Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Ctrl Z

#1
Forum Lobby / Re: Current frustration...
May 04, 2017, 07:35:33 PM
Quote from: ristau5741 on April 20, 2017, 08:34:13 AM
got an email system for that, using categories in outlook, categorize things I need to work on via email responses, either hot (red), medium (yellow) or low(green) placed in a sub-solder, and rotate through on a first come first serve basis, so when all my hot stuff gets to a point where I can no longer work on stuff, e.g.  waiting on others for something, I start on the medium stuff, then move to the low, I refill the queues first thing, and then again at lunch, after lunch I'll start working on the hot stuff again. don't hit the low queue too often, but then that's the point, it's low priority anyway.

Beautiful. I'm going to start doing this!
#2
Security / Re: NMAP and HP Printers
May 04, 2017, 07:21:42 PM
All concepts I'm very familiar with, just never heard of any place that re-profiled devices anywhere near as often as you're doing.

Personally, I prefer to approach it by limiting access to/from the connected endpoint with the idea of minimizing the impact of any endpoints that might get compromised/spoofed/disgruntled employee/etc. I'm also combining that with netflow data to try and identify suspicious behavior. I say try because as always, these things take a massive amount of initial tuning and constant on-going tuning to minimize the number of false positives and false negatives.

I always try to approach NAC and network security in general with the perspective of "how would I protect this network from myself, if I got fired tomorrow" then try to protect against that.
#3
Security / Re: NMAP and HP Printers
May 04, 2017, 04:47:48 PM
You could always limit the attack footprint of the printer by only allowing HTTP/HTTPS access from printer admins and the NAC NMAP scanner, etc. Perhaps that would allow you to scan less often.

Question about your point where a device/user gains certain network authorization based off of initial device profile then somehow changing it's device profile while still keeping the original network access. I guess I'm failing to see a real world scenario where a NAC product wouldn't already be handling the scenario without re-profiling the device so frequently. Could you elaborate?
#4
Security / Re: NMAP and HP Printers
May 02, 2017, 03:30:06 PM
Do the scans seem to have a cumulative effect on the printers? Meaning, is the problem only during an NMAP scan or does it persist even after the scan is complete?
#5
Security / Re: NMAP and HP Printers
May 02, 2017, 12:28:21 PM
I do the same thing with printers, including HP printers. Never noticed nor heard of any issues related to it though. But I'm not scanning the printers very often either.
#6
Security / Re: NMAP and HP Printers
May 01, 2017, 08:12:38 PM
I'm curious. Why are you fighting this battle with them?
#7
Very interesting. I'd like a copy if you don't mind. I already have some ideas to customize it already.
#8
Security / Re: Breach Recovery
March 28, 2017, 01:54:34 PM
They've probably been part of a botnet for awhile now.
#9
Forum Lobby / Re: Current frustration...
March 22, 2017, 12:19:33 PM
Quote from: Otanx on March 22, 2017, 11:07:01 AM
My new frustration - In a load balancing configuration what would you think src-ip-hash option would do? Would you change your mind if I told you there was also an option called src-ip-only-hash? Just like taking a multiple choice test. Read all the answers and pick the most correct one.

I can see how that might cause a lot of people to use the wrong one.

The problem with the multiple choice test is if you don't know all the available options, someone might think they were making up fake options to throw them off.
#10
I got my hands on APIC-EM with the IWAN app for an IWAN deployment. It was a horrible mess at the time, about 1.5 years ago. I've been following the release notes and might upgrade to the latest version and play around with it again soon.
#11
Everything Else in the Data Center / Re: Cisco ISE
March 10, 2017, 12:39:53 PM
ISE can do a lot of things, if you can narrow down what it is your organization is going to do with ISE it'll be easier to get up to speed. Are you getting ready for 802.1x deployment, are you needing to setup just guest wireless at the moment, or you just needing to learn the ACS replacement portion?
#12
Security / Re: Thoughts on packetfence?
February 28, 2017, 03:48:10 PM
Quote from: deanwebb on February 28, 2017, 01:09:46 PM
I would STRONGLY recommend a third-party 802.1X supplicant for Windows. The one Microsoft ships is NOT production-ready.

I'm just curious, what are some of the biggest issues you've run into using the Windows supplicant?
#13
snmp trap link-status Will only send traps notifying you of link up/down.


I believe mac address-table notification mac-move will only send a syslog message. I'm not aware of any equivalent for snmp traps related to mac moves on NX-OS but the NAC product you're using should be able to use syslogs right?
#14
Security / Re: NAC Project Guide
December 12, 2016, 11:59:34 PM
My biggest headache with NAC has been trying to get the first levels of support to go through their checklists before kicking it up to me.

Did you verify the Zero Wired Autoconfig service is running? Nope.
Did you check that the machine has the correct 802.1x configuration settings applied? Nope.
Is the printer configured with the settings required to pass profiling? deer in headlights look.
Where's your checklist? What checklist?
#15
Late reply  :mrgreen:

I did something like this once but it was pretty platform dependent. Using an F5 VIP you can enable route advertisement for the VIP /32, but only when all virtual servers using that VIP are available. Then use OSPF on the F5 to advertise the VIP into the network.

VIP goes down, F5 withdraws the route from OSPF. VIP comes alive, F5 advertises the /32 through OSPF.

If this wasn't for an F5 then forget everything I said.