As you start blocking spoofed emails based on configuration from the previous post you may need to make a few adjustments to your Incoming Content Filter. One of the them is to change final action for spoofed email from Drop and Discard to Quarantine. This may be needed to store …
Category: Cisco
Recently there’s been an increase in e-mail scams in which the attacker spoofs a message from the C-Level executive and tricks someone at the organization into wiring funds to the schemers. FBI alert and this article go in a lot of details about this attack. My post will be about …
Recently due to several issues I had with Sourcefire 6.0 code, I went through downgrade exercise taking it back down to version 5.4. With Sourcefire, there is no simple way to roll back from one version to another. Configuration backup helps with Defense Center however Sensors can not be rolled back to the previous …
Cisco ISE has huge reporting section but only a few of the reports are useful to me. So the need came up for a flexible searching and reporting tool. Splunk seemed to be a great candidate especially since it has all the plugins available and Cisco Security Suite App adds …
Recently I’ve discovered that Apple i-Devices (iPhone’s and iPad’s particularly) will not work well when provisioned for EAP-TLS with Single broadcasted SSID. In my case device would successfully complete provisioning for certificate based authentication but re-authenticate again as PEAP. One of the workarounds was to forget SSID after provisioning and …