Home Page Icon
Home Page
Table of Contents for
Cover Page
Close
Cover Page
by Aaron Woland, Panos Kampanakis, Omar Santos
Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP
About This E-Book
Title Page
Copyright Page
About the Authors
About the Technical Reviewers
Dedications
Acknowledgments
Contents at a Glance
Contents
Introduction
Who Should Read This Book?
How This Book Is Organized
Command Syntax Conventions
Chapter 1. Fundamentals of Cisco Next-Generation Security
The New Threat Landscape and Attack Continuum
The Attack Continuum
Cisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA with FirePOWER Services
Cisco Firepower Threat Defense (FTD)
Cisco Firepower 4100 Series
Cisco Firepower 9300 Series
Cisco FTD for Cisco Integrated Services Routers (ISRs)
Next-Generation Intrusion Prevention Systems (NGIPS)
Firepower Management Center
AMP for Endpoints
AMP for Networks
AMP Threat Grid
Email Security Overview
Email Security Appliance
Cloud Email Security
Cisco Hybrid Email Security
Web Security Overview
Web Security Appliance
Cisco Security Management Appliance
Cisco Cloud Web Security (CWS)
Cisco Identity Services Engine (ISE)
Cisco Meraki Cloud-Managed MDM
Cisco Meraki Cloud-Managed Security Appliances
Cisco VPN Solutions
Summary
Chapter 2. Introduction to and Design of Cisco ASA with FirePOWER Services
Introduction to Cisco ASA FirePOWER Services
Inline versus Promiscuous Mode
Inline Mode
Promiscuous Monitor-Only Mode
Cisco ASA FirePOWER Management Options
Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances
Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances
Cisco ASA FirePOWER Services Sizing
Cisco ASA FirePOWER Services Licensing
The Protection License
The Control License
The URL Filtering License
The Malware License
Viewing the Installed Cisco ASA FirePOWER Module Licenses
Adding a License to the Cisco ASA FirePOWER Module
Cisco ASA FirePOWER Compatibility with Other Cisco ASA Features
Cisco ASA FirePOWER Packet Processing Order of Operations
Cisco ASA FirePOWER Services and Failover
What Happens When the Cisco ASA FirePOWER Module Fails?
Cisco ASA FirePOWER Services and Clustering
Cluster Member Election
How Connections Are Established and Tracked in a Cluster
Deploying the Cisco ASA FirePOWER Services in the Internet Edge
Deploying the Cisco ASA FirePOWER Services in VPN Scenarios
Deploying Cisco ASA FirePOWER Services in the Data Center
Firepower Threat Defense (FTD)
Summary
Chapter 3. Configuring Cisco ASA with FirePOWER Services
Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5585-X Appliances
Installing the Boot Image and Firepower System Software in the Cisco ASA 5585-X SSP
Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5500-X Appliances
Installing the Boot Image and Firepower System Software in the SSD of Cisco ASA 5500-X Appliances
Configuring of Cisco ASA 5506-X, 5508-X, and 5516-X Appliances
Uploading ASDM
Setting Up the Cisco ASA to Allow ASDM Access
Accessing the ASDM
Setting Up a Device Name and Passwords
Configuring an Interface
Configuring the Cisco ASA to Redirect Traffic to the Cisco ASA FirePOWER Module
Configuring the Cisco ASA FirePOWER Module for the FMC
Configuring the Cisco ASA FirePOWER Module Using the ASDM
Configuring Access Control Policies
Configuring Intrusion Policies
Configuring File Policies
Reusable Object Management
Keeping the Cisco FirePOWER Module Up-to-Date
Firepower Threat Defense
Installing FTD Boot Image and Software
FTD Firewall Mode
FTD Interface Types
FTD Security Zones
Static and Dynamic Routing in FTD
Summary
Chapter 4. Troubleshooting Cisco ASA with FirePOWER Services and Firepower Threat Defense (FTD)
Useful show Commands
Displaying the Access Control Policy Details
Displaying the Network Configuration
Monitoring Storage Usage
Analyzing Running Processes
Using the System Log (Syslog)
Monitoring and Troubleshooting System Tasks
Generating Advanced Troubleshooting Logs
Useful ASA Debugging Commands
Summary
Chapter 5. Introduction to and Architecture of Cisco AMP
Introduction to Advanced Malware Protection (AMP)
Role of the AMP Cloud
Doing Security Differently
The Prevention Framework
The Retrospective Framework
The Cloud
Private Cloud
Cloud Proxy Mode
Air Gap Mode
Installing the Cisco AMP Private Cloud
Summary
Chapter 6. Cisco AMP for Networks
Introduction to Advanced Malware Protection (AMP) for Networks
What Is That Manager Called, Anyway?
Form Factors
What Does AMP for Networks Do?
Where Are the AMP Policies?
Summary
Chapter 7. Cisco AMP for Content Security
Introduction to AMP for Content Security
Content Security Connectors
Configuring Cisco AMP for Content Security
Configuring the Web Security Appliance (WSA) for AMP
Configuring the Email Security Appliance (ESA) for AMP
AMP Reports
Summary
Chapter 8. Cisco AMP for Endpoints
Introduction to AMP for Endpoints
What Is AMP for Endpoints?
Connections to the AMP Cloud
Firewalls, Destinations, and Ports, Oh My!
Outbreak Control
Custom Detections
Application Control
Exclusion Sets
The Many Faces of AMP for Endpoints
AMP for Windows
Windows Policies
Known Incompatible Software
AMP for Mac
MAC Policies
AMP for Linux
Linux Policies
AMP for Android
Installing AMP for Endpoints
Groups, Groups, and More Groups
Download Connector
Distributing via Cisco AnyConnect
Installing AMP for Windows
Installing AMP for Mac
Installing AMP for Linux
Installing AMP for Android
Proxy Complications
Proxy Server Autodetection
Incompatible Proxy Security Configurations
Using the Cloud Console
Summary
Chapter 9. AMP Threat Grid: Malware Analysis and Threat Intelligence
Cisco AMP Threat Grid
Cisco AMP Threat Grid Cloud Solution
Cisco AMP Threat Grid On-Premises Appliance
Default Users
Network Segment Configuration
Summary
Chapter 10. Introduction to and Deployment of Cisco Next-Generation IPS
NGIPS Basics
Legacy IPS Versus NGIPS
Cisco NGIPS Capabilities
NGIPS Modes
NGIPS Deployment Locations and Scenarios
NGIPS Deployment Design Considerations
Threat Management and System Capabilities
Flow Handling
Scale and Availability
Management Platform Integration
Licensing and Cost
NGIPS Deployment Lifecycle
Policy Definition
Product Selection and Planning
Implementation and Operation
Evaluation and Control
Summary
Chapter 11. Configuring Cisco Next-Generation IPS
Policy
Policy Layers
Variables
Configuring a Cisco Firepower Intrusion Policy
Committing a Policy
Snort Rules
Rule Anatomy
Writing a Rule
Managing Snort Rules in FMC
Cisco NGIPS Preprocessors
Firepower Recommendations
Performance Settings
Stack/Cluster
Summary
Chapter 12. Reporting and Troubleshooting with Cisco Next-Generation IPS
Analysis
Intrusion Events
Reports
Incidents
Alerts
Correlation Policies
Troubleshooting
Audit
Health Monitoring
Syslogs
Summary
Index
Code Snippets
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
About This E-Book
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset