SlideShare ist ein Scribd-Unternehmen logo

Cisco ASA Firepower

Als PPTX, PDF herunterladen
Anwesh Dixit
Anwesh Dixit

Cisco ASA firewall with Firepower Module

Technologie
1 von 36
Firepower Module
• The ASA Firepower module supplies next-generation firewall services, including Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP).You can use the module in single or multiple context mode, and in routed or transparent mode. • The module is also known as ASA SFR. • Although the module has a basic command line interface (CLI) for initial configuration and troubleshooting, you configure the security policy on the device using a separate application, Firesight Management Center, which can be hosted on a separate Firesight Management Center appliance or as a virtual appliance running on a VMware server. (Firesight Management Center is also known as Defense Center.) • For ASA Firepower running on ASA 5506-X devices, you can optionally configure the device using ASDM rather than Firesight Management Center
• In inline mode, traffic goes through the firewall checks before being forwarded to the ASA Firepower module. When you identify traffic for ASA Firepower inspection on the ASA, traffic flows through the ASA and the module as follows: • 1. Traffic enters the ASA. • 2. Incoming VPN traffic is decrypted. • 3. Firewall policies are applied. • 4. Traffic is sent to the ASA Firepower module. • 5. The ASA Firepower module applies its security policy to the traffic, and takes appropriate actions. • 6. Valid traffic is sent back to the ASA; the ASA Firepower module might block some traffic according to its security policy, and that traffic is not passed on. • 7. Outgoing VPN traffic is encrypted. • 8. Traffic exits the ASA.
• This mode sends a duplicate stream of traffic to the ASA Firepower module for monitoring purposes only. The module applies the security policy to the traffic and lets you know what it would have done if it were operating in inline mode; for example, traffic might be marked “would have dropped” in events. You can use this information for traffic analysis and to help you decide if inline mode is desirable.
• ASA Firepower module as a pure Intrusion Detection System (IDS), where there is no impact on the traffic at all, we can configure a traffic forwarding interface. A traffic forwarding interface sends all received traffic directly to the ASA Firepower module without any ASA processing. • The module applies the security policy to the traffic and lets you know what it would have done if it were operating in inline mode; for example, traffic might be marked “would have dropped” in events. You can use this information for traffic analysis and to help you decide if inline mode is desirable. • Traffic in this setup is never forwarded: neither the module nor the ASA sends the traffic on to its ultimate destination. You must operate the ASA in single context and transparent modes to use this configuration
• 1. Enter the CLI of the ASA. • If any other module is installed, 1st uninstall it like below. • hostname# sw-module module ips shutdown hostname# sw-module module ips uninstall hostname# reload • Then install the SFR initial image from the below command. • hostname# sw-module module sfr recover configure image disk0:file_path hostname# sw-module module sfr recover configure image disk0:asasfr-5500x- boot-5.3.1-58.img (if not there in the ASA by default, install from the Cisco site and upload to the ASA in disk0) • 2. Load the image using: • hostname# sw-module module sfr recover boot • Once that is done, Session to the image to get the Sourcefire command line (login in with user admin and password Admin123) • hostname# session sfr console • Type setup and configure the basic settings and then install the system package of Sourcefire using. • system install tftp://IP-addr/asasfr-sys-5.3.1-44.pkg • (Download the package and keep it ready to be uploaded from the tftp or the ftp or the http)
• • 3. Once done, session to the Sourcefire within ASA console using session sfr in the ASA command line. Login with the user admin and password Sourcefire. Complete the system configuration. • Specify the Firesight management IP address (installation process below) using the following command. Note you need the IP address and the key. You will need this later when you add this to the Firesight management. Configure manager add <ip address> <KEY> • At this point, all future steps are done within the Firesight management. • 4. Now you need to build the Firesight management. You will need to download Virtual Firesight / Defense center for VMWare, which will be a .tar.gz files. Have to unzip the .gz followed by untaring it. You should end up with a .vmdk file. Deploy the .OVF file in ESXI and set basic network configuration. • Once the OVA is deployed, open the console and login with admin and Sourcefire and give the below command to set the IP and the gateway and then access from the browser. • sudo /usr/local/sf/bin/configure-network
• 5. The ASA with Sourcefire has 4 license offerings to be installed under System->Licenses. • Go to System Licenses Add new License • Take the license key from here and put it on the cisco license portal and generate it on your given PAK and then apply it. • 6. At this point, you should be able to add the Firepower services from the ASA. Go in the management GUI to Devices->Device Management, click the Add button and select Add Device. You will be asked to give the IP address of the Sourcefire IP inside the ASA and the key you made up for the Registration Key spot. You can check which licenses you want to apply assuming you loaded some in prior to this and click add.
