MS Intune Security Migration

I have been to a few Microsoft events that highlight how to secure company date on mobile devices. For Android devices, Android for Work allows you to segment company data while allowing the phone OS to interact with the data. For iOS devices, you can access company data through applications like Outlook but can still configure those same applications to access personal data, if you wish. The best part, is that when the company is done with the device (such as employees leaves and the devices go with them) then the company can retire them, which removes company data while keeping personal data (pictures, notes, their Angry Birds app, etc.) intact. It all looks and sounds great during those demos at Microsoft.

The problem I found is that my deployment was not as easy as advertised. Microsoft has documentation but I found it to be lacking. So, I am going to document my configuration to help someone else get it done quickly. There are some things to know before starting. People will need to use the Microsoft approved apps for accessing company data – you can find the list at https://aka.ms/supportedmamapps. For iOS, the built-in apps cannot be used as they copy data to the device – disabling the user account would mean only new data would not be accessible and that is not good enough. Because of this, contact sync needs to be handled by Outlook, which is a one-way sync so any contact updates have to be handled within Outlook. One thing to note is that this breaks the security rules as contacts are copied to the local phone store; however, this needs to be done if you want to see names instead of numbers when getting a call or text. I have worked directly with Microsoft on this and could not find a way around it. Also to note is that the iOS device needs to be on version 12 or later but this should already be the case as there are other security reasons to be on the latest code.

There are two places this configuration was performed: Intune and Azure Conditional Access (CA). Let’s start with the CA policies as a few are needed.

Custom Configuration Policies
  • Create a new policy and give it a name – this one is for enforcing the modern authentication apps and Intune. I applied this to a specific group as not all of my users are allowed to enroll mobile devices.
    • Cloud Apps: choose Office 365 Exchange Online and Office 365 SharePoint Online – you should see notes on the bottom that this will include other apps once those are chosen.
    • Conditions: choose Android and iOS under device platforms and Modern Authentication Clients under Client Apps.
    • Access Controls: choose Grant Access and check both “Require device to be marked as complaint” and “Require approved client app.” Make sure to choose “Require all the selected controls.”
  • Create a new policy and give it a name – this one is for blocking any ActiveSync clients as these copy data to the device. Assign it to the same users. This needs to be a separate policy or it will not work as expected.
    • Cloud Apps: choose Office365 Exchange Online.
    • Conditions: choose Android and iOS under device platforms and Exchange ActiveSync Clients under Client Apps.
    • Access Controls: Block Access
  • Create a new policy and give it a name – this one is for blocking any other applications. Assign it to the same users. Once again, this needs to be a separate policy or it will not work as expected.
    • Cloud Apps: choose Office 365 Exchange Online and Office 365 SharePoint Online.
    • Conditions: choose Android and iOS under device platforms and Other Clients under Client Apps.
    • Access Controls: Block Access.

These have to be three different rules because Azure conditional access policies do not work well when trying to be combined. From a logical standpoint, this does not make sense to me other than to say that you need to keep your policies simple. Of course, I have a concern that too many policies will eventually cause issues but that is a different topic.

Let’s move on to the Intune configuration. I am going to assume that you already have the basic configuration completed and can register your mobile devices as that would take up too much space. The first configuration policy needed is for the device restrictions.

iOS Device Configuration Policies
  • Create a Device Restrictions policy for Android Enterprise. Give it a name and assign it to the same users as before.
    • Work Profile Settings: Block copy and paste between work and personal profiles. Under Data Sharing Between Work and Personal Profiles, choose Apps in work profile can handle sharing requests from personal profile.
    • Device Password: these settings should coincide with your company’s configuration. My preference is to use a minimum 6 character password and 10 failed attempts before wiping devices.
  • Create a Device Restrictions policy for iOS devices. Give it a name and assign it to the same users as before.
    • Password: these settings should match the Android Enterprise one you just created. However, there are some extra settings so take a look.
    • App Store, Doc Viewing, Gaming: set Viewing corporate documents in unmanaged apps to Block.
    • Cloud and Storage: set Managed Apps Sync to Cloud to Block.
  • Create a Custom policy for iOS. Give it a name and assign it to the same users as before.
    • You will need to create an Intune Custom Profile Settings XML file to upload to this policy. See below on how to do this.

Refer to https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Use-Intune-custom-profile-settings-with-the-iOS/ba-p/298453 on how to create the Profile Settings XML. Here is a picture of mine – notice the highlighted line where you should enter the company name.

