Contenido de un vistazo

Introduction xxv

Part I Troubleshooting and Administration of

Hardware Platform

Chapter 1 Introduction to the Cisco Firepower Technology

Chapter 2 FTD on ASA 5500-X Series Hardware

Chapter 3 FTD on the Firepower eXtensible Operating System (FXOS)

Chapter 4 Firepower Management Center (FMC) Hardware

Chapter 5 Firepower System Virtual on VMware

Part II Troubleshooting and Administration of Initial Deployment

Chapter 6 The Firepower Management Network

Chapter 7 Firepower Licensing and Registration

Chapter 8 Firepower Deployment in Routed Mode

Chapter 9 Firepower Deployment in Transparent Mode

Part III Troubleshooting and Administration of Traffic Control

Chapter 10 Capturing Traffic for Advanced Analysis

Chapter 11 Blocking Traffic Using Inline Interface Mode

Chapter 12 Inspecting Traffic Without Blocking It

Chapter 13 Handling Encapsulated Traffic

Chapter 14 Bypassing Inspection and Trusting Traffic

Chapter 15 Rate Limiting Traffic

Part IV Troubleshooting and Administration of Next-Generation

Security Features

Chapter 16 Blacklisting Suspicious Addresses by Using Security Intelligence

Chapter 17 Blocking a Domain Name System (DNS) Query

Chapter 18 Filtering URLs Based on Category, Risk, and Reputation Chapter 19 Discovering Network Applications and Controlling application Traffic

Chapter 20 Controlling File Transfer and Blocking the Spread of Malware

Chapter 21 Preventing Cyber Attacks by Blocking Intrusion Attempts

Chapter 22 Masquerading the Original IP Address of an Internal Network Host

Appendixes

Appendix A Answers to the Review Questions

Appendix B Generating and Collecting Troubleshooting Files Using the GUI

Appendix C Generating and Collecting Troubleshooting Files Using the CLI

Index

Contents

Introduction xxv

Part I Troubleshooting and Administration of Hardware Platform

Chapter 1 Introduction to the Cisco Firepower Technology 1

History of Sourcefire

Evolution of Firepower

FirePOWER Versus Firepower

Firepower Threat Defense (FTD)

FirePOWER Service Versus Firepower Threat Defense (FTD)

Firepower System Software Components

Firepower System Hardware Platforms

Firepower Accessories

Summary

Chapter 2 FTD on ASA 5500-X Series Hardware

ASA Reimaging Essentials

Best Practices for FTD Installation on ASA Hardware

Installing and Configuring FTD

Fulfilling Prerequisites

Upgrading Firmware

Installing the Boot Image

Installing the System Software

Verification and Troubleshooting Tools

Navigating to the FTD CLI

Determining the Version of Installed Software

Determining the Free Disk Space on ASA Hardware

Deleting a File from a Storage Device

Determining the Availability of Any Storage Device or SSD

Determining the Version of the ROMMON Software or Firmware

Summary

Quiz

Chapter 3 FTD on the Firepower eXtensible Operating System (FXOS)

Firepower 9300 and 4100 Series Essentials

Architecture

Software Images

Firepower Extensible Operating System (FXOS) FTD Software

Firmware

Web User Interfaces

Best Practices for FTD Installation on Firepower Hardware

Installing and Configuring FTD

Fulfilling Prerequisites

Deleting Any Existing Logical Devices

Upgrading the FXOS Software

Enabling Interfaces

Installing FTD

Uploading the FTD Software Image

Adding a Logical Device for FTD

Completing the Initialization of FTD

Verification and Troubleshooting Tools

Navigating to the FTD CLI

Verifying the FXOS Software

Verifying the Status of a Security Application

Verifying the Security Modules, Adapters, and Switch Fabric

Verifying the Hardware Chassis

Verifying the Power Supply Unit (PSU) Modules

Verifying the Fan Modules

Summary

Quiz

Chapter 4 Firepower Management Center (FMC) Hardware

FMC Component Essentials

On-Box Managers

Off-Box Managers

Cisco Integrated Management Controller (CIMC)

