Cisco Cisco ASA 5525-X Adaptive Security Appliance Guía De Información
3 © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Fishwick also appreciates the Botnet Traffic Filter capabilities of the Cisco ASA
5545-X. “IPS and IDS gives New Charter protection from the outside world. But
the botnet filter looks at connections inside your network going out, looking for
anomalies.”
5545-X. “IPS and IDS gives New Charter protection from the outside world. But
the botnet filter looks at connections inside your network going out, looking for
anomalies.”
Cisco Cloud Web Security (CWS) is used for guest traffic. In the past, New Charter
used to provide a bypass, but Fishwick says it introduced too much risk. CWS
protects users across the public and private networks. “I’m using the ASA connecter
to push traffic onto the Cloud Web Security. I also actually push all our help desk
requests and information through that. If it’s good enough for me and the team, it’s
good enough for anybody. I practice what I preach,” says Fishwick.
used to provide a bypass, but Fishwick says it introduced too much risk. CWS
protects users across the public and private networks. “I’m using the ASA connecter
to push traffic onto the Cloud Web Security. I also actually push all our help desk
requests and information through that. If it’s good enough for me and the team, it’s
good enough for anybody. I practice what I preach,” says Fishwick.
Cisco CWS also allows New Charter to control what applications and websites
public users are allowed to access. Fishwick says, “As much as I don’t mind what
people do in their own homes, the PCs in our housing units are in public locations,
so we must have some controls on them so our network isn’t compromised. With
the Cloud Web Security, we just branch the traffic off through the Cisco ASA and
they’re blocked from going to places they shouldn’t.”
public users are allowed to access. Fishwick says, “As much as I don’t mind what
people do in their own homes, the PCs in our housing units are in public locations,
so we must have some controls on them so our network isn’t compromised. With
the Cloud Web Security, we just branch the traffic off through the Cisco ASA and
they’re blocked from going to places they shouldn’t.”
Using Cisco ISE for both wired and wireless connections lets the organization
ensure role-based access to their network. ISE will also let New Charter provide
full guest access for residents who live in sheltered housing, accommodations for
those who need additional support in their living environment. “We don’t just want
to provide a common PC for residents to use, but rather, full access to a public
wireless network. Currently, we’re using just the Cisco Wireless Access Points. ISE
will allow us to come from a central platform to leverage both tools for more granular
access levels,” Fishwick says.
ensure role-based access to their network. ISE will also let New Charter provide
full guest access for residents who live in sheltered housing, accommodations for
those who need additional support in their living environment. “We don’t just want
to provide a common PC for residents to use, but rather, full access to a public
wireless network. Currently, we’re using just the Cisco Wireless Access Points. ISE
will allow us to come from a central platform to leverage both tools for more granular
access levels,” Fishwick says.
“The integration of the ASA 5545-X with ISE and TrustSec will mean that when
users come into network, the Change of Authorization will enable us to more easily
make changes in the posture assessment, as needed,” says Fishwick. “Using
TrustSec’s Security Group Tagging inline will allow us to streamline changes to the
firewall rules and our Access Control Lists (ACLs).” The IT team can update the
antivirus, file availability, and more, ensuring that people joining the network have the
up-to-the-minute level of access and security.
users come into network, the Change of Authorization will enable us to more easily
make changes in the posture assessment, as needed,” says Fishwick. “Using
TrustSec’s Security Group Tagging inline will allow us to streamline changes to the
firewall rules and our Access Control Lists (ACLs).” The IT team can update the
antivirus, file availability, and more, ensuring that people joining the network have the
up-to-the-minute level of access and security.
Fishwick also says, “It was very easy to implement. I can see the benefits of having
an end-to-end solution to allow access control built into the Ethernet packet. This
will also be extremely useful when controlling remote access users and BYOD.”
an end-to-end solution to allow access control built into the Ethernet packet. This
will also be extremely useful when controlling remote access users and BYOD.”
Next Steps
New Charter is now considering using the Cisco Cloud Web Security for all its web
filtering. “We have to manage the appliance internally. It will be quite nice to manage
all web filtering in the cloud, instead of just part of it,” says Fishwick.
filtering. “We have to manage the appliance internally. It will be quite nice to manage
all web filtering in the cloud, instead of just part of it,” says Fishwick.
The organization is also considering Cisco Security Manager. “Security Manager is
proactive, so you don’t have to rely on IT staff going in and checking on the logins
to see whether there have been any potential attacks on the network. We need that
process to be proactive.”
proactive, so you don’t have to rely on IT staff going in and checking on the logins
to see whether there have been any potential attacks on the network. We need that
process to be proactive.”
Customer Case Study
Darren Fishwick
Telecommunications and Network Manager
New Charter Housing Trust