Custom Configuration XML

Make sure you have your compliance policies setup. I am not including this configuration as it is part of the basic setup. There are still a couple of items left. First is the App Protection Policy that you can find under Client Apps.

  • Create a policy for Android and name it. Target all app types and assign to the same users as before.
    • Target Apps: Check all the apps your company uses. If you are unsure then check the app – better to be safe than sorry.
    • Properties
      • Data Protections: Block Backing Org Data to Android Backup Services. Choose Policy Managed Apps for Send Org Data to other apps. Choose All Apps for Receive Data from other apps (unless you want to block this). Block Save Copies of Org Data. Choose Policy managed apps with past in for Restrict, Cut, Copy and Paste between apps. Disable Screen capture and Google Assistant. Require Encrypt Org Data and Encrypt Org Data on Enrolled Devices. Enable App Sync with Native Contact App. Set any other settings that you like.
      • Conditional Launch: Block access to Jailbroken Devices. Set the minimum OS version to 8.0 (or later if preferred). Change your offline grace period if you like.
  • Create a policy for iOS and name it. Target all app types and assign to the same users as before.
    • Target Apps: Check all the apps your company uses. If you are unsure then check the app – better to be safe than sorry.
    • Properties
      • Data Protection: Block Backup Org Data to iTunes and iCloud Backup. Choose Policy Managed Apps with OS sharing for Send Org Data to other apps. Choose All Apps for Receive Data from other apps (unless you want to block this). Block Save Copies of Org Data. Choose Policy managed apps with past in for Restrict, Cut, Copy and Paste between apps. Require Encrypt Org Data. Enable Sync App with Native Contacts App. Set any other settings that you like.
      • Conditional Launch: Block access to Jailbroken Devices. Set the minimum OS version to 12.0 (or later if preferred). Change your offline grace period if you like.

The last thing you will need is an Application Configuration Policy. Assign this to the same users as before and target the Outlook application. Make the following settings under Configuration. Spelling is key for these entries so it is easy so feel free to copy from this table (Note: a couple of lines wrapped here but they should not in your configuration):

Name Value
IntuneMAMUPN {{UserPrincipalName}}
IntuneMAMAllowedAccountsOnly Enabled
com.microsoft.intune.mam.AllowedAccountUPNs {{userprincipalname}}
com.microsoft.outlook.ContactSync.AddressAllowed True
com.microsoft.outlook.ContactSync.EmailAllowed False

Now, go ahead and enroll devices. Use the Microsoft apps so your users can access company data while you feel a little more secure that the same data is secured better.

Posted in Microsoft | Leave a comment

Daylight Saving Time (DST) in 2019

It has been a couple of weeks since we sprung forward in time. On March 10, 2019, we “lost” one hour of sleep because at 2:00am on that day we moved our clocks forward 1 hour – it suddenly became 3:00am. This was the start of Daylight Saving Time (DST) for 2019.

Why do we have Daylight Saving Time? I have heard different reasons for this. The one story that stands out the most is that it was an attempt to “shift” time so that there would be less need for gas during the first World War. By shifting time towards daylight, there would be less need for artificial light. This first happened in Germany but it followed quickly in other countries. The US started using DST only a couple of years after Germany. The second story I heard is that Ben Franklin suggested it as a way to get more daylight for farming but there is no real history of the use of DST prior to the first World War.

Less than a year after it was introduced here in the US, it was repealed. Some cities continued to use it but the official US policy was that it was no longer in use. During World War II, DST was re-introduced for the same reason as before – to shift time so there would be less need for artificial light. But there was no established rules around the use of DST. This changed later under the Uniform Time Act of 1966. It established a framework for DST with a uniform, synchronized schedule across the US. It set the last Sunday of April as the start of DST and the last Sunday of October as the end. More recently, the US passed the Energy Policy Act of 2005. This moved the start time up three weeks and the end time back one week.

While I was not around for most of the history of DST, I was working in IT during this last change to DST from the Energy Policy Act. While this Act seemed simple, it added a lot of work to implement on systems. Any new system tended to just need a patch installed to make that change. But the older systems had to have code created to make the change. For instance, at that time I still had some NT 4.0 servers – we were trying hard to get rid of them but most IT people understand that it takes time to do so. Of course, Microsoft was no longer supporting that operating system by then. When we asked Microsoft, they offered to write the code change for us for a very large fee – it started at $40k but went down to $10k. Personally, I found this to be outrageous so I created my own change. It worked but still had to be installed manually on all the NT 4.0 servers.

