Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

Released
Publisher(s): Cisco Press
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

None

Table of contents

  1. About This E-Book
  2. Title Page
  3. Copyright Page
  4. About the Authors
  5. About the Technical Reviewers
  6. Dedications
  7. Acknowledgments
  8. Contents at a Glance
  9. Contents
  10. Introduction
    1. Who Should Read This Book?
    2. How This Book Is Organized
    3. Command Syntax Conventions
  11. Chapter 1. Fundamentals of Cisco Next-Generation Security
    1. The New Threat Landscape and Attack Continuum
      1. The Attack Continuum
    2. Cisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA with FirePOWER Services
    3. Cisco Firepower Threat Defense (FTD)
      1. Cisco Firepower 4100 Series
      2. Cisco Firepower 9300 Series
      3. Cisco FTD for Cisco Integrated Services Routers (ISRs)
    4. Next-Generation Intrusion Prevention Systems (NGIPS)
    5. Firepower Management Center
    6. AMP for Endpoints
    7. AMP for Networks
    8. AMP Threat Grid
    9. Email Security Overview
      1. Email Security Appliance
      2. Cloud Email Security
      3. Cisco Hybrid Email Security
    10. Web Security Overview
      1. Web Security Appliance
      2. Cisco Security Management Appliance
      3. Cisco Cloud Web Security (CWS)
    11. Cisco Identity Services Engine (ISE)
    12. Cisco Meraki Cloud-Managed MDM
    13. Cisco Meraki Cloud-Managed Security Appliances
    14. Cisco VPN Solutions
    15. Summary
  12. Chapter 2. Introduction to and Design of Cisco ASA with FirePOWER Services
    1. Introduction to Cisco ASA FirePOWER Services
    2. Inline versus Promiscuous Mode
      1. Inline Mode
      2. Promiscuous Monitor-Only Mode
    3. Cisco ASA FirePOWER Management Options
      1. Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances
      2. Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances
    4. Cisco ASA FirePOWER Services Sizing
    5. Cisco ASA FirePOWER Services Licensing
      1. The Protection License
      2. The Control License
      3. The URL Filtering License
      4. The Malware License
      5. Viewing the Installed Cisco ASA FirePOWER Module Licenses
      6. Adding a License to the Cisco ASA FirePOWER Module
    6. Cisco ASA FirePOWER Compatibility with Other Cisco ASA Features
    7. Cisco ASA FirePOWER Packet Processing Order of Operations
    8. Cisco ASA FirePOWER Services and Failover
      1. What Happens When the Cisco ASA FirePOWER Module Fails?
    9. Cisco ASA FirePOWER Services and Clustering
      1. Cluster Member Election
      2. How Connections Are Established and Tracked in a Cluster
    10. Deploying the Cisco ASA FirePOWER Services in the Internet Edge
    11. Deploying the Cisco ASA FirePOWER Services in VPN Scenarios
    12. Deploying Cisco ASA FirePOWER Services in the Data Center
    13. Firepower Threat Defense (FTD)
    14. Summary
  13. Chapter 3. Configuring Cisco ASA with FirePOWER Services
    1. Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5585-X Appliances
      1. Installing the Boot Image and Firepower System Software in the Cisco ASA 5585-X SSP
    2. Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5500-X Appliances
      1. Installing the Boot Image and Firepower System Software in the SSD of Cisco ASA 5500-X Appliances
      2. Configuring of Cisco ASA 5506-X, 5508-X, and 5516-X Appliances
      3. Uploading ASDM
      4. Setting Up the Cisco ASA to Allow ASDM Access
      5. Accessing the ASDM
      6. Setting Up a Device Name and Passwords
      7. Configuring an Interface
    3. Configuring the Cisco ASA to Redirect Traffic to the Cisco ASA FirePOWER Module
    4. Configuring the Cisco ASA FirePOWER Module for the FMC
    5. Configuring the Cisco ASA FirePOWER Module Using the ASDM
      1. Configuring Access Control Policies
      2. Configuring Intrusion Policies
      3. Configuring File Policies
      4. Reusable Object Management
      5. Keeping the Cisco FirePOWER Module Up-to-Date
    6. Firepower Threat Defense
      1. Installing FTD Boot Image and Software
      2. FTD Firewall Mode
      3. FTD Interface Types
      4. FTD Security Zones
      5. Static and Dynamic Routing in FTD
    7. Summary
