I'm posting this blog with intentions of helping you with some best practices around your Cisco AnyConnect Remote-Access VPN (aka: RA-VPN) configuration. With these best practices, I will try to include the different thought-patterns around "why" a company might choose to deploy 1 way or another, but my recommendations will still stand as MY best practice, which also matches what the AnyConnect business unit at Cisco recommends, as well.
Brief understanding of what Zero Trust is, what the history is that got us where we are today, and what gap exists between true ZT & the capabilities in the industry today.
The idea for this blog post came to me during a discussion around some recent research performed by Cisco's Talos threat research group. The post: Advanced Mobile Malware Campaign in India uses Malicious MDM authored by Warren Mercer, Paul Rascagneres and Andrew Williams and the follow-up post containing additional research found here: Part-2. In this … Continue reading Security of the Modern Mobile OS
In order to use Cisco Security Connector (CSC) for iOS, the endpoint must first be in supervised mode and managed by an MDM. The easiest way to manage Apple iOS devices is to use Apple's Device Enrollment Program (DEP); which is now rolled into their new Apple Business Manager (ABM) program. However, there are certainly … Continue reading Using Configurator 2 to prep iOS for CSC
So I am often asked this question, so I figured I would blog it & then be able to just send a link to the blog to the next person(s) who ask this question. The magic question I'm referring to is: "how do I configure an email notification for events in AMP". I guess I … Continue reading Configuring Notifications with Cisco AMP
Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have uncovered a new attack against devices using the Long-Term Evolution (LTE) network protocol. LTE, which is a form of 4G, is a mobile communications standard used by billions of devices and the largest cellular providers around the world. In other words, the attack can … Continue reading Protecting iOS against the aLTEr attacks
I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers. While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up. Cisco … Continue reading My experience at Cisco Live 2018 in Orlando
The date was June 26th 2017. Cisco’s CEO, Chuck Robbins, was delivering his keynote at Cisco Live US in Las Vegas. Out comes a very special guest, Apple’s CEO, Tim Cook, who sat on a stool next to Chuck & they announced a few things to the world that were coming out of the Apple|Cisco … Continue reading Workaround to restore a non-supervised iOS backup onto a supervised iOS phone
Thanks for joining me! I am creating this as a location to blog without filter and without restriction. This is a work in progress, but I will be bringing my previous blog posts into this site and adding FULL blog entries instead of the limited ones my previous blog was restricted to. So much time … Continue reading The Journey Begins
When we added a certificate authority (CA) to Cisco's ISE in version 1.3, there was a tremendous interest level from the field. Companies were looking for this functionality to make BYOD and secure network access from endpoints more secure and there was a LOT of buzz about this functionality. As the guy who flew all … Continue reading Cisco ISE API for Certificate Provisioning