So, why did I write about this history? The week after the start of DST this year (especially on Monday), I heard a lot of opinions asking why we are still changing time. The recommendation from a lot of people was to just stay with the DST time year round. One thing I found in common with most of the people that had this opinion was that they did not like losing that hour of sleep. However, this is not a good reason to change time.

Personally, I say do not make any changes to DST and here are my reasons. For starters, the same people that were complaining about losing that hour of sleep have already recovered and probably have forgotten their opinion. Secondly, I remember the work I had to do last time DST was changed and I really do not want to go through it again. However, my biggest reason is the domino effect from switching to DST time year round. It would start in the US and have to work its way around the world as the US only governs time for itself. Plus, places like Arizona would either need to change or remain aligned with another time zone.

It would be easiest to just leave time alone and deal with the short time of losing that one hour. Agree with me? Let me know. Think I am absolutely wrong? Go ahead and tell me why. 

Posted in Patching, Time | Tagged , , | Comments Off on Daylight Saving Time (DST) in 2019

Why I became a Cisco Champion

Cisco is a great company – they have many wonderful products and services plus the company seems to treat its employees like family. It also knows that customers are what keeps it in business because without paying customers you do not have a revenue stream. Plus, Cisco realizes that customers sometimes know a thing or two about products and technologies. This is one of the reasons that the Cisco Champion program is so awesome. It is a way for Cisco to recognize individuals that do not work for Cisco but still share a passion for technical products and technologies.

A lot of Cisco Champions have written about why they decided to join the pgroam. My story may be a little different. I feel that it started in 2015 at CiscoLive in San Diego. This was the first year I went to CiscoLive by myself. Because I had been on Twitter for about a year at that time, I was already familiar with the CiscoLive social media team. This led me to the tweetup on Sunday. Almost immediately, I met quite a few interesting people that I ended up hanging out with that week. The following year, I followed the same course of action in Las Vegas. But that year one of the Cisco staff thought I was in the Cisco Champion program for a brief second – this was the first I had ever heard of the program so I looked into it. Of course, when I read that it was for technical evangelists (and I knew some of the people in the program were a lot more technical than I) I immediately assumed that I was not Champion material. Trying to compare myself to some Champions that are Cisco Press authors is kind of daunting.

At CiscoLive in 2017, one person in particular (Kim Austin @ciscokima) “harassed” me all week about being in the program. She learned some things about me through my time at CiscoLive. She knew I had a good understanding of the technology and that I enjoyed learning new concepts. Plus, that was the year I was asked to speak at the New to CiscoLive session hosted by Cisco for first timers. So, after I got back from CiscoLive and I saw the posts about joining the program, I decided to give it a shot. What was the worst thing that could happen? I would get rejected but I would still go on with my life.

Well, I did get in and let me tell you that I am so glad that I did. Over this past year, I have gotten some pre-briefings on future products, interacted with some of Cisco’s technical and managerial staff, and met some really wonderful people from across the globe (at least virtually). Cisco hosts some private chat rooms (through Cisco Webex Teams, of course) where we discuss interesting topics and get some technical insight from other smart people. Of course, it is not always technical stuff we discuss. Among other topics, I have discussed and seen pictures of kids, pets, and food – who knew that some of these incredibly technical people had many other talents? Plus, the snark is strong with many of them.

So, if you are even somewhat knowledgeable about technology, take a look at the program. A good post about the program can be found at https://community.cisco.com/t5/cisco-champions-public-documents/cisco-champion-program-faq-updated-october-2018/ta-p/3732770. Take a look at eligibility requirements – it does not state that you are an “expert at technology” but rather describes that you are a technical evangelist. Really, it is about wanting to inform others about what you know technically – wanting to teach. I got into writing this blog to help others. Sometimes my topics come from having to do too much research. I can put my experiences down here for others to review. That is being a Champion – wanting to better others when it comes to technology.

I am proud to call myself a Cisco Champion.

Posted in Cisco Champion, CiscoLive | Tagged | Comments Off on Why I became a Cisco Champion

Phishing Campaign

October is Cybersecurity awareness month, which is a time to educate people on good security practices. Unfortunately, the users that really need the training are usually the ones that ignore the training opportunities. How do you get these people to actually take cybersecurity seriously? You trick them.

