Security
Debating SSL Decryption in 2024
Yet another day brings another meeting about another security product recommending SSL Decryption at our network edge.
Will 2023 be the year of Artificial Intelligence for InfoSec?
Gartner has been saying that “next big thing” in network security is the increased use of artificial intelligence (AI) and machine learning (ML) technologies for years now… Mainly …
Ixia Vision ONE – Tap the Planet
Whenever I start talking about network visibility and aggreagation taps I can’t help but think of The Matrix.
ASA v9.4 Elliptic Curve Cryptography with TLS1.2
With ASA version 9.4 Cisco has added support for Elliptic curve cryptography (ECC), which is one of the most powerful types of encryption in use today.
Cisco ASA Packet Captures for Fun and Profit
As many of you know my background isn’t in enterprise, but I currently fill that role in my $job.
Double NAT – Cisco ASA 8.4+
Recently I was faced with an issue outside my normal expertise… those of you that know me realize I am anything but a security engineer.
Cisco IPS Fun
Since I’ve recently had some fun working with the Cisco 5585-X and the IPS blades, I wanted to document some of the information I learned while getting them online.
Gigamon and the Great Pumpkin
I could’ve just as easily called this article Gigamon… fixing problems you didn’t know about or Why Gigamon scares the crap out of me — but I wont, because they already did!
Best Practices and Securing Cisco IOS
Everyone has different views on hardening IOS, and while I do not claim to be an expert, these are the practices that I commonly use when bringing up a new device.
Time-based ACLs
Ever since Cisco released IOS 12.0.1T we’ve had the ability to broaden the reach of the extended ACL to allow the influence of time.
Poor man's VPN connection
Have you ever needed to access a site that had an IP restriction, or one inside your remote network?
IOS ACL Resequencing
This is one of those tricks you wish you learned about 10 years ago, but never did. You know how easy it is to mess up a nice looking access list.
Securing SSH against bruteforce attacks
This is one of the methods I’ve used in the past to secure a Linux host against brute force ssh attacks.