What if...

English: Michael Dell speaking at Oracle OpenWorld, San Francisco 2010 (Photo credit: Wikipedia)

What if Michael Dell was right?

 

The biggest tech companies are struggling in a crisis that seems not to have a end.

Cisco, HP, even Microsoft have announced layouts and reduction of employee. We can say this is a common issue for a moment of crisis, companies need to rise up ROI and cost reduction is a key factor. It’s also undoubted that laying off personnel is the easiest way to reduce costs.

But is this crisis just a matter of costs and ROI? or there are deeper reasons that are hitting those companies?

The economical crisis is just one of the many problems some tech companies are experiencing, from my point of view the main reason for the crisis is not just financial, but lays in a deeper problem: technology innovation and identity.

In the last years we saw a dramatic change in users behaviour and technologies, some new kids traced the route while the old giants struggles to follow.

Problem number one here, they become follower and not leader, and when you’re a big guy following is hard because you can’t hide nor run.

The company that invested in technologies, creating consensus and making things happen like apple or google traced a hard path to follow, they mark their identities to new and cool paradigma. Samsung was quick and efficient to jump on the train and using the same tools of innovation and “coolness” of the products conquer a market.

HP and Cisco on the contrary haven’t been able, till now, to redesign their identity into something different. Old products, old technologies, old communication…. If we’re take a look at what is happening in HP and Cisco right now we see cost reduction but we cannot see a real plan, a strategy a vision.

Dell forced his company to take a direction, hope will be successful because his courage has been amazing. He wanted to give a multi year vision and a clear position. we’ll see if time will give him the success he deserve. But to do this he was forced to take a decision, make Dell private again so to choose a direction and follow it even if the stock market is looking for different things at the moment.

What is the path for HP and Cisco?

The technology market has changed, it is changing. the Box and Hardware selling that has made the fortune of the two companies is reaching it’s limit, We so not change core switch every year unless there is a real technological change, and server and storage are not so different that the ones of 5 years ago…

While Cisco and HP looks for an identity Microsoft seems to have found again its will to succeed planning a transition that could change the face of the company. Again this is a technological and identity point. Cloud, Service and multiplatforms seems to be the new Microsoft mantra and we could expect that big “M” developer tools (that made the fortune of Microsoft OS) will soon be able to accomplish the new vision that the new energetic CEO is giving to the company.

 

Related articles

 

• After Going Private, Dell Isn’t Looking Back
• Michael Dell lays out his plan
• Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
• Dell bets on its end-to-end datacentre infrastructure strategy
• Dell opens Internet of Things Lab
• EMC, HP Deal Could Still Happen, Says Source; Cisco, Oracle into the Mix
• Opinion: EMC-HP merger rumors a microcosm of an industry in crisis
• What if…

 

Looking for a new career opportunity

Dear All,

As you may know I’m looking for a new career opportunity.

Many of you knows me because we have been working together in Europe or USA in one of my previous work experiences, including Cisco, Ironport, Symantec, BrightMail, Mondadori Informatica and so on, or met in conferences and events.

With over 16 years of experience in the leadership of IT product development, project management, marketing, and representation and as a reputable and renowned contributor to the tech industry particularly within the security community, I think I have often provided outstanding results and proved my soft and technical skills, but the situation now force me to ask for support.

 

If you know of any position I could be right for I would really appreciate if you could share it with me, I would prefer an EMEA position (would allowed me to move from home to work without relocate) but anything could fit my skills would be appreciated.

Thank you for your support and wish you all the best

Antonio

 

Diary of an acquisition part1

Ok I know many of us experienced this kind of trip once in a lifetime.

I have travelled acquisition a lot of times, when mondadori informatica was absorbed  by the mother comany mondadori, when brightmail become part of symantec, when symantec acquired veritas software and moved all european management to veritas, and at the end when cisco systems acquired Ironport.

All acquisitions means change and most of the changes are not well accepted, but I’m a long traveller on the seas of IT company and I’m quite used to changes so what has meant to me an acquisition?

The last the better, They use to say, and so I will talk about my experience from IronPort to Cisco, it will be useful to me to analyze what have happened and what means to me.

Chapter one: I used to be happy
Geez guy life in a succesfful startup is great.
I know lot of work and respnsability, but there is a sense of team, a common vision that ispire and drive us towards results.
Usually managers  and company expert use to say that a company is made by it’s people, well it is not the truth for big groups, where roles are usually overtaking the human part, but it is the truth for startup.