Ok – I know that sounds bad and I am not suggesting being a bad guy. What I did was launch a phishing campaign against the entire office part of my organization. That is roughly 5000 people globally. I really did not know what to expect when I started the campaign. I was hoping for better results but, regardless of the outcome, it was a really interesting project. At my level of involvement, I was privy to a lot of details that I cannot divulge even to other people in my organization. However, I can help you understand why this is a really good tool to help with the training effort.

Let’s discuss data privacy which can be a dreaded topic for international companies. Workers in the US should not expect data privacy, which means there are things that can be performed easier for security staff. However, there are laws and regulations in other countries that take data privacy seriously – just look up the EU data privacy laws (especially GDPR) to get an understanding of what I am referring to. This is why you need to get Legal and HR buy-in before moving forward with phishing your users. I think the important concept that helped my efforts was making sure I was not collecting any IDs and Passwords AND (this one may be more important) names will not get divulged under any circumstances. It is OK that IT Security knows these details because that is part of the job – how can you collect information without knowing the details? The important part is that IT Security will only be divulging statistical details – the percentages of users doing something. Statistics should be divulged to everyone including senior management but names should not be divulged to anyone under any circumstance.

Another important thing to mention is to inform users that give their credentials but, more importantly, do not make them feel dumb about it. Yes, they just did a really stupid thing but let them know why it was stupid. The message should not be “hey, you are stupid” but rather “oops, you fell for a phishing email – good news it was fake this time.” Also, add details around the campaign such as why it is being performed. Let the users know that there is a good reason for this and it is to help them be better with cybersecurity awareness. This is a good time to point out any tools that you have to help identify bad emails.

When performing these types of campaigns, you should not be looking to trick your users. The actual bad players are getting better but they do make mistakes The emails I used were (to me) obvious fakes. For starters, there was some tools already implemented to help the users. First, I had previously implemented a simple tag in the emails by prepending the email subject line showing that external emails were external. So, when the users receive an email from the “CEO” and the subject says it is external, they may do a better job realizing it is not really the CEO. I made sure all of my phishing emails included this tag. Some of the phishing emails purported to come from one of the executives so having that tag should have been an obvious sign (or at least I thought). Second is to use different but similar domains since this does happen in the wild. Finally, I made sure there was some spelling and grammar mistakes in the email body – nothing too crazy but a few here and there. Another tool I had already deployed was branding our Office365 login – the company logo and a photo inside one of my locations was added. One of my phishing emails claimed to be from IT asking to change their Office 365 password but I used the same screen that Microsoft uses as a default. I thought that not seeing the company logo would be a good sign that it was fake.

One thing to note is that the IT staff that deals with end users will get very anxious during the campaign. Their usual reaction to a major incident like a global phishing campaign is to notify users to be aware of it. This is where management needs to walk the tightrope by not allowing them to send out that notification. In addition, they need to be given some information about what is happening but not all of it as they should be part of the test. Besides, the more people that know about the campaign means the more risk that information will get out sooner.

The final part of my campaign was to inform all of the users about what happened. At this point, the people that gave over their credentials knew about the campaign and I am willing to bet that they shared that information with some others. However, there were people that still did not know. Most importantly is to share the information that you can. This is when the statistical findings should be shared so everyone can understand what happened. This should be done in a forum where the most people will hear. I was able to get the word out during my company’s quarterly employee forum and was able to include some details around the correct way to report bad emails. There were some interesting responses as to what happened but most were positive.

So what can I share about my campaign? Roughly 15% of the users gave their credentials willingly and roughly the same amount reported the attempts IT Security the way they were told to. There were a few users (roughly 2%) that reported it but not in a way that helps – if these were real phishes, IT would be forced to follow up with these users for further information. Of course, that means there was over 60% of the users that were unaccounted for. I can only assume that these people either deleted the email without notifying anyone or may have just not read the email, yet. Either way, it is a big number of people that did not do anything to help the situation. Unfortunately, these are probably the same people that tend to ignore cybersecurity training.

Even with those numbers, I think the campaign was a success. Why am I claiming this? Because there has been a genuine uptick in phishing reports since the campaign ended. Unfortunately, there has been an uptick in false reports, too. Roughly 35% of the email reports since the campaign are legitimate emails including some internal ones. I guess a future follow up training may include how to spot fake emails (and that some emails are SPAM, not phishing). Regardless, it is an improvement and I think my users are genuinely questioning emails more. I would recommend performing a phishing campaign to any company.