Internal USB Storage for the System_Restore Image

User Interfaces

Best Practices for FMC Reimage

Pre-installation Best Practices

Post-installation Best Practices

Installing and Configuring the FMC

Fulfilling Prerequisites

Configuration Steps Step 1: Load the System_Restore Image

Step 2: Configure the Network Settings

Step 3: Choose a Transport Protocol

Step 4: Download and Mount an ISO File

Step 5: Run the Installation

Step 6: Initialize the System

Verification and Troubleshooting Tools

Identifying the FMC on a Rack

Determining the Hardware and Software Details of the FMC

Determining the RAID Battery Status

Determining the Status of a Power Supply Unit (PSU)

Checking Logs on the CLI

Enabling Alerts on the GUI

Performing a Complete Power Cycle

PSU Checklist

Verifying the Fans

Summary

Quiz

Chapter 5 Firepower System Virtual on VMware

FMC and FTD Virtual Essentials

Supported Virtual Environments

ESXi Versus VI

VMware Installation Package in a Tarball

Disk Provisioning Options

Best Practices for Firepower Virtual Appliance Deployment

Pre-deployment Best Practices

Post-deployment Best Practices

Installing and Configuring a Firepower Virtual Appliance

Fulfilling Prerequisites

Creating a Virtual Network

Creating a Network for FMC Virtual

Creating a Network for FTD Virtual

Using Promiscuous Mode

Deploying an OVF Template

Initializing an Appliance

Initializing an FMC Virtual Appliance

Initializing an FTD Virtual Appliance

Verification and Troubleshooting Tools

Determining the Status of Allocated Resources

Determining the Status of a Network Adapter

Upgrading a Network Adapter

Summary

Quiz

Part II Troubleshooting and Administration of Initial Deployment

Chapter 6 The Firepower Management Network

Firepower System Management Network Essentials

The FTD Management Interface

Designing a Firepower Management Network

Best Practices for Management Interface Configuration

Configuring a Management Network on FMC Hardware

Configuration Options

Using the GUI During the First Login

Using the GUI On Demand

Using the Command-Line Interface

Verification and Troubleshooting Tools

Configuring a Management Network on ASA Hardware

Configuration

Verification and Troubleshooting Tools

Configuring a Management Network on a Firepower Security Appliance

Configuring the FXOS Management Interface

Verification of the FXOS Management Interface Configuration

Configuring the FTD Management Interface

Verification of the FTD Management Interface Configuration

Summary

Quiz

Chapter 7 Firepower Licensing and Registration

Licensing Essentials

The Smart Licensing Architecture

Cisco Smart Software Manager (CSSM)

