Welcome back! Today we're diving deep into one of the most misunderstood (and frankly, confusing) aspects of Cisco Secure Access – the decryption decision flow. If you've ever scratched your head wondering why IPS and SWG (Secure Web Gateway) have separate decryption settings, or why your Do-Not-Decrypt (DND) lists seem to behave differently depending on which entry point your traffic takes, then...

Welcome back! In this entry, we're diving into one of the most compelling features of Cisco Secure Access – Clientless Zero Trust Access, or as I like to call it, "the VPN killer that actually works." If you've been following along with our zero-trust journey, you know that the traditional perimeter-based security model is about as effective as a screen door on a submarine. So, what's the...

Welcome back to our exploration of modern zero trust technologies! In this entry, we're going to pull back the curtain on Cisco Secure Access and examine how Zero Trust Network Access (ZTNA) client traffic steering actually works under the hood. If you've been wondering how your private applications and internet traffic know which path to take through the Secure Access cloud, you're in for a...

Hey there! The Cisco Catalyst 9800 Series Wireless LAN Controllers (WLCs) are pretty awesome, and one cool trick up their sleeve is the Always-On Tracing feature. It’s a total lifesaver for figuring out what’s going wrong in your wireless network. Let’s break it down quick—what it is, how it works, and why you’ll love it!

It’s been a long time coming. I’ve been searching for a reason to do it…and I finally did it! I solved my first real world networking problem using automation!

I know, I know. The many of you out there who do this every day all day don’t care, but for me, someone who is an expert network engineer and a n008 at python (programming in general), I’ve been waiting for the day that it made sense to...

As you saw in a previous post, DHCP Hacking Made Easy, poorly configured networks can serve as an attack vector for “The Attacker”. In this entry, we continue this exploration with another dead simple attack on the network, ARP spoofing. ARP is the protocol responsible for informing hosts within a given LAN, which IP addresses belong to which MAC addresses. What happens when we provide bad...

Poorly configured networks are vulnerable to many attacks. Easy attacks. In this blog we will demonstrate how easy it is to perform a DoS attack on a DHCP scope. Afterwards, we will remediate our poorly configured network devices with a security feature that you should include on every deployment to protect against this type of attack.

Everyone’s Favorite

Anyone operating a PKI or an application whose functionality requires one, can attest to the ever-increasing amount of time spent keeping certificates up-to-date and compliant with the contemporary cryptography standards. When certificates expire, things break. When cryptography standards evolve, things break. For these reasons, the typical network/systems operator may find it...

Endpoint Captive Portal Detection - Why?

This blog assumes that you have a general understanding of ISE Central Web Authentication. Endpoint Captive Portal Detection plays a critical role in improving the end-user experience when connecting to a captive portal protected WiFi network, such as an ISE CWA protected WiFi network. The captive portal detection brings to the attention of the user that...