|
|
发表于 2021-6-12 23:31:20
|
显示全部楼层
international consulting and training company based in Evergreen, Colorado. He spends his free time with family, friends, and his two golden retrievers playing in the mountains, rivers, and lakes that surround his home.
You can reach Todd through his website and find more Firepower/FTD material, videos, and classes at www.lammle.com/firepowe r .
Don’t forget to download your bonus chapter, “Six Easy Steps to Network Analysis Every Morning” from Lammle.com/firepower !
Acknowledgments
I’d like to thank Donald Robb for helping me work on the table of contents for this book and the next one. The hardest part of writing a book is creating TOC that flows, so thank you for listening! Also, I want to thank Don for his contribution to chapter 5 on Chassis Manager and RadWare, and in addition, to helping me edit this book when I was just too tired to even talk about editing anymore!
Also, I wanted to mention my good friend John Gay, who also helped me pen the first ever published Sourcefire/Firepower Study guide: SSFIPS, four years ago. He’s been in inspiration during good and bad times. Thank you, John, for your friendship and faith!
I’ll also mention Alex Tatistcheff, even though he was out selfishly working on his own Firepower book and didn’t work on this book at all! However, that said, he still is an enormous vast knowledge of Snort information that is 2 nd to none. He’s the best of the best in Firepower/Snort. Thank you for your advanced technical support over the years!
There were a few students or consulting customers that helped by reading the final proof of this book: Chris Johnson, Joe Hidalgo and Mike Waldorf. Thank you All!
Table of Contents
CCIE/CCNP Security
Exam 300-710: Securing Networks with Cisco Firepower (SNCF)
About the Author
Introduction
History of SourceFire/Firepower
Managing Firepower
What Is This Book Really About?
What Does This Book Cover?
Securing Networks with Cisco Firepower (SNCF 300-710) Exam Objectives
Exam Description
What Objectives Will the Second Book in This Series Cover?
What chapters are covered in Part II in this CCNP Security SNCF series?
Chapter 1: Firepower Management Center (FMC)
Deploying a Cisco Firepower Network
What Is a Firepower Management Center (FMC)?
What If Your FMC Goes Down?
Virtual FMCs
FMC Virtual
FMC Virtual 300
Hardware FMCs
Starting the Firepower Management Center
Summary
Chapter 2: Cisco Firepower Management Center (FMC) Configuration
Initial FMC Login
Navigation Overview
Firepower System Configuration
Information
Access List
Access Control Preferences
Audit Log Certificate and Audit Log
Change Reconciliation
Console Configuration
DNS Cache
Dashboard
Database
Email Notification
External Database Access
HTTPS Certificate
Intrusion Policy Preferences
Language
Login Banner
Management Interfaces
Network Analysis Policy Preferences
Process
REST API Preferences
Remote Storage Device
SNMP
Shell Timeout
Time
Time Synchronization
UCAPL/CC Compliance
User Configuration
VMware Tools
Vulnerability Mapping
Web Analytics
Summary
Chapter 3: Firepower Management Center (FMC) Actions
Firepower Management Center (FMC) Actions
Firepower Management Center Alert Responses
Alert Responses
FMC Detailed Alerts
Summary
Chapter 4: Licensing & Health Policy
Licensing
Health Policy
Health Monitor
Health Policy
Health Events
Blacklist
Health Monitor Alerts
Summary
Chapter 5: Chassis Manager
Hardware Overview
Resetting our 4100s
Resetting the Password on 4100/9300
Setting the 4100/9300 Devices to Factory Default
Initial Configuration for 4100/9300
FXOS Overview
UCS Context
FXOS Context
Security Module Context
Local Management Context
Adapter Context
CIMC Context
Image Management
Adding FXOS
Upgrading FXOS
Adding a ASA Image
Adding an FTD Image
Adding Radware
Logging into the Chassis Manager
Platform Settings
Interfaces
Logical Devices
Adaptive Security Appliance (ASA)
FTD Cluster
FTD Standard
Cluster Traffic Flow
Centralized Features
Dynamic Routing in a Cluster
Site to Site VPNs in a Cluster
NAT in a Cluster
SIP in a Cluster
Syslog in a Cluster
SNMP in a Cluster
FTP in a Cluster
Trustsec in a Cluster
Unsupported Features
Summary
Chapter 6: Firepower Devices
Firepower Threat Defense (FTD) on the 1000/1100/2100/4100/9300 Devices
Configuration for 1010/1100/2100
Firepower Devices used in this book
7000/8000 Appliances
Virtual FTD on vCenter
CLI of the FTD Devices
Basic FTD CLI Commands
CLI Troubleshooting commands
Download the Advanced Troubleshooting File from the GUI
Download the Advanced Troubleshooting File from the CLI
Adding the 1010s and 1150s to the 2500 FMC
Adding the Firepower Appliance, 4140s and vFTDs into the Virtual FMC
Configuring the IPs on the 172.16.10.0 Devices
Configuring a DHCP Server
Configuring Routing
Verifying the Configuration from the CLI
Configuring the IPs on the 10.11.10.0 Managed Devices
Configuring Routing
Device Tab
Summary
Chapter 7: High Availability
High Availability
Licensing
Determining the Active Unit
High Availability on the Hardware FMC
High Availability on the Firepower Devices
Monitoring and Troubleshooting
Monitoring Interfaces
Standby Interface IP Addresses
Active/Standby IP Addresses and MAC Addresses
Verifying with the CLI
Upgrading a High Availability Pair
Upgrading a Firepower Device HA Pair
Summary
Chapter 8: Objects
Objects
Network
Port
Interface
Tunnel Zone
Application Filters
VLAN Tag
Security Group Tag
URL
Geolocation
Variable Set
Time Range
Security Intelligence Overview
Network Security Intelligence (SI)
DNS Security Intelligence
URL Security Intelligence
Security Intelligence Under the Hood
Sinkhole
Sinkhole Reloaded
File List
Cipher Suite List
Distinguished Name
PKI
FTD Only Settings
SLA Monitor
Prefix Lists
Route Map
Access Lists
AS Path
Community List
Policy List
VPN
Address Pools
FlexConfig
Radius Server Group
Intrusion Rules
Summary
Chapter 9: Access Control Policy
Overview
Policy Creation
Policy Editing
General Settings
Security Intelligence
HTTP Responses
Advanced
The Rules Tab
Rules!