CSSM Satellite

Firepower Licenses

Best Practices for Licensing and Registration

Licensing a Firepower System

Licensing Configuration

Evaluation Mode

Registering with the CSSM

Verifying a Smart License Issue

Registering a Firepower System

Registration Configuration

Setting Up FTD

Setting Up the FMC

Verifying the Registration and Connection

Analyzing the Encrypted SFTunnel

Summary

Quiz

Chapter 8 Firepower Deployment in Routed Mode

Routed Mode Essentials

Best Practices for Routed Mode Configuration

Configuring Routed Mode

Fulfilling Prerequisites

Configuring the Firewall Mode

Configuring the Routed Interface

Configuring an Interface with a Static IP Address

DHCP Services

FTD as a DHCP Server

FTD as a DHCP Client

Verification and Troubleshooting Tools

Verifying the Interface Configuration

Verifying DHCP Settings

Summary

Quiz

Chapter 9 Firepower Deployment in Transparent Mode

Transparent Mode Essentials

Best Practices for Transparent Mode

Configuring Transparent Mode

Fulfilling Prerequisites

Changing the Firewall Mode

Deploying Transparent Mode in a Layer 2 Network

Configuring the Physical and Virtual Interfaces

Verifying the Interface Status

Verifying Basic Connectivity and Operations

Deploying an FTD Device Between Layer 3 Networks

Selecting the Default Action

Adding an Access Rule

Creating an Access Rule for SSH

Verifying Access Control Lists

Summary

Quiz

Part III Troubleshooting and Administration of Traffic Control

Chapter 10 Capturing Traffic for Advanced Analysis

Traffic Capture Essentials

Best Practices for Capturing Traffic

Configuring Firepower System for Traffic Analysis

Capturing Traffic from a Firepower Engine

tcpdump Options

Downloading a .pcap File Generated by Firepower Engine

Capturing Traffic from the Firewall Engine

Downloading a .pcap File Generated by Firewall Engine

Enabling HTTP Service in FTD

Capturing Traffic from the FMC

Downloading a .pcap File Generated by FMC

Verification and Troubleshooting Tools

Adding an Access Rule to Block ICMP Traffic

Analyzing the Traffic Flow by Using a Block Rule

Packet Processing by an Interface

Summary

Quiz

Chapter 11 Blocking Traffic Using Inline Interface Mode

Inline Mode Essentials

Inline Mode Versus Passive Mode

Inline Mode Versus Transparent Mode

Tracing a Packet Drop

Best Practices for Inline Mode Configuration

Configuring Inline Mode

Fulfilling Prerequisites

Creating an Inline Set

Verifying the Configuration

Verifying Packet Flow by Using packet-tracer

Verifying Packet Flow by Using Real Packet Capture

Enabling Fault Tolerance Features

Configuring Fault Tolerance Features

Verifying Fault Tolerance Features

Blocking a Specific Port

Configuring Blocking a Specific Port

Verifying Blocking of a Specific Port

Analyzing a Packet Drop by Using a Simulated Packet

Analyzing a Packet Drop by Using a Real Packet

Summary

Quiz

Chapter 12 Inspecting Traffic Without Blocking It

Traffic Inspection Essentials

Passive Monitoring Technology

Inline Versus Inline Tap Versus Passive

Best Practices for Detection-Only Deployment

Fulfilling Prerequisites

Inline Tap Mode

Configuring Inline Tap Mode

Verifying an Inline Tap Mode Configuration

Passive Interface Mode

Configuring Passive Interface Mode

Configuring Passive Interface Mode on an FTD Device

Configuring a SPAN Port on a Switch

Verifying a Passive Interface Mode Configuration

Analyzing Traffic Inspection Operation

Analyzing a Connection Event with a Block Action

Analyzing Live Traffic

Analyzing a Simulated Packet

Analyzing an Intrusion Event with an Inline Result

Summary

Quiz

Chapter 13 Handling Encapsulated Traffic

Encapsulation and Prefilter Policy Essentials

Best Practices for Adding a Prefilter Rule

Fulfilling Prerequisites

Transferring and Capturing Traffic on the Firewall Engine

Scenario 1: Analyzing Encapsulated Traffic

Configuring Policies to Analyze Encapsulated Traffic

Prefilter Policy Settings

Access Control Policy Settings

Verifying the Configuration and Connection

Analyzing Packet Flows

Scenario 2: Blocking Encapsulated Traffic

Configuring Policies to Block Encapsulated Traffic

Verifying the Configuration and Connection

Analyzing Packet Flows

Scenario 3: Bypassing Inspection

Configuring Policies to Bypass Inspection

Custom Prefilter Policy

Access Control Policy Settings

Verifying the Configuration and Connection

Analyzing Packet Flows

Summary

Quiz

Chapter 14 Bypassing Inspection and Trusting Traffic

Bypassing Inspection and Trusting Traffic Essentials

The Fastpath Rule

The Trust Rule

Best Practices for Bypassing Inspection

Fulfilling Prerequisites

Implementing Fastpath Through a Prefilter Policy

Configuring Traffic Bypassing

Configuring a Prefilter Policy

Invoking a Prefilter Policy in an Access Control Policy

Verifying the Prefilter Rule Configuration

Enabling Tools for Advanced Analysis

Analyzing the Fastpath Action

Establishing Trust Through an Access Policy

Configuring Trust with an Access Policy

Verifying the Trust Rule Configuration

Enabling Tools for Advanced Analysis

Analyzing the Trust Action

Using the Allow Action for Comparison

Summary

Quiz

Chapter 15 Rate Limiting Traffic

Rate Limiting Essentials

Best Practices for QoS Rules

Fulfilling Prerequisites

Configuring Rate Limiting

Verifying the Rate Limit of a File Transfer

Analyzing QoS Events and Statistics

Summary

Quiz

Part IV Troubleshooting and Administration of Next-Generation Security

Features

Chapter 16 Blacklisting Suspicious Addresses by Using Security Intelligence

Security Intelligence Essentials

Input Methods

Best Practices for Blacklisting

Fulfilling Prerequisites

Configuring Blacklisting

Automatic Blacklist Using Cisco Intelligence Feed

Manual Blacklisting Using a Custom Intelligence List

Immediate Blacklisting Using a Connection Event

Adding an Address to a Blacklist

Deleting an Address from a Blacklist

Monitoring a Blacklist

Bypassing a Blacklist

Adding an Address to a Whitelist

Deleting an Address from a Whitelist

Verification and Troubleshooting Tools

Verifying the Download of the Latest Files

Verifying the Loading of Addresses into Memory

Finding a Specific Address in a List

Verifying URL-Based Security Intelligence Rules

Summary

Quiz

Chapter 17 Blocking a Domain Name System (DNS) Query

Firepower DNS Policy Essentials

Domain Name System (DNS)