For the good or for the bed we’re on the same ship, take risk together and win or loose together. Ok better spirit when you win that when you loose of course. 😉

It was amazing working in IronPort, people was nice and supportive, and they give you that strange feeling like you can make a difference. Sometimes you have had something to complain (who does not) but at the end the humanity was very satisfactory…. And I have had a lot of fun and success.

One of the reason was the product, the email security appliance from IronPort was and it is still now the state of the art in this kind of tecnoogy, the other was the team: Domenico wasis a sales war machine, the partner were so focused and the comany were listening customer needs and react prompty to customer needs and market changes.

Very very good indeed, a strong team, a strong company a strong product: goals were accomplished and overachievement was “easy”.

Lot of work, and was all in one, technical, consulting, sales, marketing, pre and post sales. Fun fun and fun. 🙂

Is Big C missing the point on security?

Image via CrunchBase

Big company are really suited for security? This is what comes to my mind when we see what Cisco, HP and Co. do when we talk about security.

Are they really able to focus on the innovation and development that security require? I  can talk about what I know so i will express my mixed feeling about Cisco and Security.

For long times Cisco has not been perceived as a big player in the security space, beside the fact PIXASA is the most sold firewall in the world.

But honestly we should not only consider the magnitude of the numbers but also why and how companies buy a product. Alas seems to me that ASA success blind Cisco eyes to the reason where sold so many pieces… ASA wasis seen as a commodity. when you buy some million hardware equipment you can also add some ASA, they cams with the flaw.

So Cisco has never really realized what security selling is, but sold a lot so why do not expand the business. As ususal when you want to expand the business the first thing you do is to acquire someone, like Ironport for example, and Scansafe. but then?

To be honest this is not only a Cisco Issue : acquisitions seems to be the mainstream activity of those years in security, everyone think that becoming bigger will means to be stronger… not sure it is always the truth….

But to be successful in security require a log term plan, investment and specialized people in sales and technical aspects. And security is not just a product is a stream of solution that have to address something.

So let’s take a look at Cisco offering to understand if we can find any trace of this vision.

Cisco presented it’s Borderless Network Vision replacing the “old” self defending network message in order to push the acceleration in new network and security equipement sales.

The core fo the message was, lan has no more borders, so you have to change your way to think. I think the message is right and appropiated and Cisco made several progress in terms of product and technology to accomplish the new vision.

But what has never been clear to me is which kind of security is intended in Cisco for a borderless world? just to make some few example:

Application security

Well here is where i am most confused, apparently with the EOLEOS of the ACE XML gateway Cisco has, reasonably, decided to leave this field to someone else.

Application security, when intended how to protect a customer that is delivering services is a really nasty job. too many things to work on. it was a niche area and require too much investment.

What is not so clear to me, on the other end, is why Cisco abandoned also the Ddos and dos prevention field. They apparently have had the technology that could be used (I mean CIO, Reputation and so on…) but they simply does not explored that side. This is quite funny since Ddos and dos attach have been the mainstream attacks those last years (anonymous remind you anything?).

On the other end we have to admit that there are hard to beat product out there, and if I should look for a anti dos solution i would probably go to Radware.

Pity with the IPS the path seemed correctly planned, with the introduction of the global correlation….but IPS is nor enought nor an application security device.

End User Security

Here Cisco made some big investment, Ironport, Scansafe just to name the most renewed. but acquire a company is enought? after 7 years we’re still waiting for a complete integration of the product into cisco environment, implementation of “simple” features are still waiting. the general overview is that the company does not know where to go and how to go there. The historical difficulty of Cisco to adopt consistent management interfaces is quite clear when we see what happened to Ironport technology and the rest of the products. Still WSA is not able to talk with scansafe (bluecoat can, sigh) and even ASA has not been provided of a decent Scansafe connector yet.

So beside the products are intrinsically good (and the Gartner review show it quite evidently) what seems to be lacking is a project and a future. will they survive? or will they disappear?

On the End user security side we have seen also some weird moves that pissed off the market, think of the recent Linksys Router affair and the “cloud” management interface.

But I can understand that a big network equipement vendor has problem to understand the end user side of the equation, think also outside the security space with the CIUS and Flip….

Another indication that Cisco still not have a clear vision of the end user security space is the lack of basic feature like the Microsoft (c) AD multirealm support. No chaps Radius is not the solution, nor even Tacacs+

We have also some weird duplication like the ASA module to make application visibility and control (CX module) vs the Application visibility and control on WSA and Scansafe.

I’m not interested right now to go on detail but…guys where you want to go? where is the plan here?

Access Security

Here we have seen the most interesting moves, the new ISE product, the ASA improvements, the new Anyconenct are great products and good moves in this space.