• 7. There are other steps to setting up FireSIGHT such as building access control policies, enabling network discovery to see what’s on the network and so on (discovery found under Policies-> Network Discovery then adding a rule to specify the entire network). Before doing that, you should go back to your ASA and configure traffic to redirect through the firepower component of the ASA. • NOTE: Without redirecting traffic through Sourcefire, the ASA will just act as a firewall meaning traffic will not be seen by the Sourcefire software inside.
• 8. Access ASDM and select Configuration > Firewall > Service Policy Rules. Next select Add > Add Service Policy Rule. Click Next. The Add Service Policy Rule Wizard – Traffic Classification Criteria dialog box appears. Provide the basic info and on the next page select the ASA Firepower Inspection tab. check the Enable ASA Firepower for this traffic flow check box. Select if you want to permit traffic if Sourcefire fails. Click finish. • Alternatively you can use the below commands from the ASA CLI to redirect the specific or all the traffic to the DC. • Class-map global-class • Match any • policy-map global_policy • Class global-class • sfr fail-open
• A. Download link for the SFR user agent: Link • 1. Download the User Agent setup file (Sourcefire_User_Agent_2.2- 9_Setup.zip) from the Support Site. • 2. Copy the setup file to the Windows computer where you want to install the agent and unpack the file. The agent requires 3 MB free on the hard drive for installation. Cisco recommends you allocate 4 GB on the hard drive for the agent local database. • 3. Open the setup executable file (Sourcefire_User_Agent_2.2- 9_Setup.exe). • 4. If you do not have both Microsoft .NET Framework Version 4.0 Client Profile and SQL CE Version 3.5 installed on the Windows computer where you install the agent, you are prompted to download the appropriate files. Download and install the files. • 5. Follow the prompts in the wizard to install the agent. • You can install an agent on any Microsoft Windows Vista, Microsoft Windows 7, Microsoft Windows 8, and Microsoft Windows Server 2003, Microsoft Windows Server 2008, or Microsoft Windows Server 2012 computer with TCP/IP access to the Microsoft Active Directory servers you want to monitor. You can also install on an Active Directory server running one of the supported operating systems.
• B. After the user agent is installed on your AD perform the below steps for the UA to receive the data and send to DC. • 1. To verify the Active Directory server is logging login data: • a. On the Active Directory server, select Start > All Programs > Administrative Tools > Event Viewer. • b. Select Windows Logs > Security. If logging is enabled, the Security log displays. • c. If logging is disabled, see http://technet.microsoft.com/en- us/library/cc779487(v=ws.10).aspx for information on enabling security logging.
• 2. To allow the agent to communicate with the Active Directory server: • a) Enable the Remote Administration firewall rule on the Active Directory server. You have the following options: • b) If the Active Directory server is running Windows Server 2003, see • http://technet.microsoft.com/en- us/library/cc738900%28v=ws.10%29.aspx for more information. • c) If the Active Directory server is running Windows Server 2008 or Windows Server 2012, see • http://msdn.microsoft.com/en- us/library/aa822854%28VS.85%29.aspx for more information.
• 3. To grant the agent permission to retrieve login data: • a) Enable RPC on the Active Directory server for the user. You have the following options: • If the Active Directory server is running Windows Server 2008 R2 or Windows Server 2012, and the user is not a member of the Administrators group, grant the user DCOM remote access, remote launch, and activation permissions. See http://msdn.microsoft.com/en-us/library/Aa393266.aspx for more information. • b) If the Active Directory server is running any other supported version of Microsoft Windows, RPC is already enabled.
• 4. To grant the agent permission to retrieve logoff data: • a) Grant the created user Administrator privileges to ensure the user can log into all workstations that authenticate against the Active Directory server. • 5. To grant the agent permission to access the security logs: • a) Grant the created user full permissions to the WMI Root/CIMV2 namespace on the Active Directory server. See http://technet.microsoft.com/en- us/library/cc787533%28v=WS.10%29.aspx for more information. • 6. Enable the below said option. • a. Windows Settings > Security Settings > Local Policy Configuration > Audit Policy > Audit Logon/Logoff > Success • b. Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policy > Audit Logon/Logoff > Success • Note: After all the changes- Update the group policy.
• 1. Open the UA window.
• 2. Go to AD servers and add your AD. If the UA is installed in the AD then give localhost as the IP otherwise give the real IP address of the AD and login details.
• 3. On the Sourcefire DC Tab add the DC IP.
• 4. Tick show debug and log messages option and save.
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower
Cisco ASA Firepower

