SlideShare a Scribd company logo

Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx

Download as PPTX, PDF
Z
zachdwg

This document explains how to use the latest security technology, called Next-Generation IPS, which helps protect computer networks. It focuses on setting up a specific version of this technology called Firepower version 6.X. It teaches you step-by-step how to install Firepower devices directly into your network to keep it safe from online threats. It also shows how to connect these devices to a central control system called the Cisco Firepower Management Center. By following these instructions, you'll learn how to better protect your network from cyber attacks in a simple and straightforward way.

Technology
1 of 25
Hasnain Cisco Firepower NGIPS Deployment
OBJECTIVES • Next-Gen IPS technologies • Document covers Firepower deployment of 6.X versions • Firepower managed device inline deployment • Traffic flow through various security features in IPS • Firepower registration to Cisco Firepower Management Center
Next-Gen Firewall Below diagram depicts traditional firewall deployment where the firewall protects an organization based on 5 tuples. Firewall can react to traffic until layer 4 . • Source IP • Destination IP • Source port • Destination port • Protocol To protect any traffic on an application level, firewall won’t be of much help. Attacks on application level is growing exponentially. Ex: Command and Control (CnC), reconnaissance, lateral movement, data exfiltration, botnet activities all goes unnoticed. Solution: Next Gen IPS offers a various solution to protect your organization from DNS, URL blacklisting, file blocking, malware protection, IPS etc.…
NGIPS ➔ Application layer protection ➔ Packet payloads are examined ➔ Deep packet inspection up to OSI layer 7 ➔ Matches attacks based on signatures ➔ Traffic Analysis ➔ Malware protection ➔ Security Intelligence ➔ Action on App ID / User ID ➔ Suspicious behaviour
Firepower Security Policies This is a high-level overview of how a traffic is passed inside Firepower. There are the policies which can be applied to a firepower device • Access Control Policy • Network Access Policy • Intrusion Policy • Anti-Malware and File Protection Policy • SSL Policy • DNS Policy
Security Intelligence: First level if filtering based on backlisted IPs, known malicious DNS/URL records, custom DNS/URL records. If a packet is dropped here it is not sent to Access Control Policy for DPI. SSL Policy: If your organization decides to decrypt all outbound/inbound traffic, you can use the SSL policy and use certificate based on your internal PKI distribution. Traffic which is decrypted is sent to ACP and AMP, once the verdict is good – traffic is re-encrypted and sent out. Access Control Policy: Here is where you define all your rules. You can define rules which you don’t want to do DPI by setting action to “trust”. Also, you can define traffic which needs to be inspected with intrusion and malware policy. Intrusion Policy: IPS signature attacks are defined here. SNORT rules are used to block malicious traffic. You can have custom signatures defined or inherit signature database from Cisco. Malware & File Policy: Here you can act to allow/ block certain file types and scan for malware of set of file types which you consider can be infected.
Cisco FMC and Firepower Design considerations Consider you have below setup in your company. You wish to integrate NGIPS. Things to consider: • Do not make any routing changes • Do no disrupt configurations on the router and switch Solution: Integrate Firepower physically inline between switch and router.
Design: • Break the connection between switch and router. • Connect switch to one interface of Firepower and Router to another interface. • Connect the management port of firepower to your management switch. • Plan to have Firepower and FMC on the same plan.
Cisco Firepower configuration • Login to the console of firepower • Enter default username and password – admin/Admin123. Press “Enter” for End User License Agreement (EULA).
Type “YES” to continue
• Enter the management IP, netmask, gateway, fully qualified domain name as per your design for firepower. Choose Inline deployment
• Wait for 1-2 minutes for the firepower to load the settings. Next step would be to configure the manager. Command => configure manager add <fmc_mgmt_ip> <registration_key> You can have registration key set to anything you like. Please do not forget the registration key you use here as this will be used on FMC to add the appliance.
NOTE: If you entered wrong info and would like to correct it, you can always reconfigure the network settings using the below command Command => configure network ipv4 manual <firepower_mgmt_ip> <subnet_mask>
Execute below command to view the manager you added on firepower
Cisco FMC configuration • To add a device on FMC, go to Devices -> Device Management -> click Add -> select Add Device
Now in the next screen, click on Access Control Policy dropdown and select new. Give a policy name and set default action to “Intrusion Prevention”
Once you have Access Control Policy created, fill in the details of your firepower manager
Select the license based on your purchase and requirement Firepower Licensing Protection License IPS, File Control - Detect or block files, Security Intelligence filtering Control License User & Application control, switching & Routing, need to have protection license Malware License AMP, ThreatGrid, requires protection license URL Filtering License URL filtering, categories & reputation, requires protection license
• FMC will start the registration process. You should see the status as below • If the details you entered is correct, you should see FMC successfully registering the Firepower • Now login to Firepower and check if the Firepower registration is complete as a verification step
Create Inline Set for Firepower  Configure the inline network pair to define the ingress and egress interfaces. These interfaces should be paired to let the Firepower know the packet which enters from one interface should leave the counterpart interface.  Firepower can have multiple interfaces and to pair the interfaces you need to configure the inline sets.  Click the pencil icon the device you just added.  Define the ingress and egress interface by assigning a security zone  Create an inline set for the interface o Note: Failsafe option allows the traffic to bypass the system if the buffers are full. No inspection at this point.  Depending on your needs select the option in the advanced section.  Once the inline set is defined, deploy the config by selecting deploy icon and select the device and click Deploy
Health Policy and Platform settings deployment • Health policy applies to FMC querying FTD for health checks. Here you can define if FMC should monitor the interface, CPU, Disk etc. status of Firepower. • Go to -> System -> Health -> Policy -> Create Policy • Please concentrate on the options you have on the left. Based on the health policy you can have alerting configured on FMC to send SNMP traps or emails in case of health check error or warning • Once you have defined the settings as per your needs, click on apply and select the firepower device and click apply • Now, to control the system settings of Firepower go to Device -> Platform Settings -> Create New Policy. • Select the Firepower appliance and move it to the right. • You can change the available settings as per your needs and click save • Deploy the policy the device

