In this post, we're going to dig in to the SMC Client and learn the structure a bit better. This will help us navigate around the StealthWatch system and find valuable information.
StealthWatch 6.8 and ISE Integration with CA-Signed Certificate
In this blog post, I'll go over StealthWatch and ISE integration with pxGrid. With this integration, ISE will share contextual information such as username and device information with StealthWatch and it adds the ability to do rapid threat containment to quarantine misbehaving endpoints. I'm going to use a CA-signed certificate in this post and later I'll add a post with self-signed certificates.
StealthWatch ProxyWatch with WSA
In this blog post, I'm going to go over ProxyWatch with StealthWatch. Many enterprises utilize proxies to protect their networks. They provide protection at the cost of visibility to other security solutions. ProxyWatch is a licensed feature that allows StealthWatch to see the translated address and associate it with the other side of the proxy conversation which provides more accurate troubleshooting and forensics. It's a bit like NAT stitching for proxies.
StealthWatch - External Lookups
In this post, I'm going to go through configuring custom Eternal Lookups. What External Lookups allow a user to do is to investigate external IP addresses and ranges utilizing external applications and lookups. StealthWatch already comes pre-configured with a few and allows an administrator to add their own.
StealthWatch 6.8 Appliance Administration
StealthWatch 6.8 Management Web Dashboard
StealthWatch Installation and Setup
StealthWatch Introduction
Lancope was founded back in 2000 and is a leading provider of network visibility and security intelligence to protect enterprises against today's top threats. The StealthWatch System uses NetFlow, IPFIX and other types of network telemetry to detect a wide range of attacks from a variety of threats including APTs, DDoS, zero-day malware and insider threats. Lancope was just recently acquired by Cisco late last year but the company itself had a very close relationship with Cisco prior to that and thanks to that relationship, it integrates quite well with a variety of existing Cisco solutions. In this first post, I'm going to dig into some of the components of the StealthWatch System.
Configuring and Troubleshooting NetFlow Part 2
Configuring and Troubleshooting NetFlow Part 1
Career/Job Advice and Observations
I get a lot of PMs on forums I'm on asking for job/career advice and I know there's always a ton of threads on IT forums on that vein as well. While there are multiple ways to get to the same destination and different ways to be successful, I'd like to share things that really worked for me or that I've observed
NetFlow CheatSheet
Chasing the CCIE Security Next
I've decided I'm going to be going after the CCIE Security next. There's a high likelihood that this track could change in the middle of my studying for it so I'm going to prepare using the latest technology. In this blog post, I'm going to chart out some of the different resources I'm going to use.
ISE 2.0 - Profiling
In a perfect world, you could authenticate your hosts onto the network with either dot1x or going through a guest portal but the reality is that not every device connected to your network will have the ability to navigate the guest flow or utilize dot1x. Unfortunately, most of us don't live in a perfect world and have to connect devices to our networks such as phones, IP cameras, printers, badge readers, access points, etc so for that reason, profiling comes in. What ISE will do is gather a series of attributes from the NADs that the endpoints are connected to and based on those collections of attributes, ISE is able to make a determination of what kind of device that endpoint is
ISE 2.0 - Hotspot Policy
In this post, I'm going to configure Hotspot access. Hotspot access is a little different than regular guest access in ISE. The use case for Hotspot is where you might want to allow guests to access the internet without issuing them credentials or directly identifying them but still have some level of control. An example of this is if you own a chain of retail stores and you want to give your customers guest access to the internet and you don't want them to have to self-register or disclose information about their identity. Hotspot would be the solution to provide access. With Hotspot access, you can have a branded portal for marketing reasons, have the user accept an AUP for legal reasons, redirect them to your company's page or maybe a webpage with the latest deals/coupons, and you can even have them enter an access code that you have displayed in this location to reduce random connections to the network from users not location in the establishment.
ISE 2.0 - Guest Policy
In this post, I'm going to create my guest wireless policy. Guest access is typically what you think of when you visit a company, connect to the wireless and then get a splash page to enter some sort of credentials you were either provided or you self-register to get your own credentials. I'm going to create a basic guest wireless policy but I'll walk you through some of the different options you can use with this policy if you want to play around with this in your own lab or you're looking to deploy this in your production network.
ISE 2.0 - MDM Configuration
In this guide, I'm going to walk through MDM integration with ISE. MDM is used to deploying, securing, monitoring, integrating and managing mobile devices in the workplace. The MDM software that is download to the mobile device can control the distribution of application and patches as well as control data and configuration on the endpoint.
ISE 2.0 - BYOD Policy Configuration
In this post, I'm going to walk through the BYOD policy configuration. This policy will be pushing certificate to my users via the SCEP profile we previously created inside ISE. I'll walk through some of the different options you can configure in this policy but overall, I'm going to keep the policy itself pretty simple.
ISE 2.0 - Understanding Policy and Configuring Dot1x
In this next post, I'm going to walk through the policy creation for dot1x for wired and wireless access. As stated in a previous post, I'm going to be using PEAP-EAP-TLS but there are many different methods you can use. I'm also going to configure differentiated access based on a user's role to demonstrate some of the possibilities with ISE.
Wireless Controller Configuration
In this post, I am going to configure my wireless controller to use ISE for AAA, set up my SSIDs, and configure other basic settings. I'm going to start from the initial installation of the Virtual Wireless Controller and go through those steps. After I have that completed, I will set up all the initial configurations you will need in order to have the Wireless Controller use ISE.