Blocking of a DNS Query Using a Firepower System

DNS Rule Actions

Actions That Can Interrupt a DNS Query

Actions That Allow a DNS Query

Sources of Intelligence

Best Practices for Blocking DNS Query

Fulfilling Prerequisites

Configuring DNS Query Blocking

Adding a New DNS Rule

Invoking a DNS Policy

Verification and Troubleshooting Tools

Verifying the Configuration of a DNS Policy

Verifying the Operation of a DNS Policy

Summary

Quiz

Chapter 18 Filtering URLs Based on Category, Risk, and Reputation

URL Filtering Essentials

Reputation Index

Operational Architecture

Fulfilling Prerequisites

Best Practices for URL Filtering Configuration

Blocking URLs of a Certain Category

Configuring an Access Rule for URL Filtering

Verification and Troubleshooting Tools

Allowing a Specific URL

Configuring FTD to Allow a Specific URL

Verification and Troubleshooting Tools

Querying the Cloud for Uncategorized URLs

Configuring FMC to Perform a Query

Verification and Troubleshooting Tools

Summary

Quiz

Chapter 19 Discovering Network Applications and Controlling Application

Traffic

Application Discovery Essentials

Application Detectors

Operational Architecture

Best Practices for Network Discovery Configuration

Fulfilling Prerequisites

Discovering Applications

Configuring a Network Discovery Policy

Verification and Troubleshooting Tools

Analyzing Application Discovery

Analyzing Host Discovery

Undiscovered New Hosts

Blocking Applications

Configuring Blocking of Applications

Verification and Troubleshooting Tools

Summary

Quiz

Chapter 20 Controlling File Transfer and Blocking the Spread of Malware

File Policy Essentials

File Type Detection Technology

Malware Analysis Technology

Licensing Capability

Best Practices for File Policy Deployment

Fulfilling Prerequisites

Configuring a File Policy

Creating a File Policy

Applying a File Policy

Verification and Troubleshooting Tools

Analyzing File Events

Analyzing Malware Events

The FMC Is Unable to Communicate with the Cloud

The FMC Performs a Cloud Lookup

FTD Blocks Malware

Overriding a Malware Disposition

Summary

Quiz

Chapter 21 Preventing Cyber Attacks by Blocking Intrusion Attempts

Firepower NGIPS Essentials

Network Analysis Policy and Preprocessor

Intrusion Policy and Snort Rules

System-Provided Variables

System-Provided Policies

Best Practices for Intrusion Policy Deployment

NGIPS Configuration

Configuring a Network Analysis Policy

Creating a New NAP with Default Settings

Modifying the Default Settings of a NAP

Configuring an Intrusion Policy

Creating a Policy with a Default Ruleset

Incorporating Firepower Recommendations

Enabling or Disabling an Intrusion Rule

Setting Up a Variable Set

Configuring an Access Control Policy

Verification and Troubleshooting Tools

Summary

Quiz

Chapter 22 Masquerading the Original IP Address of an Internal

Network Host

NAT Essentials

NAT Techniques

NAT Rule Types

Best Practices for NAT Deployment

Fulfilling Prerequisites

Configuring NAT

Masquerading a Source Address (Source NAT for Outbound Connection)

Configuring a Dynamic NAT Rule

Verifying the Configuration

Verifying the Operation: Inside to Outside

Verifying the Operation: Outside to Inside

Connecting to a Masqueraded Destination (Destination NAT for Inbound Connection)

Configuring a Static NAT Rule

Verifying the Operation: Outside to DMZ

Summary

Quiz

Appendix A Answers to the Review Questions

Appendix B Generating and Collecting Troubleshooting Files Using the GUI

Generating Troubleshooting Files with the GUI

Appendix C Generating and Collecting Troubleshooting Files Using the CLI

Generating Troubleshooting Files at the FTD CLI

Downloading a File by Using the GUI

Copying a File by Using the CLI

Generating Troubleshooting Files at the FMC CLI

Index

Duración: 5 días

Precio: A consultar

Cisco Learning Credits: A consultar