MFA All Things: Infrastructure

By now you should know that username and Password123 are not enough to protect access to your data. Even creating a complex password or a pass-phrase (which you should do) might not help you when your info gets dumped out on the internet from the latest data breach. Multi-factor Authentication (MFA) can help add another layer of verification to make sure you really are the person who is going to access a resource and not just someone who knows a username and password. In this entry, we will use Duo as our MFA solution with Cisco ISE configured for Device Management to verify who I am when I try to login to a network switch. Continue reading “MFA All Things: Infrastructure”

The Career Change

We make choices everyday. Some of the choices are simple. Do I wear pajama pants or jeans today? Am I having breakfast? Do I want coffee? Whether it is a yes or no, those choices are not life changing. However, once in a while there are more complex choices to make. Do I want to move to a different company? Is it time for a career change? Those questions are not easily answered. They require thought. Big changes impact your life. They can impact your family’s lives. Wanting to grow and wanting more led me to ask those questions. The answers led me to a change from a life in operations into a sales role. Continue reading “The Career Change”

Simple Cisco FMC Upgrades

I’ve only recently started diving a bit deeper into Cisco Firepower. I’ve heard some mixed reviews regarding using and upgrading Firepower Management Center and the FTDs. Some have had decent luck while others seem to run into issues. As I have an FMC that is non-production (for now), I’ve decided to upgrade it to the latest version and find out for myself how difficult these upgrades are. I’ll also need to head into version 6.7 for some SAML capabilities on the FTDs. One factor you should look for when deciding to use certain products is how easy it is to maintain them. Continue reading “Simple Cisco FMC Upgrades”

Firepower, ISE, and Duo: VPN Config

When it comes to a user’s Remote Access, Cisco’s AnyConnect has been a leader. It just works. That has been my experience as a user. That experience is also consistent for a user if their remote connection has a headend of an ASA or Firepower. However, one thing to note is that the backend administration and setup of Remote Access is different between the two. The ASA’s Remote Access setup has many bells and whistles that Firepower does not, but Firepower’s setup is pretty simple. We’re going to be setting up Remote Access using Firepower, but we are also going to leverage the Cisco Identity Services Engine for authorization policies as well as Cisco Duo for that extra layer of Multi-Factor Authentication protection. Continue reading “Firepower, ISE, and Duo: VPN Config”

Adventures in Troubleshooting: Chapter 1

To quote the late Bob Ross, “It’s hard to see things when you are too close. Take a step back and look.” When you are in the middle of those early morning troubleshooting sessions, it can be easy to panic. First, you are dealing with being woken up abruptly; everything is fuzzy. Then the person on the other end of the line might not be able to explain exactly what is happening. This combination usually leads to some fun times, sarcastically speaking. The best advice is to take that step back and look at the overall picture. No matter what your troubleshooting approach might be, the goal is to have one. The worst thing you can do is aimlessly wander around hoping to bump into the solution. In this entry I will dig into my mental ticket system of random issues I’ve ran into over the years, pull out three, and cover how those issues were resolved. Continue reading “Adventures in Troubleshooting: Chapter 1”

2021: Thinking Forward

Who doesn’t love to make plans and have goals? It’s January of 2021. Let’s not discuss what happened last year. Many of us accomplished different things and many of us did not. No matter what happened last year, I’d like to look forward to making plans for this year. However, making plans is not enough. Executing is what needs to happen. Sometimes our execution is derailed by many outside factors throughout the year. This will happen. I believe it is best not to thrust all of our worries on the things we cannot control. Let’s focus our energy on the what is within our reach. As a network engineer, there are a few goals I want to briefly write about. I am hoping writing it will help keep me accountable. Continue reading “2021: Thinking Forward”

The Occasion for Segmentation

Today’s networks have security and visibility requirements that can warrant complicated designs. A proper routing design takes time. Implementing security takes some thought. Having a properly segmented network goes beyond tossing a bunch of VLANs on a switch. One of the goals in a segmentation design is to engage the business and find out the who, what, where and why of communication in the network. If you know those business purposes, you can design around it. You can implement routing and firewall rules to control who or what has access to certain assets. In this entry to the blog, I have implemented a basic segmented network using EVE-NG. Let’s take a tour! Continue reading “The Occasion for Segmentation”

DNS Security With Palo Alto

I blame DNS! Oh wait, that’s not what I am writing about. Domain Name Service (DNS) is a foundational piece to communication. Unless you know every IP address for every website you want to visit, you are going to need DNS. Users and services all over the world rely on DNS to seamlessly communicate. What a great opportunity for attackers to lead users to malicious destinations. DNS Security provides us a way to stop malicious requests from users’ devices from ever reaching those destinations. There multiple solutions out there to secure the DNS-layer. The focus of this entry is to explore Palo Alto’s solution to DNS Security. Continue reading “DNS Security With Palo Alto”

Blog at WordPress.com.

Up ↑