  14. Chapter 4. Troubleshooting Cisco ASA with FirePOWER Services and Firepower Threat Defense (FTD)
    1. Useful show Commands
      1. Displaying the Access Control Policy Details
      2. Displaying the Network Configuration
      3. Monitoring Storage Usage
      4. Analyzing Running Processes
      5. Using the System Log (Syslog)
      6. Monitoring and Troubleshooting System Tasks
      7. Generating Advanced Troubleshooting Logs
    2. Useful ASA Debugging Commands
    3. Summary
  15. Chapter 5. Introduction to and Architecture of Cisco AMP
    1. Introduction to Advanced Malware Protection (AMP)
    2. Role of the AMP Cloud
    3. Doing Security Differently
      1. The Prevention Framework
      2. The Retrospective Framework
    4. The Cloud
    5. Private Cloud
      1. Cloud Proxy Mode
      2. Air Gap Mode
    6. Installing the Cisco AMP Private Cloud
    7. Summary
  16. Chapter 6. Cisco AMP for Networks
    1. Introduction to Advanced Malware Protection (AMP) for Networks
      1. What Is That Manager Called, Anyway?
      2. Form Factors
      3. What Does AMP for Networks Do?
      4. Where Are the AMP Policies?
    2. Summary
  17. Chapter 7. Cisco AMP for Content Security
    1. Introduction to AMP for Content Security
    2. Content Security Connectors
    3. Configuring Cisco AMP for Content Security
      1. Configuring the Web Security Appliance (WSA) for AMP
      2. Configuring the Email Security Appliance (ESA) for AMP
    4. AMP Reports
    5. Summary
  18. Chapter 8. Cisco AMP for Endpoints
    1. Introduction to AMP for Endpoints
    2. What Is AMP for Endpoints?
    3. Connections to the AMP Cloud
      1. Firewalls, Destinations, and Ports, Oh My!
    4. Outbreak Control
      1. Custom Detections
      2. Application Control
      3. Exclusion Sets
    5. The Many Faces of AMP for Endpoints
    6. AMP for Windows
      1. Windows Policies
      2. Known Incompatible Software
    7. AMP for Mac
      1. MAC Policies
    8. AMP for Linux
      1. Linux Policies
    9. AMP for Android
    10. Installing AMP for Endpoints
      1. Groups, Groups, and More Groups
      2. Download Connector
      3. Distributing via Cisco AnyConnect
      4. Installing AMP for Windows
      5. Installing AMP for Mac
      6. Installing AMP for Linux
      7. Installing AMP for Android
    11. Proxy Complications
      1. Proxy Server Autodetection
      2. Incompatible Proxy Security Configurations
    12. Using the Cloud Console
    13. Summary
  19. Chapter 9. AMP Threat Grid: Malware Analysis and Threat Intelligence
    1. Cisco AMP Threat Grid
    2. Cisco AMP Threat Grid Cloud Solution
    3. Cisco AMP Threat Grid On-Premises Appliance
      1. Default Users
      2. Network Segment Configuration
    4. Summary
  20. Chapter 10. Introduction to and Deployment of Cisco Next-Generation IPS
    1. NGIPS Basics
      1. Legacy IPS Versus NGIPS
      2. Cisco NGIPS Capabilities
      3. NGIPS Modes
      4. NGIPS Deployment Locations and Scenarios
    2. NGIPS Deployment Design Considerations
      1. Threat Management and System Capabilities
      2. Flow Handling
      3. Scale and Availability
      4. Management Platform Integration
      5. Licensing and Cost
    3. NGIPS Deployment Lifecycle
      1. Policy Definition
      2. Product Selection and Planning
      3. Implementation and Operation
      4. Evaluation and Control
    4. Summary
  21. Chapter 11. Configuring Cisco Next-Generation IPS
    1. Policy
      1. Policy Layers
      2. Variables
      3. Configuring a Cisco Firepower Intrusion Policy
      4. Committing a Policy
    2. Snort Rules
      1. Rule Anatomy
      2. Writing a Rule
      3. Managing Snort Rules in FMC
      4. Cisco NGIPS Preprocessors
      5. Firepower Recommendations
    3. Performance Settings
    4. Stack/Cluster
    5. Summary
  22. Chapter 12. Reporting and Troubleshooting with Cisco Next-Generation IPS
    1. Analysis
      1. Intrusion Events
      2. Reports
      3. Incidents
      4. Alerts
      5. Correlation Policies
    2. Troubleshooting
      1. Audit
      2. Health Monitoring
      3. Syslogs
    3. Summary
  23. Index
  24. Code Snippets

Product information

  • Title: Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP
  • Author(s):
  • Release date:
  • Publisher(s): Cisco Press
  • ISBN: None