Ok some of those, like ISE, are still new and need to growth, but seems the right direction to follow. and I have to admit that if correctly developed Trustsec will be a Winner technology. Just hoping that Cisco PM will understand that the point is to make things easier….

Data Center Security

er VSG, Virtual ASA? is anyone outside a few people in Cisco that are able to understand and explain what are those things? (I mean, of course we need both? what are the differences…..). And the rest?

Cloud Security

can cloud services as scansafe and cloud ironport email service be considered cloud security? or will be the new generation of virtual appliances that will cover this area? please can someone en-light me?

Just at a first overview, and not going product by product, seems quite clear that there still not a vision of what would be the approach in security by Big C, and considering the recent budget cuts I hardly see a bright future for the security in Cisco. We will continue to see great products with useless one, weird choices and a overall confusion cloud (so something in the cloud space is present).

Beside the marketing message seems that most of the promises are still waiting to be taken in consideration by Cisco, and in this field (security) where things change so quickly not to decide and not to act means to loose.

Is still security an Opportunity for Cisco? I do not think so, Big C, with a few product exception, can be a good follower, and when the market and the economy will allow they will buy something to claim to be the state of the art technology but without a consistent project we will see only randomly good product that, by the way, is not a bad thing per se.

But for Cisco will be hard to accomplish the BN vision and the other claim, one vendor is better, because at the moment it seems that, at least in the security space,  there is not a real difference to buy only Cisco product or from other vendors in terms of manageability, integration and development.

we’ll se what will happen soon.

A

 

Related articles

• Cisco releases Updates for ASA, ACE, VPN (laws.qualys.com)
• BYOD, Mobility, and Remote Access VPN – How Can I Troubleshoot All These Technologies and Solutions? (blogs.cisco.com)
• Cisco patches vulnerabilities in VPN client, security appliances (networkworld.com)
• Cisco @ VMworld 2012 (blogs.cisco.com)
• Hackers can break into your Cisco TelePresence sessions (zdnet.com)
• Cisco Router Software Connects Enterprises to the Cloud (pcworld.com)
• Gartner: Don’t trust cloud provider to protect your corporate assets (networkworld.com)
• Cisco snaps up stealthy security startup Virtuata (venturebeat.com)
• UPDATE: Answering Our Customers’ Questions about Cisco Connect Cloud (blogs.cisco.com)
• Cisco Patches Vulnerabilities in VPN Client, Security Appliances (pcworld.com)
• Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability (seclists.org)
• Cisco warns of major vulnerabilities in TelePresence kit (go.theregister.com)
• As Hooper Leaves Cisco, Warrior Adds Strategy-Chief Role (snspost.com)
• Cisco closes holes in its VPN client and security appliances (h-online.com)
• Cisco’s Real Problem Is Way Bigger Than Europe (CSCO) (businessinsider.com)
• The Cisco security directive (networkworld.com)
• CBT Nuggets Cisco CCDP ARCH Design 642-873 (hazimsos.wordpress.com)
• Cisco’s loss is Palo Alto Networks’ gain (mercurynews.com)
• More From VCE At Cisco Live 2012 (chucksblog.emc.com)
• Cisco acquires Virtuata (zdnet.com)
• ScienceLogic at Cisco Live!: Padmasree Warrior Prepares for IT Management Mega-Trends (sciencelogic.com)
• Cisco buys Virtuata to beef up VM security (gigaom.com)
• Cisco ONE as the Bridge Between Apps and Infrastructure (blogs.cisco.com)
• Is There a Standard Definition for BYOD? (blogs.cisco.com)
• Freeing your router from Cisco’s anti-porn, pro-copyright cloud service (arstechnica.com)
• Cisco dumps Ogilvy… Hires Goodby! (adscam.typepad.com)

Things always gonna change :)

Cisco Systems Logo (Photo credit: Wikipedia)

There are times when things changes even if you were not planning it. This is what happened to me lately, things does not go alwaysas planned   but just happened.

I were not planning to have a tumor in my right arm this year (see related post if interested) and I were not planning big changes but…

I’m no more in Cisco, and i have to honestly say that it brigs me a lot of mixed feeling. I have met great people there, starting form my adventure in Ironport with the crazy gang: First Domenico and Patrice, then Angelo and Daniele … what a time and so fun 🙂 and what the other crazy people from the rest of europe? I’ll miss all of them, but Alberto and Armando will have a special place as friends :).

We made things rolling. I cannot forget the Latin american connection with Jose (a Mexican in Canada) and Dario (a tech guy that embraced the dark side, sales) exchanging jokes and silliness.

Then comes Cisco and it was a hard trip, exciting form many point of view.

