Currently we are authenticating user by below 2 methods, please advise that is this sufficient security/ best practice or do you recommend extra security.
1) Corporate User ONLY: Anyconnect User Authenticate against AAA(Radius), then in ACS we have configured dACL in user groups to restrict the user access.
2) Non-Corporate Users ONLY: About 200 Non-Corporate users authenticate to Anyconnect vpn via SecureID, then in ACS we have configured dACL in user groups to restrict their access. in Anyconnect client user just enter its username and then enter RSA SecureID autogenerated keys then they are authorized.
1) Do you think that for Corporate/ Non-Corporate User, this is enough security, if not then please suggest a better solution
2) RSA SecureID key maintenance and its postage to clients is a lenghty procedure, do you recommend if we finish RSA SecureID procedure and instead create Non-Corporate users in AAA and also authenticate them like Corporate users, obviously create a group for them and apply the dACL with restricted subnets for this group. OR please suggest a better solution.
Only you can answer the "is this enough security" question based on your company's individual risk assessment. Generally speaking two-factor authentication is considered a best practice. One thing to consider is that the administrative burden of maintaining separate systems and lists of users for different access levels may negate the additional security obtained thus. For that reason, among others, one very sustainable standard is your AAA server proxying back to your AD / LDAP identity store which is itself configured to require two-factor authentication. All users would use this method and, based on their individual identity and group membership, would be granted to necessary access levels. Using that scheme, revocation or change of any user is always done at the same administrative control point.
As far as the overhead of mailing out SecureID fobs or cards, have you considered using the SecureID smartphone application?
On February 24, 2020, the Cisco PSIRT published eleven (11) vulnerabilities in Cisco FXOS and NX-OS Software. Eight (8) out of the eleven (11) vulnerabilities were found by our internal security and engineering teams, two were found by TAC during the trou...
Hello All, i have two vm firepower as HA and they are working fine as HA the traffics going through fin but there is a red mark shows on the HA, can someone tell me what does that mean please? This only appears on the HA not in individual device...
Software Checker and Automation
This event had place on Thursday 23rd, January at 10hrs PDT
Omar Santos is an active member of the cyber security community, where he leads several industry-wide init...
Securing What's Now and What's Next. With our annual global survey of 2,800 security leaders, we dove deep to compile key benchmark statistics. The 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing cybersecurity to...
I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot f...