ACP Rules Example
Summary
Chapter 10: Malware and File Policy
Advanced Malware Protection (AMP) Basics
File Analysis
Retrospective Events
File Dispositions
File Disposition Caching
Cloud Communications
Malware & File Policy
Advanced Settings
File Rules
File Policy Actions and Licensing
File Blocking Behavior
File Types and Categories
Sample Policy
Cisco AMP for Endpoints in Firepower Management Center
Integrating Firepower with AMP for Endpoints
AMP for Endpoints and AMP Private Cloud
Putting It All Together
Verifying a File Policy
Summary
Chapter 11 : Firepower Network Discovery
Firepower Technologies
Network Discovery Policy
Firepower Discovery Information
User Information
Host Attributes
Summary
Chapter 12: Intrusion Prevention System (IPS) Policy
Policy Basics
What Rules Are Enabled by Default?
Connectivity over Security Base Policy
Balanced Security and Connectivity Base Policy
Security over Connectivity Base Policy
Maximum Detection Base Policy
Final Thoughts on Base Policies
Rule States
Layers
Private and Shared Layers
A Shared Layer Alternative
The Intrusion Policy Interface
Intrusion Policy Editing
Rule Management
Creating, Importing, Deleting, & Editing a Snort Rule
Firepower Recommendations
Advanced Settings
Policy Layers
Committing Changes
Configuring and Verifying an Intrusion Policy
Verifying Your IPS Policy
Summary
Chapter 13: DNS Policy
Domain Name System (DNS)
The Kill Chain
A Typical Malware Infection
IP Blacklists
The Proxy Problem
The Proxy Solution
DNS Policy Configuration
Summary
Chapter 14: Prefilter
Overview
Prefilter Uses
Policy Creation
Prefilter Rules
Summary
Chapter 15: Network Address Translation (NAT)
What Is Network Address Translation (NAT)?
Types of Network Address Translation
NAT Names
Firepower NAT
Firepower NAT Examples
Firepower Threat Defense (FTD) NAT
Auto NAT or Manual NAT?
Testing and Troubleshooting NAT
NAT Verification
Summary
Chapter 16: Identity Policy
Identity with Firepower
Identity Sources
Non-Authoritative (Traffic-Based Detection)
Authoritative Sources
Realms
Add Realm
Add Directory
User Download
Identity Policy
Implement your Identity Policy
Summary
Chapter 17: User Management
User Preferences
Account Management
Internal vs. External User Authentication
User Privileges
Predefined User Roles
Creating New User Accounts
Creating a Custom User Role
Managing User Role Escalation
Configuring External Authentication
Creating Authentication Objects
Summary
Chapter 18: Advanced Network Analysis
Event Analysis Principles
False Positives
False Negatives
Possible Outcomes
The Goal of Analysis
Intrusion Events
Workflows
The Time Window
Navigating the Analysis Interface
Security Intelligence Events
Security Intelligence Workflows
Security Intelligence Tuning
File and Malware Events
Summary
Introduction
Cisco Firepower is an integral part of the suite of Cisco security products. There are Firepower managers and the various Firepower devices that are configured, managed, and monitored from the managers.
The devices are further categorized into Firepower appliances like 7000/8000s, which are all EOL, but there’s a legion of SourceFire appliances out there, so Cisco still covers them in this exam for now.
In the figure below, you can see how the manager—an FMC in this example—sends configuration and Snort security policy out to the devices. The devices then make decisions about the packets traveling through them based upon the Snort Security policy and finally sends the Snort verdict A close up of a device Description automatically generated back to the manager:
The new Adaptive Security Appliance (ASA), called Firepower Threat Defense (FTD), is definitely all the rage now! Even if you really just want to run plain, powerful ASA code, you’ll want the new devices with their tremendous power and inspection throughput that can run either ASA or FTD code. So, |
354#
2021-6-12 23:31:20
回复(0)
收起回复
|
[复制链接]
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