Empfohlen

01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 

Empfohlen

01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-reviewRayan Darine
 
FortiWeb
FortiWebFortiWeb
FortiWebAlireza Akrami
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licensesMostafa El Lathy
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewallmohannadalhanahnah
 
7 palo alto security zones &amp; interfaces concepts
7 palo alto security zones &amp; interfaces concepts7 palo alto security zones &amp; interfaces concepts
7 palo alto security zones &amp; interfaces conceptsMostafa El Lathy
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma AccessHaris Chughtai
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentBangladesh Network Operators Group
 

Weitere ähnliche Inhalte

Was ist angesagt?

Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
7 palo alto security zones &amp; interfaces concepts
7 palo alto security zones &amp; interfaces concepts7 palo alto security zones &amp; interfaces concepts
7 palo alto security zones &amp; interfaces conceptsMostafa El Lathy
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma AccessHaris Chughtai
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 

Was ist angesagt? (20)

Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
FortiWeb
FortiWebFortiWeb
FortiWeb
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon Library
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
7 palo alto security zones &amp; interfaces concepts
7 palo alto security zones &amp; interfaces concepts7 palo alto security zones &amp; interfaces concepts
7 palo alto security zones &amp; interfaces concepts
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guide
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 

Ähnlich wie Cisco ASA Firepower

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesSarah Tao
 
Paladin Quick Start Guide
Paladin Quick Start GuidePaladin Quick Start Guide
Paladin Quick Start Guidehanniw79
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationLinh Nguyen
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Bangalore OpenMSA DevDay - September 19, 2018
Bangalore OpenMSA DevDay - September 19, 2018Bangalore OpenMSA DevDay - September 19, 2018
Bangalore OpenMSA DevDay - September 19, 2018UBiqube
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Prasad Mukhedkar
 
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxCisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxzachdwg
 
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsShapeBlue
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 

Ähnlich wie Cisco ASA Firepower (20)

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guide
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
System Client Details
System Client DetailsSystem Client Details
System Client Details
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x series
 
Paladin Quick Start Guide
Paladin Quick Start GuidePaladin Quick Start Guide
Paladin Quick Start Guide
 
Creating templates
Creating templatesCreating templates
Creating templates
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
 
Avanan Platform.pdf
Avanan Platform.pdfAvanan Platform.pdf
Avanan Platform.pdf
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Bangalore OpenMSA DevDay - September 19, 2018
Bangalore OpenMSA DevDay - September 19, 2018Bangalore OpenMSA DevDay - September 19, 2018
Bangalore OpenMSA DevDay - September 19, 2018
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
 
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxCisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx
 
SCCM 2019 Demo.pptx
SCCM 2019 Demo.pptxSCCM 2019 Demo.pptx
SCCM 2019 Demo.pptx
 
Client deployment
Client deploymentClient deployment
Client deployment
 
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 

Kürzlich hochgeladen

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Kürzlich hochgeladen (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Cisco ASA Firepower

