I just returned home after spending almost a week in London attendingCisco Live. Much can be said about the event and many has already summarized their experience, so the plan for this blog post is to make a short resumé of the sessions I attended to. Many were great, most were good but a few were less than good. I skip the latter here and focus on the best pieces.
TECSEC-3030 – Advanced Network Access Control with ISE
This was a techtorial, which means that the session covers a full 9-hour day of presentation. Relative to most people I have a lot if experience with Cisco ISE. I have attended a 5-day pre-ATP class for Cisco ISE and done a handfull of implementations. Nevertheless, this techtorial was really relevant for me since I got a lot of repetitions of theories and behind-the-scenes that is easy to forget about in the daily work. Also, since the speakers have so much in-depth knowledge of this new product is gives alot to hear what they say (and what the do not say). I am totally convinced that Cisco has raised the old 802.1x-horse to a new level by combining products like ISE and Anyconnect with the new concept of TrustSec to allow the right device access to the right parts of the network, not only defined by what user is using the device but also based on how it is connected (wired/wireless/vpn) and what kind of device is it (comporate computer/private Ipad/mobile phone). This rocks!
BRKNMS3134 – Advanced NetFlow
Netflow is a protocol to gather information about network traffic for further analyzis. Instead of analyzing the traffic-flow inline, netflow-enabled devices (routers) collects information about which devices that “talks” to who, amount of traffic and ports. This information is sent to Netflow collectors for analyzis.
I am not a netflow-guy. I have only tried it a few times. But this Live-session was really cool. With Flexible Netflow the sky is the limit when it comes to which kind of information to select and where to send it. Netflow v9 is the key!
BRKSEC-2071 – Securing DNS
The fact that there are vurnerabilities in the DNS-procotol is nothing new. And it has been known for a while now that DNSSEC is the solution to most security-related DNS-issues. The session contained a live demo of DNS-cache poisoning a´la Kaminsky and thereafter a complete walkthru of actions to prevent this from happening.
The speakor Stenthor Bjarnason really showed in-depth knowledge in the subject!
BRKSEC-3005 – Advanced IEEE 802.1x for wired networks
This session was an advanced session that discussed all aspects of 802.1x-implementations in wired networks. It went through the concept of authentication and authorization, radius-attributes for downloadable access-lists and vlan-changes and discussed aspects on how to handle non-802.1x-enabled devices with MAB. Further on there was a lot of information about how to troubleshoot dot1x and how to handle PKI in dot1x-implementations. The speaker was awesome!
BRKIPM-2999 – LISP – A Next Generation Networking Architecture
I am not a thru router guy. At least not compared to my fellow r/s-friends who eat MPLS for breakfast. So attending a LISP session was really a step out of my comfort zone. But it was so cool! It is not easy to explain in a few centences what LISP is. In short you can say that LISP is a new way to rout ip packets, not only based on destination but on other parameters aswell. And since these parameters are stored in central units, you can say that LISP uses something similar to DNS to query how to route traffic. And in a sence you can also say that LISP is a way to tunnel traffic. This will be big!
BRKSEC-2046 – Deploying Security Group Tags
SGT is one of the building blocks that builds the foundation of Cisco TrustSec. In short: SGT is a way to tag packets ingress in access layer devices so that they can be filtered egress centrally. The reason to do this as a complement to a firewall is to gain speed. Also, in 802.1x-enabled networks the access-switch has a lot of knowledge about the traffic (type of device, authentication information…) which means that traffic can be tagged (and further filtered) not only based on ip-information but also based on username/device type/connection type/<insert almost anything here>.
BRKSEC-3033 – Advanced Anyconnect Deployment and Troubleshooting with ASA 5500
This was my favourite. It is always a pleasure to listen to Håkan Nohre, imho one of the greatest brains when it comes to Cisco ASA and Cisco-based security solutions. I know this subject by heart so I cannot say that there was a lot of news for me. But it it really cool to listen to how inspired and excited Håkan is when he talk about what he loves most.
I must say that all sessions on Cisco Live keeps a very high quality when it comes to content and how it is presented. I have left out a few of the ones I attended here and the reason for not all sessions being perfect for me was not the content but more that I choose the wrong sessions. So Cisco Live, keep up the good work. And a final note: The PDF material provided after attending Cisco Live is by far the most comprehensive and good technical reference material one can find. Even if I might not attend IRL on Cisco Live next year I will definately pay for the virtual pass, making me able to access the presentations online!