Recommended

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
ManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine, Zoho Corporation
 
IPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information securityIPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information securityuselessacclmaoo
 
How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?IT AMC Support Dubai - Techno Edge Systems LLC
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...ManageEngine, Zoho Corporation
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 

Recommended

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
ManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine, Zoho Corporation
 
IPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information securityIPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information securityuselessacclmaoo
 
How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?IT AMC Support Dubai - Techno Edge Systems LLC
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...ManageEngine, Zoho Corporation
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Installing R H E L 5
Installing R H E L 5Installing R H E L 5
Installing R H E L 5monywa
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMPCisco Canada
 
Securing a LANOrganizations often do not have the security built i.docx
Securing a LANOrganizations often do not have the security built i.docxSecuring a LANOrganizations often do not have the security built i.docx
Securing a LANOrganizations often do not have the security built i.docxedmondpburgess27164
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxdanhaley45372
 
JASM Flyer
JASM FlyerJASM Flyer
JASM FlyerNeville Wiles
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba, a Hewlett Packard Enterprise company
 
Lect_11.pptx
Lect_11.pptxLect_11.pptx
Lect_11.pptxARUNC20BCE0294
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfjibinsh
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityHTS Hosting
 
Proof of Concept Guide for ManageEngine OpManager
Proof of Concept Guide for ManageEngine OpManagerProof of Concept Guide for ManageEngine OpManager
Proof of Concept Guide for ManageEngine OpManagerManageEngine, Zoho Corporation
 
Overview and features of NCM
Overview and features of NCMOverview and features of NCM
Overview and features of NCMManageEngine, Zoho Corporation
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docxLab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docxjesseniasaddler
 
40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AIJames '​-- Mckinlay
 
security onion
security onionsecurity onion
security onionBoni Yeamin
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick StartContent Rules, Inc.
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

More Related Content

Similar to Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx

Installing R H E L 5
Installing R H E L 5Installing R H E L 5
Installing R H E L 5monywa
 
Securing a LANOrganizations often do not have the security built i.docx
Securing a LANOrganizations often do not have the security built i.docxSecuring a LANOrganizations often do not have the security built i.docx
Securing a LANOrganizations often do not have the security built i.docxedmondpburgess27164
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxdanhaley45372
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfjibinsh
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityHTS Hosting
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docxLab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docxjesseniasaddler
 
40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AIJames '​-- Mckinlay
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 

Similar to Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx (20)

Installing R H E L 5
Installing R H E L 5Installing R H E L 5
Installing R H E L 5
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Securing a LANOrganizations often do not have the security built i.docx
Securing a LANOrganizations often do not have the security built i.docxSecuring a LANOrganizations often do not have the security built i.docx
Securing a LANOrganizations often do not have the security built i.docx
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
 
JASM Flyer
JASM FlyerJASM Flyer
JASM Flyer
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guide
 
Lect_11.pptx
Lect_11.pptxLect_11.pptx
Lect_11.pptx
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server Security
 
Proof of Concept Guide for ManageEngine OpManager
Proof of Concept Guide for ManageEngine OpManagerProof of Concept Guide for ManageEngine OpManager
Proof of Concept Guide for ManageEngine OpManager
 
Overview and features of NCM
Overview and features of NCMOverview and features of NCM
Overview and features of NCM
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docxLab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
Lab #9 Construct a Linux Host Firewall and Monitor for IP Tra.docx
 
40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI
 
security onion
security onionsecurity onion
security onion
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx

