Re: Securing Greenfield Service Provider Clients

prevention? Thank you, CJ Get Outlook for iOS<https://aka.ms/o0ukef> From: Curtis, Bruce Sent: Friday, October 9, 2020 5:23:45 PM To: Christopher J. Wolff Cc: nanog@nanog.org Subject: Re: Securing Greenfield Service Provider Clients EMAIL FROM EXTERNAL SEND

Securing Greenfield Service Provider Clients

Dear Nanog; Hope everyone is getting ready for a good weekend. I'm working on a greenfield service provider network and I'm running into a security challenge. I hope the great minds here can help. Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an

Looking for an compromise of an enterprise network from a mobile device

Hello NANOG, I'm working on a presentation and need your help. I'm looking for a case study where a compromised iOS, Android or other mobile device was utilized as a backdoor to compromise an enterprise network. Any help will be appreciated. Regards, Christopher

RE: Application or Software to detect or Block unmanaged swicthes

David, If you are using a product like ISE/Forescout you could set up multiple layers of device identification prior to network authorization. For example, a user would need to spoof the results of a legitimate device to match the results of: -NMAP scan -Domain machine/user Auth -OID/MAC etc

RE: Application or Software to detect or Block unmanaged swicthes

Cisco ISE will accomplish this. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of segs Sent: Thursday, June 7, 2018 3:57 AM To: nanog@nanog.org Subject: Application or Software to detect or Block unmanaged swicthes Hello All, Please I have a very interesting

RE: Alternatives to ISE?

s -Moments where unable to add or see network devices -Profile rules are not catching certain hosts (even when you hardcode the OUI) I'm certain I'm forgetting a few but you get the drift. Yours in service, Christopher J. Wolff | Network Operations Information Technology & Innovation City

Alternatives to ISE?

I've about reached my limit with the dumpster fire that is Cisco's Identity Service Engine. Are there any reliable alternatives that do endpoint classification, central web auth, and .1x auth? Thanks in advance, Christopher

Re: Cisco ISE

to:jam...@mt.gov>> wrote: As would I. We are going to start a project that is replacing ACS 5.7 with ISE 2.X -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher J. Wolff Sent: Friday, October 6, 2017 2:41 PM To: nanog@nanog.org<mailto:nanog@nan

Cisco ISE

Is anyone successfully deploying ISE 2.X? I’m six months into it on about 10,000 endpoints and it seems like it’s a highly challenged product. I’d love to hear your experiences on or off-list. Thanks in advance.

Level 3 SIP trunking and E911

I've been informed by my Level 3 sales rep that the only way to make moves/adds/changes for Level 3 E911 is through the portal. This seems awkward since I have Emergency Responder which can link into products like Intrado. Are there any SIP/E911 folks from Level 3 that can clarify what my

RE: (Network Orchestrators evaluation) : tail-f vs Anuta vs UBIqube vs OpenDaylight

Haven't looked at Cisco DNA yet? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Kasper Adel Sent: Wednesday, August 9, 2017 8:02 PM To: NANOG list Subject: (Network Orchestrators evaluation) : tail-f vs Anuta vs UBIqube vs OpenDaylight