Posted in Phishing | Tagged , , | Comments Off on Phishing Campaign

Umbrella Migration

Not too long ago, we switched to a new Internet security solution. Our previous solution was a Cisco product called Cisco Web Security, or CWS. This was a cloud proxy solution and it worked well. But, being a proxy, it had its short comings with a big one being that it would rewrite all the web pages – of course, that is the nature of using a proxy-based solution. Secure sites (HTTPS) were even worse since CWS could not secure them unless it was allowed to perform man-in-the-middle style of rewriting the web page. This was an ok way of securing these sites as it would not always work well.

I am pretty sure that Cisco recognized these shortcomings since they purchased a company to replace CWS. They bought OpenDNS which had a unique solution to Internet security. One of the key components of the Internet is Domain Name Servers, or DNS. DNS is why you can use a URL (like www.itsecdef.com) and not have to know the IP address. Rather than looking at the content of the site, OpenDNS would categorize the site itself. When you request an approved site you would get the address for the site AND you would go directly to the site – no rewriting of the web page. However, when you went to a site that was either blocked by policy or identified as malicious you would not get the site’s address. Rather, you would get the address for an OpenDNS server to explain why you cannot get to the bad site. This was a really good product and Cisco made it even better by augmenting it with other solutions including some of the CWS features. They even changed the name to Cisco Umbrella since it covers more features (umbrella, get it?).

If you have ever had the chance to migrate a company’s Internet security solution then you know it is not a fun project and has really bad outcomes when things go wrong. When someone cannot get to the company’s ERP system, they just open an incident – no real complaining since they cannot work. Alternatively, if someone cannot get to their news site or watch videos on YouTube, they can get really cranky. If it is because you messed up the Internet migration, watch out for the pitchforks. Well, this was not the case for me with Umbrella.

There were two main phases to the migration: network and client. The network migration took all of 1 hour – actually it took a lot less but I had to wait for my testers and that always starts with some initial banter. All we had to do was repoint our DNS servers to the OpenDNS IP addresses for recursive lookups. Seriously, that was it. Once that was done, all DNS lookups for Internet sites went through Umbrella. The second phase was the clients. When people are remote (and not on VPN) they are secured through the use of a module on the AnyConnect client. We used our SCCM system to upgrade the client, remove the CWS module, and add the Umbrella module. Of course, this took longer than the network migration but it was facilitated by SCCM so we could monitor the progress.

There are some other features with Umbrella to allow for securing sites based on user ID’s (like Active Directory) but we did not deploy these. The main reason for this was EU data privacy regulations. If we did not know the user ID’s that accessed websites then we would not know what users were going to which websites. As a security person, I was not fond with the loss of data but the EU Works Councils did not care about my feelings. As the person responsible for getting us to Umbrella, this actually made the migration quicker. To get Active Directory integration working we would have had to deploy appliances within the network to point computers to (instead of our existing DNS servers) and add an AD connector. This migration could be done by altering DHCP but that means someone has to hit every DHCP scope. For a global company, that is a good amount of manual labor.

What did I learn about Umbrella during this migration? For starters, Cisco is still working to better the product, which includes more integrations such as with their Cloudlock service (CASB). I am planning to research these other product integrations when I get some more personal bandwidth. Additionally, using our DNS servers made the migration really easy. One thing I would mention is that you want each DNS server to point to the OpenDNS servers – do not point all the internal DNS servers to one specific internal DNS server and have it go outside. There really is no need to do this and it allows for Internet breakouts to be wherever (as long as the Internet provider allows you to use any DNS server). Finally, unlike CWS, Umbrella is able to secure more than web surfing since DNS is used for more than just the Internet. For instance, malware can utilize DNS to communicate back to a control system – unless Umbrella is there to respond with a different address. In conclusion, Umbrella is a product that works great. Your users will not thank you for switching to it but they will not grab the pitchforks either.

Posted in Cisco, Umbrella | Tagged , , , | Comments Off on Umbrella Migration

Are passwords enough?

The traditional method of securing data for many years has been through a user ID and password. Over the years, the recommendations around passwords has changed. Password length has always been important. Adding a single character (i.e. changing from 6 characters to 7) will make it exponentially harder to brute force crack. Using more than the simple 26 characters of the alphabet makes it even harder so it is best to use upper and lower case and special characters to make it take even longer.