I met impressive people like Marcello, Marco,  Armando, Luciana, Mauro and so many more, I’ve been blessed working in a great group with a great manager (thanks Colin) and a great group.

The human part of my Cisco experience has been great and fulfilling, and i honestly will miss a lot of people. But as I say things change, and Cisco direction does not match anymore with my target. I did all i could, but is time to move on, can’t fight against my own company so better not to ask to a giant to see a fly point of view 😛

Now that I’m again “free” (sound better than other expression, I will recollect my ideas and dedicate a little more time to consultancy, and my blogs and then see what this world has still to offer to a security guy.

Cheers

Antonio

 

ISE basic installation and configuration. Part 2

Image via CrunchBase

When something can go wrong it will, at the end our friend Murphy was right. So I passed the day to to solve a weird problem, and I have to thanks a couple of colleagues of mine that were able to sort out what was wrong.

By the way at the end I survived the effort and after a whole day of troubleshooting I just reinstalled the appliance from scratch and everything worked.

The Web Interface

 

Now we can go on and see what we can do.

open a supported browser and go to:

http://<IP address or host name>/admin/

once we have installed the appliance we can finally log I to the web interface that looks like this:

enter the credentials you have created to login.

the interface is quite clean and clear:

with a dashboard reporting the main index and with menu on the top that refers to the various function and operations you can perform on ISE.

 

on the right upper part there is the Task Navigator that show some standard “wizard style” task to perform.

 

Task Navigators do not retain information about the tasks you have completed. It is a visual
guide that takes you directly to the user interface screens where you perform its related tasks.

the tasks are:

• Setup—Perform the first part of the Cisco ISE setup process.
• Profiling—Profile endpoints.
• Basic User Authorization—Establish basic user authorization.
• Client Provisioning and Posture—Configure client provisioning and posture.
• Basic Guest Authorization—Establish basic guest authorization.
• Advanced User Authorization—Establish user authorization, along with client provisioning and posture.
• Advanced Guest Authorization—Establish guest authorization, along with client provisioning and posture.

ok it’s late and my arm hurts like hell so I will continue in the next post

Related articles

• ISE basic installation and configuration. Part 1 (aitechupdate.wordpress.com)
• Configure cisco ISE for Cisco Access Points (aitechupdate.wordpress.com)
• Configuration management benefits for everyone – Rudder @ FLOSSUK Spring Conference 2012 (slideshare.net)
• Ise Training day 2 (aitechupdate.wordpress.com)
• Cisco ASA CX – Next Generation Firewall? Or Star Trek: Enterprise Firewall? (networkingnerd.net)

Ise Training day 2 « The Puchi Herald: A.I. Tech Update

Ise Training day 2 « The Puchi Herald: A.I. Tech Update

Ise Training day 2

March 20, 2012antonio ieranoEditLeave a commentGo to comments

Ok my turn to talk today:  We talked about one of the most interesting features of ISE, profiling.

Worth to explain a little what profiling is, and what discovery and classification means. it is a very useful and powerful engine but it needs to be understood, also on what it means and why should be used.

other great new, finally  ise 1.1 is available on CCO, worth the upgrade absolutely.

http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html

new stuffs:….

Related articles

• APTs, hacktivists have organizations in their crosshairs (portadiferro2.blogspot.com)
• Cisco study finds The Who was right! (portadiferro2.blogspot.com)
• Members of Congress Download A Lot of Illegal Torrents (portadiferro.blogspot.com)
• Cisco slurps News Corp’s telly software biz for $5bn (go.theregister.com)
• Anonymous Plans To Take Down The Internet? We’re Being Trolled (portadiferro.blogspot.com)
• City of Sacramento Website Hacked (portadiferro2.blogspot.com)
• Fingers Itch for a War on Iran (portadiferro2.blogspot.com)
• Chambers Reinventing Cisco, Or Recycling Tactics? (informationweek.com)
• New Cisco CCNA Certification Targets Service Provider Installs (crn.com)
• Configure cisco ISE for Cisco Access Points (aitechupdate.wordpress.com)

Configure cisco ISE for Cisco Access Points

Let’s say you have been asked to configure ISE to allow secured network access for Cisco Wireless Access Points.

To do so you should :

· Enable the ISE endpoint profile for Cisco Access Points

· Configure an Authorization Profile and Authorization Policy rule for Cisco Access Points

· Review the access switch configuration to authorize an access point using MAC Authentication Bypass (MAB).

· Verify proper authorization of a Cisco Access Point based on ISE policy

 

Login to ISE

The ISE Home Dashboard page should display. Navigate the interface using the multi-level menus.

