Cisco Tac Security Podcast Series

This episode focuses on the Network Admission Control (NAC) appliance, with special guest Nevin Absher from the Cisco AAA TAC Team in RTP, NC. The discussion starts with a basic introduction to how network administrators can use the NAC appliance to control access to the network in various deployment scenarios. The discussion then moves to NAC deployment and operation best practices as well as specific issues that some administrators encounter when deploying the solution, and how to avoid them. NAC troubleshooting methodologies and techniques are also discussed.

In this episode the team highlights some of their favorite Cisco ASA and IPS one-line commands, and explain when to use them and how to interpret the output. In the show notes for the episode, we give sample output for each command.

The panel discusses the Cisco Support Community and the benefits it offers to Cisco customers, partners, and Cisco employees. Online discussions, collaborating on technical documents, as well as blogs and technical videos are discussed. Then, the group answers interesting questions raised by the community about the Cisco Advanced Security Appliance and Intrusion Prevention System.

The panel discusses the concept of a SQL Injection Attack, and explains how this type of attack can be mitigated using the Cisco Adaptive Security Appliance (ASA), Cisco Intrusion Prevention System (IPS) and Cisco Zone-Based IOS Firewall (IOS Firewall). A real-world proof of concept is discussed, along with specifics about the various configurations required to stop the attack.

This episode is all about digital certificates and how they can be used on the ASA and IOS platforms. The discussion starts with the basic concepts behind certificates and PKI, as well as the motivations for using certificate authentication. The discussion continues with best practices (such as backing up keypairs and trustpoints) and common customer problems and TAC cases.

This episode focuses on TCP connections through the ASA and FWSM platforms. The panel discusses the TCP security checks performed by the Cisco firewalls and how to modify the TCP settings to adjust the firewall behavior for specific network conditions. TCP throughput optimization, techniques for monitoring TCP connections, and some common TAC issues are also discussed.

The panel discusses the http filtering capabilities of the ASA platform including custom http inspection, url-filtering, wccp configuration and the Content Security Control (CSC) Module configuration and troubleshooting.

Learn how to increase the security of Cisco routers. The panel discusses operational best practices and use of features such as authentication, authorization and accounting (AAA), control-plane policing, syslogging, configuration archiving, password types and Cisco IOS Embedded eEvent Manager.

The ASA AnyConnect client is the next evolution in Remote Access VPN connectivity. In this episode the panel discusses the advantages of the AnyConnect client, strategies for migrating from the IPSec VPN client to AnyConnect, and package deployment tips. Additional topics include troubleshooting techniques, common AnyConnect problems, and methods for monitoring AnyConnect usage.

The panel discusses the features introduced with the new Adaptive Security Appliance (ASA) version 8.3. Information about the differences between 8.3 and previous versions, new memory requirements for version 8.3, as well as information about the upgrade process are discussed.

This episode features conversation about the multiple context mode available with the Firewall Services Module (FWSM) and Advanced Security Appliance (ASA) platforms. The pros and cons of multiple context mode are discussed, along with some common deployment scenarios, best practice design considerations, and issues faced by customers who contact the TAC.

In this episode, the panel reviews the application protocol inspection features available on the ASA platform. The individual operation and features of the protocols are discussed.

The panel reviews techniques and methods for monitoring firewall performance and identifying performance problems.

Learn helpful study techniques, time management, and test taking strategies for the CCIE Security Exam.

The panel of experts discusses the software version terminology and release process for the ASA, PIX and FWSM platforms. The episode then continues with part 2 of troubleshooting firewall failover.

Guest speaker Omar Santos from the Cisco PSIRT team discusses how Cisco handles product security vulnerabilities. Then the panel discusses the failover functionality of the ASA, PIX, and FWSM platforms in part one of our discussion of firewall failover, which spans two episodes. The next episode focuses on troubleshooting failover problems.

In this episode, the panel discusses the lifecycle of a TAC service request, how customers can help expedite case resolution, and configuration and troubleshooting of transparent firewall mode on the ASA and FWSM platforms.

In this episode, TAC engineers discuss how they use the Cisco labs to solve customer service requests. New features introduced with ASA version 8.2 are also discussed.

In this episode, Cisco TAC engineers discuss the new RSS feed for customer issues currently being seen in the TAC. Learn how to resolve connectivity issues using the packet capture utility built in to the Cisco Adaptive Security Appliance (ASA), PIX Firewall, and Firewall Services Module (FWSM) platforms.