It is now 2018 and brute force password cracking is not what any bad guy really wants to do anymore. While it is still a threat, is it as much of a concern as before? A lot of malicious parties have changed their methods. For instance, it is easier to send a specially crafted email that look like it comes from someone you know and it contains a link to a document. The receiving party clicks on the link and it looks like Office 365 login – the person enters his/her credentials to see the document and now the attacker does not need to do a brute force hack.

So what can the IT Security team do if the end users are just going to give up credentials? For starters, make changes to login screens. By using branding, your users can see when they are at their Office 365 login. If there is no branding then the users should question the login. Users are both gullible and smart at the same time. Give them the tools to make better decisions. But is that enough?

The ID and password combination is no longer enough. Multi-factor authentication (MFA) gives the end users another factor in the login process. After users enters their ID and password, they get a notification on their mobile phone to approve the login. MFA is not new and it has been getting better but, as Stephen Hawking said, nothing is fool-proof to a sufficiently talented fool. If they get an authentication request on their phone and did not enter credentials, this could mean that someone else is attempting to login as them. But remember when I said users can be dumb? Too many MFA requests could mean that the end users could approve requests even when it was not from them.

User and entity behavior analytics (UEBA) is the next method to safeguard company assets. By analyzing what end users are doing – how they are logging in normally – IT Security can get notifications when something out of the ordinary occurs. Also, it can lower the number of events for the IT Security teams to analyze. When a user performs a login in New York and ten minutes later attempts a login from Russia, there is a very good chance that someone else got the user’s password as this is an impossible travel situation. It is not always a hack attempt – for instance, a VPN connection can make it look like an impossible travel situation but IT Security should be able to differentiate a VPN connection.

EUBA is something that I am starting to look into for my company. As I research the different products, I will post some more on the topic. Till then, keep safe and remind users to stay diligent.

Posted in Passwords | Tagged , , | Comments Off on Are passwords enough?

CiscoLive 2018 Scoop – Big Ideas Theater

CiscoLive has been getting bigger every year. The logistics of making the show work so well can be staggering and there is a small group of people from Cisco that are responsible for it. Every year they are challenged with bringing fresh, new experiences to attendees and every year they do a great job.

One of the big changes that a lot of people noticed for 2018 is the loss of the Social Media Pass. While this was a relatively inexpensive way to go to CiscoLive, it really did not have a lot of perks. If I am going to CiscoLive, I want to hear from visionaries and technologists so I can bring back great information. I go on the full conference pass since I want to hear from the technologists – the people that help make Cisco’s products. But that may not be for everyone.

Technology immersion is not the only part of CiscoLive. So, in 2018 the CiscoLive Team has given customers a new option: the Imagine Pass. This pass has a cost ($695 for early bird pricing) but it comes with some really good features. Basically, the return on investment (ROI) is pretty good. Just like the Social Media Pass from before, you get to go to all the keynotes, the Customer Appreciation Event, and the World of Solution floor. The difference is that you get meals and access to the Innovation Showcase and Big Ideas Theater, which are both new for 2018.

But what is the Big Ideas Theater? Just from the name, you can guess that it is about ideas, concepts, and visionary thought. The theater will contain a diverse lineup of thought leaders, strategists, technologists, and other provocative voices from across industries. This looks to be a great change for Cisco attendees that don’t want to immerse themselves in the technology tracks. Here is the official lineup:

Monday:
1:30 – 2:30 pm: Star Search
Hakeem Oluseyi (Astrophysicist and the Space Sciences Education Lead for the Science Mission Directorate at NASA Headquarters)

4:00 – 5:00pm: Shift Your Brilliance: Leading Amidst Uncertainty
Simon Bailey (Best-selling author and renowned teacher)

Tuesday:
9:00 – 10:00 am: Emotional AI and the Future of Work
Dr. Rana el Kaliouby (Pioneer in Emotional AI, Co-Founder and CEO of Affectiva)

1:30 – 2:30 pm: Herding Tigers: Be The Leader The Creative People Need
Todd Henry (Author, Inspiring Speaker and Expert on Managing Creatives)

4:00 – 5:00 pm: Finding Your True North: Possibility Through Positivity
Grant Korgan (World-class adventurer, Nano scientist, and professional athlete)

