Testing ISAKMP with netcat

The Scenario In the course of my day to day job, I interact with VPNs on many devices (primarily IPSec VPNs on the Cisco ASA).  Often times the the simplest way to test an IPSec VPN is to fire up vpnc in a VM, change the config file as needed, and validate the connection. Sometimes though, you need to be more granular with your testing.  Perhaps the person controlling the other endpoint/peer is not in charge of…

Continue reading

300-208 SISAS – What Is Cisco ISE?

In my earlier post about the Cisco 300-208 SISAS (Implementing Cisco Secure Access Solutions) exam, I gave a brief overview of the exam and listed the exam topics as laid out by the Cisco Learning Community.  However, I felt that these largely boil down to a few key concepts related to Cisco ISE (Identity Services Engine): Understand what ISE is. Understand why you might use ISE in a wired or wireless network. Understand what ISE does at a protocol level.…

Continue reading

The Elusive A+ Rating on SSL Labs

I often have to talk people off a cliff because of their website’s (sometimes perceived) vulnerabilities on Qualys’ SSL Labs testing site.  They have received an A- score for their site after running the tests, and see a few things in yellow.  Suddenly, they begin to believe that every villain on the web is now running amok with their data.  The truth of the matter is that if your SSL configuration is rating at an A-, that configuration is…

Continue reading

300-208 SISAS – How to Tackle the Beast

The best way to finish something, is to begin it.  So I decided I would begin my prep for the 300-208 SISAS (Implementing Cisco Secure Access Solutions) exam, by laying out my personal study plan against the exam topics, found here on the Cisco Learning Community. The exam topics are broken into five broad categories, and Cisco also gives a general indication of what percentage of the exam is on each topic: 1.0 Identity Management/Secure Access – 33% 2.0…

Continue reading

CCNP Security – Halfway There

I am halfway towards my CCNP Security, and am finally gearing up to finish it.  When I completed the 642-618 FIREWALL and 642-648 VPN exams in the beginning of 2014, I was promptly sidetracked with the little things in life.  (Such as moving across the country, starting a new job, and finishing my BSIT at WGU.)  Knowing that the old CCNP Security exams had cycled out in April of 2014, I used Cisco’s CCNP Security Migration Path tool to…

Continue reading