  • 2. OBJECTIVES • Next-Gen IPS technologies • Document covers Firepower deployment of 6.X versions • Firepower managed device inline deployment • Traffic flow through various security features in IPS • Firepower registration to Cisco Firepower Management Center
  • 3. Next-Gen Firewall Below diagram depicts traditional firewall deployment where the firewall protects an organization based on 5 tuples. Firewall can react to traffic until layer 4 . • Source IP • Destination IP • Source port • Destination port • Protocol To protect any traffic on an application level, firewall won’t be of much help. Attacks on application level is growing exponentially. Ex: Command and Control (CnC), reconnaissance, lateral movement, data exfiltration, botnet activities all goes unnoticed. Solution: Next Gen IPS offers a various solution to protect your organization from DNS, URL blacklisting, file blocking, malware protection, IPS etc.…
  • 4.
  • 5. NGIPS ➔ Application layer protection ➔ Packet payloads are examined ➔ Deep packet inspection up to OSI layer 7 ➔ Matches attacks based on signatures ➔ Traffic Analysis ➔ Malware protection ➔ Security Intelligence ➔ Action on App ID / User ID ➔ Suspicious behaviour
  • 6. Firepower Security Policies This is a high-level overview of how a traffic is passed inside Firepower. There are the policies which can be applied to a firepower device • Access Control Policy • Network Access Policy • Intrusion Policy • Anti-Malware and File Protection Policy • SSL Policy • DNS Policy
  • 7.
  • 8. Security Intelligence: First level if filtering based on backlisted IPs, known malicious DNS/URL records, custom DNS/URL records. If a packet is dropped here it is not sent to Access Control Policy for DPI. SSL Policy: If your organization decides to decrypt all outbound/inbound traffic, you can use the SSL policy and use certificate based on your internal PKI distribution. Traffic which is decrypted is sent to ACP and AMP, once the verdict is good – traffic is re-encrypted and sent out. Access Control Policy: Here is where you define all your rules. You can define rules which you don’t want to do DPI by setting action to “trust”. Also, you can define traffic which needs to be inspected with intrusion and malware policy. Intrusion Policy: IPS signature attacks are defined here. SNORT rules are used to block malicious traffic. You can have custom signatures defined or inherit signature database from Cisco. Malware & File Policy: Here you can act to allow/ block certain file types and scan for malware of set of file types which you consider can be infected.
  • 9. Cisco FMC and Firepower Design considerations Consider you have below setup in your company. You wish to integrate NGIPS. Things to consider: • Do not make any routing changes • Do no disrupt configurations on the router and switch Solution: Integrate Firepower physically inline between switch and router.
  • 10. Design: • Break the connection between switch and router. • Connect switch to one interface of Firepower and Router to another interface. • Connect the management port of firepower to your management switch. • Plan to have Firepower and FMC on the same plan.
  • 11.
  • 12. Cisco Firepower configuration • Login to the console of firepower • Enter default username and password – admin/Admin123. Press “Enter” for End User License Agreement (EULA).
  • 13.
  • 14. Type “YES” to continue
  • 15. • Enter the management IP, netmask, gateway, fully qualified domain name as per your design for firepower. Choose Inline deployment
  • 16. • Wait for 1-2 minutes for the firepower to load the settings. Next step would be to configure the manager. Command => configure manager add <fmc_mgmt_ip> <registration_key> You can have registration key set to anything you like. Please do not forget the registration key you use here as this will be used on FMC to add the appliance.
  • 17. NOTE: If you entered wrong info and would like to correct it, you can always reconfigure the network settings using the below command Command => configure network ipv4 manual <firepower_mgmt_ip> <subnet_mask>
  • 18. Execute below command to view the manager you added on firepower
  • 19. Cisco FMC configuration • To add a device on FMC, go to Devices -> Device Management -> click Add -> select Add Device
  • 20. Now in the next screen, click on Access Control Policy dropdown and select new. Give a policy name and set default action to “Intrusion Prevention”
  • 21. Once you have Access Control Policy created, fill in the details of your firepower manager
  • 22. Select the license based on your purchase and requirement Firepower Licensing Protection License IPS, File Control - Detect or block files, Security Intelligence filtering Control License User & Application control, switching & Routing, need to have protection license Malware License AMP, ThreatGrid, requires protection license URL Filtering License URL filtering, categories & reputation, requires protection license
  • 23. • FMC will start the registration process. You should see the status as below • If the details you entered is correct, you should see FMC successfully registering the Firepower • Now login to Firepower and check if the Firepower registration is complete as a verification step
  • 24. Create Inline Set for Firepower  Configure the inline network pair to define the ingress and egress interfaces. These interfaces should be paired to let the Firepower know the packet which enters from one interface should leave the counterpart interface.  Firepower can have multiple interfaces and to pair the interfaces you need to configure the inline sets.  Click the pencil icon the device you just added.  Define the ingress and egress interface by assigning a security zone  Create an inline set for the interface o Note: Failsafe option allows the traffic to bypass the system if the buffers are full. No inspection at this point.  Depending on your needs select the option in the advanced section.  Once the inline set is defined, deploy the config by selecting deploy icon and select the device and click Deploy
  • 25. Health Policy and Platform settings deployment • Health policy applies to FMC querying FTD for health checks. Here you can define if FMC should monitor the interface, CPU, Disk etc. status of Firepower. • Go to -> System -> Health -> Policy -> Create Policy • Please concentrate on the options you have on the left. Based on the health policy you can have alerting configured on FMC to send SNMP traps or emails in case of health check error or warning • Once you have defined the settings as per your needs, click on apply and select the firepower device and click apply • Now, to control the system settings of Firepower go to Device -> Platform Settings -> Create New Policy. • Select the Firepower appliance and move it to the right. • You can change the available settings as per your needs and click save • Deploy the policy the device