Wednesday:
9:00 – 10:00 am: The Future Is Talent
Jenna Carpenter (Founding Dean & Professor of Engineering at Campbell University)

1:30 – 2:30 pm: The Neuroscience of Innovation
Amy Posey (CEO & Facilitator)

4:00 – 5:00 pm: How This Entrepreneur Turned Her Diet Soda Addiction Into a Company
Kara Goldin (Founder & CEO of Hint Water)

Posted in CiscoLive | Comments Off on CiscoLive 2018 Scoop – Big Ideas Theater

CiscoLive Tips

I have been to CiscoLive quite a few times and have learned things each time. Here are some of my tips that I have gathered over the years.

Do not show up Monday morning as your starting point. There is always a line at registration on Monday and almost none on Sunday. Besides, Cisco is now doing a session on Sunday designed for first time attendees. I know it is a good sessions as I am one of the speakers. We talk about some of the things we have experienced and take questions from the audience. So, come on Sunday (or earlier) and get your badge so you can be ready to go Monday morning. Also, come to the session for first timers and hear from people like me, even if you are not a first timer.

I have enjoyed each CiscoLive and it gets better every year. Unfortunately, it also gets bigger every year. You cannot do everything and this is ok. There are a lot of technical sessions on many different topics. Don’t go to a session because you think you are an expert – use these sessions to have a conversation. There are other people that will be in the same session that have similar questions – ask your questions and interact with the instructor. Just be a little careful – do not come to the session to solve all your problems. If you want to expand on something, wait till after the session to talk with the instructor.

Almost all of the sessions have slide decks you can download (even in advance) and can be used after the show. A good number of instructors even add more content to their downloads. If there are any sessions that you do not have questions, use the slide decks instead of going – consider it a way to save some of your time for other parts of the show.

World of Solutions (called WoS) is the show floor. There are lots of vendors located here – lots of vendors. They give away free stuff so you can go home with plenty of SWAG. Be careful here – don’t pick up more stuff that you can bring home. Personally, CiscoLive is the one time I check a large bag rather than try to go with a carryon. My kids love the free stuff and so do the people in the office.

When planning your sessions, leave some time to peruse WoS. Personally, I find Wednesday afternoon to be the perfect time for this. Monday and Tuesday I am trying to absorb all the information from my sessions so by Wednesday afternoon I feel like I need a break. By scheduling an hour or two after lunch to walk around WoS and chat with vendors, I can get ready for more technical sessions and get my tchotchkes for the kids.

Social media is a big deal and it is huge at CiscoLive. Come down to the Social Media hub and meet the people that are behind Cisco’s social media. Plus, it is a good place to meet other attendees. The past few events, Cisco has put the Social Media hub in a key location because they know how important it is. It is called a hub for a really good reason.

Wednesday night is a big party known as the Customer Appreciation Event or CAE. This is always an event and you get a free hat. Go to this!!!! There have been entertainers in the past like Aerosmith, Train, and Bruno Mars. Cisco rents out some really big venues like the T-Mobile center in Las Vegas, Petco Park in San Diego, and Universal Studios in Orlando. It is a time to have fun with other attendees – this is not a place to do work. Just remember that you have one more day of the show.

8am meetings on Thursday come quickly especially if you partied too hard at the CAE. Remember, this is the last day so power through. There are some sessions on Thursday that are great for thinkers so it is a day to drink an extra cup of coffee or soda or down some chocolate – anything to get you moving. Plus, Cisco has one more special treat in the guest speaker. This is a famous person that may or may not have to do with technology. Probably my favorite guest speaker was two guests in one, Adam Savage and Jaime Hyneman – also known as the original Mythbusters. This is always a good way to end the show.

The last thing I want to tell you is to network while at the show. This is not Cisco networking but rather getting to know other attendees. I have made some good friends at CiscoLive that I chat with throughout the year, but only get to see at this event. The end of my show usually is with dinner with some of these people. You never know where your next job will come from and there are plenty of people at the show that may be looking to hire.

I hope that these tips can help you with attending CiscoLive. It is a great show both from a technical perspective and a fun time.

Posted in Cisco, CiscoLive | Tagged , | Comments Off on CiscoLive Tips

Social Media

October was National Cybersecurity Awareness Month and, since I am in IT Security, it was a busy month for me. Besides having to deal with the day-to-day operational activities and the on-going project work, I had to come up with Cybersecurity stuff for the month. “Stuff” is my technical term for all of it: mass emails to my company on topics such as physical security and social engineering (do you know what vishing is?); presentations that I had to approve for others; and my presentation to the corporate office.

