Author Archives: Paul Stewart, CCIE 26009 (Security)

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.

Using Geolocation in Firepower Access Control Policies

The use of geolocation is fairly obvious in monitoring networks with Firepower Management Center. What may be less obvious is that Continents and Countries can also be specified as the source or destination of connections in an Access Control Policy. … Continue reading

Posted in Security | Tagged , | 2 Comments

Capture w/Trace in Firepower Threat Defense

A few days ago I wrote an article demonstrating the Packet Tracer feature for troubleshooting Firepower Threat Defense. Another very cool tool for troubleshooting is the Capture w/Trace Feature. The power of this tool comes from both capturing a PCAP file … Continue reading

Posted in Security | Tagged , | Comments Off on Capture w/Trace in Firepower Threat Defense

What is FlexConfig in Firepower Threat Defense?

Earlier this year, Cisco released Firepower 6.2.0. With that release came a feature called FlexConfig. Someone is digging around the UI might not initially understand the purpose or function of this configuration option. A really quick answer to this is that … Continue reading

Posted in Security | Tagged , | 4 Comments

NSSA with Default Route vs Totally NSSA

A question recently came up on CLN about the differences of NSSA with a default route and a Totally NSSA area. The community member was asking if there even was a difference. This is a short example that demonstrates what the … Continue reading

Posted in invis | Comments Off on NSSA with Default Route vs Totally NSSA

The Real Need for Cybersecurity

According to the US Department of Homeland Security, “Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace.” Digital infrastructure has infiltrated most aspects of our daily lives. When you start thinking about this in … Continue reading

Posted in Security, Technology | Tagged , | Comments Off on The Real Need for Cybersecurity

Three Issues of Being a Part-Time Security Professional

In Information Technology, we commonly hear the mantra of “doing more with less.” That may sound great, and in some cases it can actually be beneficial. It obviously drives the requirement of streamlining performance and the simplification of processes. It … Continue reading

Posted in Security, Technology | Tagged , | Comments Off on Three Issues of Being a Part-Time Security Professional

Using iTerm2 with Cisco VIRL

I love using VIRL to do quick self-check of a config, personal education, and learning the behavior of particular features. I also love using the iTerm2 Terminal Emulator on the Mac. Unfortunately, it isn’t obvious how to make the two play … Continue reading

Posted in Uncategorized | Comments Off on Using iTerm2 with Cisco VIRL

Amazon Delivery, Not a Fully Implemented Process

Those of us who work in technology see the need to take expensive, time consuming and/or mundane activities and convert them to streamlined automated processes. Ideally we improve these to the point that they improve accuracy, provide a better experience and … Continue reading

Posted in Uncategorized | Tagged | Comments Off on Amazon Delivery, Not a Fully Implemented Process

Packet Tracer in Firepower Threat Defense

I wanted to share a quick post on a feature that I have found incredibly useful on the ASA and has been extended to Firepower Threat Defense. The feature is called Packet Tracer and is an easy way to apply … Continue reading

Posted in Security | Tagged , | 1 Comment

Simple Python Script to Read from Device

There’s a lot of talk about network programmability and I recently had a simple use case that surfaced. The goal was locating a serial number in Cisco Devices. Basically, a script is required that will do the following. Process a … Continue reading

Posted in Uncategorized | 2 Comments

Latest Ransomware Techniques Show Need for Layered Security

I think everyone that touches security has had multiple conversations about the hardened edge and soft center, commonly found in networks. This usually accompanies some discussion around the overlapping concepts of difference in depth, layered security and security ecosystems. It … Continue reading

Posted in Security, Technology | Tagged , | Comments Off on Latest Ransomware Techniques Show Need for Layered Security

New Podcast for the Podcatcher – The Network Collective

I am giving a great big shout out to a new community podcast. The Network Collective is only five session in, AND it is a great podcast. I’m looking forward to catching many future episodes. Episode 1 – Top 10 Ways … Continue reading

Posted in Uncategorized | Comments Off on New Podcast for the Podcatcher – The Network Collective