I have a partner asking about the underlying OS in ISE, and if there is any document(s) talking about the OS for ISE 2.x that I can reference for the hardened linux kernel?
Alex, we don't share specifics, but any unnecessary linux packages are removed and we implement firewall rules that only allows necessary traffic. Also, we have CLI features that can be implemented by customer to harden ISE further:
- conn-limit: To configure the limit of incoming TCP connections from a source IP address