The presentation that I gave was on Social Media. It included a brief history of the Internet as it relates to Social Media, the good parts, the bad parts, some helpful tips, and information about my company’s policy on the topic. Fortunately, I had help for the last part from my Corporate Communications department – it is great to collaborate with others on presentations.

I cannot share my presentation as it is internal (and has my company’s name all over the place). However, the tips were my own and really designed for anyone.

  1. Double-check your privacy and security settings. While Social Media sites will (usually) not change your settings, they can change the settings themselves (even add or remove settings). Take a quick look every so often to make sure you are sharing what you want to share.
  2. Check you public profile. “Google” yourself. Log out and search for yourself. See what others that you do not know can see about you. If someone is trying to scam you, this can be a great way to find our details about you.
  3. Do not accept all “friend” requests. I am on LinkedIn and get a lot of friend requests. If I do not know the person, I do not accept. You have no control on what your friends do so there is no need to be friends with someone you do not know.
  4. Limit your personal information. Seems obvious but it goes back to your public profile and scammers.
  5. Do not post anything that you would not share with others. Barring the social interaction issue, if you are unwilling to stand up in a crowd of strangers and tell them something about yourself, why post it online?
  6. Be careful with add-ons. Ever play a game on Facebook? That can have a different end user licensing agreement and you could be accepting something that you should not.
  7. Review the Terms of Service at least annually. These can change without your knowledge and Social Media companies do not have to tell you. If you do not have that much time, start at the bottom as that is where the juicy stuff tends to exist.

So these tips are not earth shattering but they are good to remember. Even IT Security people can forget simple rules from time to time. Good things to remember as you surf the online social world.

(BTW, vishing is voice phishing – a topic that I may take up in a future post)

Posted in Social Media | Tagged , , , | Comments Off on Social Media

Cisco Umbrella

Many years ago, most companies added Internet access by purchasing some form of Internet line at the corporate office. A firewall was added to keep the bad guys from getting in. Eventually, the powers that be got word that employees were surfing to questionable sites. For instance, at one company I was at I had to show them a list of the sites people were going to – I setup a SPAN port and connected a 3rd party product that looked at HTTP/HTTPS traffic. There were some sites that were really bad and would get people in front of HR really quick (one site I remember seeing was mybigfatwhitebooty.com – seriously).

This started the purchase of URL filtering. Initially it was through something on-site like routing all web traffic through a proxy server. This was good but it created a bottleneck plus did not grow well when a company wanted to add other Internet access points. A few years back, proxy in the cloud was born. One company called Scansafe did a pretty good job at this – it worked so well that Cisco bought the company. That is roughly when I got introduced to them. Cisco rebranded it as Cloud Web Security or CWS for short.

We have been using CWS for a few years and it is definitely better that our own proxy. For starters, there is no hardware for us to deal with. Secondly, we connected our firewalls to it so all web traffic leaving the company goes through it – not just company computers. Finally, through the AnyConnect client we can redirect laptops when they are not within the confines of the company network. All was good with CWS making this security guy really happy. Unfortunately, web traffic is not always ports 80 and 443 so CWS is limited.

Umbrella to the rescue. This is another Cisco purchase previously called OpenDNS. This will eventually replace CWS (actually, CWS is getting folded into Umbrella) so it is about time for all CWS customers to start the migration. Umbrella is really cool with what they did. DNS works as a backbone for Internet traffic by exchanging names for addresses. Think of it like a location on a map. There are not many people that can tell you exactly where something is by geographic coordinates but many more can tell you a city or town name – that is kind of like DNS. Umbrella works at the DNS level and since almost all Internet traffic uses DNS then you are getting almost all traffic even when it does not use ports 80 or 443. Once again, as a security person I really like this since we can secure other connections than standard web browsing.

My current company just signed our contract for Umbrella and we will be migrating away from CWS soon. All my Umbrella knowledge is based on marketing material and talking with the engineers – no first hand experience, yet. Sometime in the future (after we are done with the migration) I will write another post on my thoughts about Umbrella. For now, I am just excited to get started.

Posted in Cisco | Tagged , , | Comments Off on Cisco Umbrella