EH-Net

Currently we have multiple different hardware vendors performing all different parts of our layered security. Now that I think of it, we don't have more than one vendor performing security in every part of our network. (Firewalls, SIEM, antivirus, IPS, etc.)

I like Cisco and seeing what they can do with all areas of security running Cisco products is impressive. From your standpoint, would it be better to diversify the equipment to different vendors or have one manage them all. I know that Cisco might not be #1 in all categories, but when all their equipment is working together, I feel that you have a tighter network.

Scucci

I am sure many people will have many different opinions on this.
Cisco is for sure a good brand, with some quality products, and alot of companies are Cisco houses.

My personal opinion is where possible go for best of breed, and just not to put all your eggs in one basket. So I like to have a few solutions in the mix by different vendors. That way when a major issues flares up (some zero day attack) I will hopefully have some layer providing some protection.

Just my thoughts.

In part I'd agree with Dale.

Cisco are generally superior in what they do best, routing and switching. However, often the attempts to branch into different fields and features can leave a bit to be desired. They usually design and create devices with a high level of security, however it is often seen that the advanced 'features' are less secure.

For example this months security advisory lists several vulnerabilities in 'security' features; including vulnerable IPS features, potential data leakage from a VPN and even an issue with the humble NAT. (Full advisory here (http://www.cisco.com/en/US/products/products_security_advisories_listing.html))

I'm not trying to claim that Cisco devices are less secure than other manufacturers, it could easily be the case competitors are just less open regarding their bugs; and if you want to move to a single manufacturer for all devices you could certainly do worse than go with Cisco.

It is usually the case though that those specialising in a specific technology will produce a better product than generalists, providing you stick to the big boys. Best-of-breed devices usually have that label for a reason.

Good luck out there...

I think Dale and RoleReversal summed up the majority of my opinion, other than, it is kind of like asking which is the best OS; MAC, Linux or Windows?  You are gonna get so many answers it is rediculous.  In most cases, he who throws the most money at promoting/advertising their product wins, which Cisco has done a great job at.

I can give you one product that I have not had much luck with...Linksys, which is put out by Cisco.  For their high-end stuff to work pretty good most of the time, they sure as hell can't get the home market down, of course, that's my opinion and the experience I have had with several Linksys routers.

To the OP, remember, don't put so much faith in one product.  One weak link can break the whole chain.  As RoleReversal pointed out, Cisco consistently has its share of vulnerabilities, which does not necessarily make it a bad product.  But, having other solutions in place is a wise choice.

Like I said, dont put all your eggs in one basket (all one vendor) unless there is a strategic reason.

Multiple layers is the key, and if this can incorporate various vendor offerings the better.

Thanks you everyone for your reviews.

I think it matters a lot (personal preference) because Cisco security products have steered away from mostly being point products several years ago.  For the past couple of years, they've focused on collaborating each security controls together to integrate with another & even escalate the security of other Cisco security solutions. 

Security no longer becomes an afterthought or a necessary evil, but a security architecture that's designed to scale to Government & Compliancy requirements (like PCI, HIPPA, SOX) which goes far beyond just a simple firewall. 

With there recent purchase of Ironport they have stepped up there arsonal of network security by ten fold. I recently was able to attend a demo on the Ironport and was very impressed with there product. My company is now using a largescale Ironport as a virusgateway and email scanner and it's working very well.

Yup.  Ironport works as a wonderful email & web content filtering front end which also collaborates with Cisco's Security Agent (CSA) to reinforce Data Loss Prevention, or info leakage through email.

Their latest acquisition this past summer will really ramp up network security with role-based application enforcement/security.  And like their other security offerings, it will probably work together which will take it to the top IMO.

The problem with this approach is that you must become equally proficient with multiple products. For example, using two different firewalls would prevent an exploit in one from working on the other, but at the same time, you may increase the likelihood of configuration errors. I'm not outright disagreeing with you, since that approach does have benefits as well. I'm just offering an alternate perspective because I think some people develop a false sense of security by taking the multi-vendor approach.

To get around that for example in my company's environment we have a team of individuals whom work on certain aspects of the infrastructure.  Each one has their own specialty and have a working proficiency in the rest.  So in all everyone can work with everything, but we have an expert for each technology.  So for major changes the SME would either complete or review all configuration changes to ensure there are no issues.  Nice to see you over here dynamik  ;D

Yep, if you have the resources to go about things that way, that's an excellent solution. That's why I wasn't saying one approach was right and the other was wrong; it's entirely circumstantial.

Nice to see you too! I'm a little intimidated by the level of technical proficiency here, so I'm probably just going to lurk for the most part ;)

Don't be intimidated dynamik.  Nobody knows everything and all of us had to start somewhere too.  Not only that but we're able to share ideas and techniques here.

:)

Hey dynamik,

I'll second that. If this place was only full of experts, it would be a very lonely place. None of us are perfect, and I can guarantee that none of us know everything about this field. There is simply too much. And what has been picked up along the way, we all want to share it with those behind us as those in front of us did for us.

Keep it up and spread the word to other lurkers who may feel the same.

A BIG welcome to EH-Net,
Don

Thanks for the welcome guys :D

I'm actually not too nervous; that was more of a compliment to you guys. This seems like a great forum with respectful, knowledgeable members, so I don't think there's any reason to experience n00b anxiety when posting ;)

I'm fairly tech-savvy, but I'm still quite new to the ethical hacking scene. I was introduced to this site by a few people I know from techexams.net (where I'm slightly more active (http://techexams.net/forums/members/dynamik.html)). I'll definitely be recommending this site to other EH enthusiasts.

TE is king when it comes to IT certifications (though very specialized ones such as the GPEN don't get much mention), but the level of depth you guys get into is astounding. This appears to be a phenomenal resource, and I'm very much looking forward to going through the forums, blog entries, columns, etc.

Well, I think that's enough chatter; I have a great deal of catching up to do :o

Thanks again to everyone who makes this possible :D

Careful don, giving dynamik the go ahead to feel at home could result in too many posts. It takes a special guy to rack up that many posts in less than 2 years!!  We can't prove it but any down time over there is suspect to him overloading the server  ;)

This IronPort sounds interesting.  I'm not a network hardware guy but I heard of a Cisco device used to mirror some network traffic thru a VPN to another IP addr where you have a virtual netwk of honeypots to collect and analyze any nasty stuff.
Anybody know what this device might be?

virtronic  what you are talking about is called DPI and most vendors have some kind of DPI out there. You can do this your self just using a Ethernet proble or a fiber spliter to get the mirrored traffic off of the line with out using a router or active network device. A company called netoptics makes many kinds of optical spliters and once you get the mirror feed over fiber (or ethernet) you can just used any sniffer or honeypot solution. If you need the mirror remote just plug the feed into a VLAN on a local switch and transport it where you need.

Brian

Brian,

Thanks much! 


Jeez I love this place.

 ;D ;D ;D ;D

Don

slimjim100,
are you talking about SPAN ? The "Cisco Catalyst Switched Port Analyzer" in which we can configure a port or several ports to send a copy of that data to specific port and that can be monitored using softwares like Wireshark or other network monitoring software ?

Correct me if I am getting it wrong .

Cisco just had ACS 5.0 come out which is a complete overhaul for AAA services.  What used to look like Windows 3.1 now looks sheek and slick.  Much more functionality too. 

Also waiting to get my hands on their new Spam & Virus Blocker product which was designed by Ironport for ALL Cisco partners.  It's supposed to have a 99% accuracy catch rate and -1% false positive rate which is shocking!  Hopefully we'll get one within a month to play with before selling.  Blows Barracuda away!