Configure the Profiler Policy to assign endpoints matching a Cisco Access Point profile to an Identity Group  called  “Cisco-Access-Points” .

Navigate to Policy > Profiling and select Cisco-Access-Point from the list of Endpoint Policies, verify that the policy is enabled (Policy Enabled checkbox is checked) and check the option Create Matching Identity Group.

Do not forget to save otherwise it will not work

Now define an Authorization Profile for Cisco Access Points.

Navigate to Policy > Policy Elements > Results and double-click Authorization to expand its contents.

Select Authorization Profiles from the left-hand pane and click Add from the right-hand pane and enter the values for the Authorization Profile as shown below:

Attribute	Value
Name	Cisco_Access_Points
Description	Permit access to Cisco Access Points
Access Type	ACCESS_ACCEPT
Common Tasks
DACL Name	[ ✓ ] PERMIT_ALL_TRAFFIC
VLAN	90 (or 1:90)

The resultant Attribute Details should appear at the bottom of the page as the following:

Access Type = ACCESS_ACCEPT Tunnel-Private-Group-ID = 1:90 Tunnel-Type = 1:13 Tunnel-Medium-Type = 1:6 DACL = PERMIT_ALL_TRAFFIC

finally click Submit to apply your changes.

Now we should configure a new Authorization Policy rule to assign the new Cisco_Access_Points profile to endpoints that match the Identity Group named Cisco-Access-Point.

To do so go to Policy > Authorization and insert a new rule below the Profiled Cisco IP Phones rule as shown in the policy table below. Use the selector at the end of a rule entry to insert or duplicate rules.

Enter the following values for a new rule named Profiled Cisco Access Points:

Status	Rule Name	Identity Groups	Other Conditions	Permissions
	Profiled Cisco IP Phones	Cisco-IP-Phone	–	Cisco_IP_Phones
	Profiled Cisco Access Points	Cisco-Access-Point	–	Cisco_Access_Points
…

 

Don’t forget to  Save when finished making policy updates.

Hint: Verify proper authorization of the wireless access point.

check the status of the port, eventually give the No Shut command in the configuration mode for the selected interface.

check the auth status with:

cisco-access# show authentication sessions interface gi0/x

or

cisco-access(config-if)# do sh auth sess int gi0/x

keep in mind you could need a few minutes to allow the result to be shown (between bootstraps and stuffs…)

To display the current dACL applied to the interface using the command show ip access-lists interface GigabitEthernet 0/3. The output should appear similar to the following:

cisco-access(config-if)# do sh ip access-list int gi0/3 permit ip host 10.1.90.100 any

 

To verify the Cisco Wireless Access Point authentication in the ISE go to Monitor > Authentications log:

S	Username	Endpoint ID	IP Address	NAD	Device Port	AuthZ Profiles	Identity Group	Event
✓	#ACSACL#-IP-PERMIT_ALL_TRAFFIC			3k-access			Authorize Only	DACL Download
✓	nn:nn:nn:nn:nn:nn	nn:nn:nn:nn:nn:nn	10.1.10.100	3k-access	Gi0/3	Cisco_Access_Points	Cisco-Access-Point	Auth Succeeded

Note: The access point periodically attempts to renew its IP address if no network connectivity. The default port ACL on the switch allows access to DHCP services, so the access point initially receives an IP address in the default access VLAN 10 (10.1.100.10). Once authorized for VLAN 90, the access point will renew its IP address in the new VLAN (10.1.90.100).
The authentication event in the above log reflects the IP address learned at the time of authentication. The access list applied to this session reflects the final endpoint IP address using variable substitution of the “any” value in the dACL’s source IP address.

Related articles

• California Schools Deploy Wired/Wireless Solution Cost-Effectively (blogs.cisco.com)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers (netsecurityit.wordpress.com)
• Revving for the Mobility Race (blogs.cisco.com)
• Cisco launches new Aironet wireless access points; Eyes more spatial streams (zdnet.com)
• Cisco first out the door with next-gen hotspot (gigaom.com)
• Cisco rolls out 4×4 MIMO Wi-Fi access point (nfcdata.com)
• Wireless access point with updates (ask.metafilter.com)
• Cisco rolls out 4×4 MIMO Wi-Fi access point (fiercebroadbandwireless.com)
• PCProfile Releases New Wi-Fi Software to Reduce Risk of Bandwidth Theft (prweb.com)
• Cisco Aims Wi-Fi Access Point at iPad Profusion (pcworld.com)

PostOffice: New Cisco securtity report

Image via CrunchBasePostOffice: New Cisco securtity report

Related articles

• Cisco debuts ‘private cloud’ controller (networkworld.com)