  • 2. • The ASA Firepower module supplies next-generation firewall services, including Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP).You can use the module in single or multiple context mode, and in routed or transparent mode. • The module is also known as ASA SFR. • Although the module has a basic command line interface (CLI) for initial configuration and troubleshooting, you configure the security policy on the device using a separate application, Firesight Management Center, which can be hosted on a separate Firesight Management Center appliance or as a virtual appliance running on a VMware server. (Firesight Management Center is also known as Defense Center.) • For ASA Firepower running on ASA 5506-X devices, you can optionally configure the device using ASDM rather than Firesight Management Center
  • 3. • In inline mode, traffic goes through the firewall checks before being forwarded to the ASA Firepower module. When you identify traffic for ASA Firepower inspection on the ASA, traffic flows through the ASA and the module as follows: • 1. Traffic enters the ASA. • 2. Incoming VPN traffic is decrypted. • 3. Firewall policies are applied. • 4. Traffic is sent to the ASA Firepower module. • 5. The ASA Firepower module applies its security policy to the traffic, and takes appropriate actions. • 6. Valid traffic is sent back to the ASA; the ASA Firepower module might block some traffic according to its security policy, and that traffic is not passed on. • 7. Outgoing VPN traffic is encrypted. • 8. Traffic exits the ASA.
  • 4. • This mode sends a duplicate stream of traffic to the ASA Firepower module for monitoring purposes only. The module applies the security policy to the traffic and lets you know what it would have done if it were operating in inline mode; for example, traffic might be marked “would have dropped” in events. You can use this information for traffic analysis and to help you decide if inline mode is desirable.
  • 5. • ASA Firepower module as a pure Intrusion Detection System (IDS), where there is no impact on the traffic at all, we can configure a traffic forwarding interface. A traffic forwarding interface sends all received traffic directly to the ASA Firepower module without any ASA processing. • The module applies the security policy to the traffic and lets you know what it would have done if it were operating in inline mode; for example, traffic might be marked “would have dropped” in events. You can use this information for traffic analysis and to help you decide if inline mode is desirable. • Traffic in this setup is never forwarded: neither the module nor the ASA sends the traffic on to its ultimate destination. You must operate the ASA in single context and transparent modes to use this configuration
  • 6. • 1. Enter the CLI of the ASA. • If any other module is installed, 1st uninstall it like below. • hostname# sw-module module ips shutdown hostname# sw-module module ips uninstall hostname# reload • Then install the SFR initial image from the below command. • hostname# sw-module module sfr recover configure image disk0:file_path hostname# sw-module module sfr recover configure image disk0:asasfr-5500x- boot-5.3.1-58.img (if not there in the ASA by default, install from the Cisco site and upload to the ASA in disk0) • 2. Load the image using: • hostname# sw-module module sfr recover boot • Once that is done, Session to the image to get the Sourcefire command line (login in with user admin and password Admin123) • hostname# session sfr console • Type setup and configure the basic settings and then install the system package of Sourcefire using. • system install tftp://IP-addr/asasfr-sys-5.3.1-44.pkg • (Download the package and keep it ready to be uploaded from the tftp or the ftp or the http)
  • 7. • • 3. Once done, session to the Sourcefire within ASA console using session sfr in the ASA command line. Login with the user admin and password Sourcefire. Complete the system configuration. • Specify the Firesight management IP address (installation process below) using the following command. Note you need the IP address and the key. You will need this later when you add this to the Firesight management. Configure manager add <ip address> <KEY> • At this point, all future steps are done within the Firesight management. • 4. Now you need to build the Firesight management. You will need to download Virtual Firesight / Defense center for VMWare, which will be a .tar.gz files. Have to unzip the .gz followed by untaring it. You should end up with a .vmdk file. Deploy the .OVF file in ESXI and set basic network configuration. • Once the OVA is deployed, open the console and login with admin and Sourcefire and give the below command to set the IP and the gateway and then access from the browser. • sudo /usr/local/sf/bin/configure-network
  • 8. • 5. The ASA with Sourcefire has 4 license offerings to be installed under System->Licenses. • Go to System Licenses Add new License • Take the license key from here and put it on the cisco license portal and generate it on your given PAK and then apply it. • 6. At this point, you should be able to add the Firepower services from the ASA. Go in the management GUI to Devices->Device Management, click the Add button and select Add Device. You will be asked to give the IP address of the Sourcefire IP inside the ASA and the key you made up for the Registration Key spot. You can check which licenses you want to apply assuming you loaded some in prior to this and click add.
