFA solution with Cisco ISE configured for Device Management to verify who I am when I try to login to a network switch. Continue reading “MFA All Things: Infrastructure” →

January 12, 2022 0

Device Management with Cisco ISE

Cisco’s Identity Services Engine (ISE) allows network and security teams to implement policy enforcement and weave in network access control in an automated fashion. ISE provides the visibility to allow intelligent decision making that gives administrators granular control. This granular control serves as a benefit when it comes to managing devices. What does Device Management look like with ISE? How do we utilize TACACS+ based AAA to give administrators granular control? This blog entry will dive into those details. Continue reading “Device Management with Cisco ISE” →

December 23, 2021 1

Simple Cisco FMC Upgrades

I’ve only recently started diving a bit deeper into Cisco Firepower. I’ve heard some mixed reviews regarding using and upgrading Firepower Management Center and the FTDs. Some have had decent luck while others seem to run into issues. As I have an FMC that is non-production (for now), I’ve decided to upgrade it to the latest version and find out for myself how difficult these upgrades are. I’ll also need to head into version 6.7 for some SAML capabilities on the FTDs. One factor you should look for when deciding to use certain products is how easy it is to maintain them. Continue reading “Simple Cisco FMC Upgrades” →

July 20, 2021 0

2021: Thinking Forward

Who doesn’t love to make plans and have goals? It’s January of 2021. Let’s not discuss what happened last year. Many of us accomplished different things and many of us did not. No matter what happened last year, I’d like to look forward to making plans for this year. However, making plans is not enough. Executing is what needs to happen. Sometimes our execution is derailed by many outside factors throughout the year. This will happen. I believe it is best not to thrust all of our worries on the things we cannot control. Let’s focus our energy on the what is within our reach. As a network engineer, there are a few goals I want to briefly write about. I am hoping writing it will help keep me accountable. Continue reading “2021: Thinking Forward” →

January 4, 2021 0

DNS Security With Palo Alto

I blame DNS! Oh wait, that’s not what I am writing about. Domain Name Service (DNS) is a foundational piece to communication. Unless you know every IP address for every website you want to visit, you are going to need DNS. Users and services all over the world rely on DNS to seamlessly communicate. What a great opportunity for attackers to lead users to malicious destinations. DNS Security provides us a way to stop malicious requests from users’ devices from ever reaching those destinations. There multiple solutions out there to secure the DNS-layer. The focus of this entry is to explore Palo Alto’s solution to DNS Security. Continue reading “DNS Security With Palo Alto” →

November 9, 2020 0

Blog at WordPress.com.

Up ↑