  • 9.
  • 10. • 7. There are other steps to setting up FireSIGHT such as building access control policies, enabling network discovery to see what’s on the network and so on (discovery found under Policies-> Network Discovery then adding a rule to specify the entire network). Before doing that, you should go back to your ASA and configure traffic to redirect through the firepower component of the ASA. • NOTE: Without redirecting traffic through Sourcefire, the ASA will just act as a firewall meaning traffic will not be seen by the Sourcefire software inside.
  • 11. • 8. Access ASDM and select Configuration > Firewall > Service Policy Rules. Next select Add > Add Service Policy Rule. Click Next. The Add Service Policy Rule Wizard – Traffic Classification Criteria dialog box appears. Provide the basic info and on the next page select the ASA Firepower Inspection tab. check the Enable ASA Firepower for this traffic flow check box. Select if you want to permit traffic if Sourcefire fails. Click finish. • Alternatively you can use the below commands from the ASA CLI to redirect the specific or all the traffic to the DC. • Class-map global-class • Match any • policy-map global_policy • Class global-class • sfr fail-open
  • 12. • A. Download link for the SFR user agent: Link • 1. Download the User Agent setup file (Sourcefire_User_Agent_2.2- 9_Setup.zip) from the Support Site. • 2. Copy the setup file to the Windows computer where you want to install the agent and unpack the file. The agent requires 3 MB free on the hard drive for installation. Cisco recommends you allocate 4 GB on the hard drive for the agent local database. • 3. Open the setup executable file (Sourcefire_User_Agent_2.2- 9_Setup.exe). • 4. If you do not have both Microsoft .NET Framework Version 4.0 Client Profile and SQL CE Version 3.5 installed on the Windows computer where you install the agent, you are prompted to download the appropriate files. Download and install the files. • 5. Follow the prompts in the wizard to install the agent. • You can install an agent on any Microsoft Windows Vista, Microsoft Windows 7, Microsoft Windows 8, and Microsoft Windows Server 2003, Microsoft Windows Server 2008, or Microsoft Windows Server 2012 computer with TCP/IP access to the Microsoft Active Directory servers you want to monitor. You can also install on an Active Directory server running one of the supported operating systems.
  • 13. • B. After the user agent is installed on your AD perform the below steps for the UA to receive the data and send to DC. • 1. To verify the Active Directory server is logging login data: • a. On the Active Directory server, select Start > All Programs > Administrative Tools > Event Viewer. • b. Select Windows Logs > Security. If logging is enabled, the Security log displays. • c. If logging is disabled, see http://technet.microsoft.com/en- us/library/cc779487(v=ws.10).aspx for information on enabling security logging.
  • 14. • 2. To allow the agent to communicate with the Active Directory server: • a) Enable the Remote Administration firewall rule on the Active Directory server. You have the following options: • b) If the Active Directory server is running Windows Server 2003, see • http://technet.microsoft.com/en- us/library/cc738900%28v=ws.10%29.aspx for more information. • c) If the Active Directory server is running Windows Server 2008 or Windows Server 2012, see • http://msdn.microsoft.com/en- us/library/aa822854%28VS.85%29.aspx for more information.
  • 15. • 3. To grant the agent permission to retrieve login data: • a) Enable RPC on the Active Directory server for the user. You have the following options: • If the Active Directory server is running Windows Server 2008 R2 or Windows Server 2012, and the user is not a member of the Administrators group, grant the user DCOM remote access, remote launch, and activation permissions. See http://msdn.microsoft.com/en-us/library/Aa393266.aspx for more information. • b) If the Active Directory server is running any other supported version of Microsoft Windows, RPC is already enabled.
  • 16. • 4. To grant the agent permission to retrieve logoff data: • a) Grant the created user Administrator privileges to ensure the user can log into all workstations that authenticate against the Active Directory server. • 5. To grant the agent permission to access the security logs: • a) Grant the created user full permissions to the WMI Root/CIMV2 namespace on the Active Directory server. See http://technet.microsoft.com/en- us/library/cc787533%28v=WS.10%29.aspx for more information. • 6. Enable the below said option. • a. Windows Settings > Security Settings > Local Policy Configuration > Audit Policy > Audit Logon/Logoff > Success • b. Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policy > Audit Logon/Logoff > Success • Note: After all the changes- Update the group policy.
  • 17. • 1. Open the UA window.
  • 18. • 2. Go to AD servers and add your AD. If the UA is installed in the AD then give localhost as the IP otherwise give the real IP address of the AD and login details.
  • 19. • 3. On the Sourcefire DC Tab add the DC IP.
  • 20. • 4. Tick show debug and log messages option and save.