1. Cisco FTD Overview and Features Preview
Cisco FTD Overview and Features
Cisco FTD (Firepower Threat Defense) is a Cisco Next Generation Firewall and IPS solution for securing networks and applications. It also includes many other security features that are introduced in this section as an introduction.
2. Cisco FTD Installation Guide (Version 7.0.1) Preview
The Cisco FTD installation process and its integration with Cisco FMC for centralized management is the topic of this section. We will install Virtual FTD and Virtual FMC with importing the OVF version of these software. Then we will integrate FTD and FMC with each other so that we can manage FTD centrally and via centralized FMC.
3. Cisco FTD Routed Mode Setup Guide Preview
Cisco FTD Routed Mode is the option we chose to install FTD. In the last section we connected FTD and FMC in management-plane network. In this section we will bring FTD into the data path between LAN and Internet network. Interface configuration, configuring default gateway and basic NAT configuration are basic necessary configurations to add FTD to the path for inspecting data traffic.
4. Cisco FTD Access Control Policy Preview
FTD access control policy is the first policy that we implement since it is the most normal policy that anycone configure in any firewall. With FTD ACL policy, we can, not only filter the traffic in layer 3 and layer 4, but many applications and micro-applications can be controlled through ACL policy. In this section we will only control traffic up to Layer 4.
5. Cisco FTD Application Control Policy
Cisco FTD application control provides the capability to control many applications and micro-applications based on the factory-configured signatures. signatures recognize applications based on many fields in the application layer.
6. Firepower Custom Application Detector Preview
Firepower Custom Application Detector gives the capability to add signatures for our custom business applications to the list of application detectors so that we can call them when we add an access control rule. In this section we will create a custom application detector specific to our business.
7. Cisco FTD Prefilter Policy Preview
Cisco FTD Prefilter Policy is the first level of access control and gives the capability to allow or filter a specific traffic at L3/L4 without the need to be forwarded to CPU intensive access control policy. It is also known as “fastpath” because it quickly allows or denies traffic, without deep packet inspection.
For example, you might want to allow ICMP for troubleshooting purposes and also drop Telnet traffic for security reasons. They do not need to be inspected by CPU-intensive engines like access-control policy, IPS policy, file policy and so on.
8. Cisco FTD Security Intelligence ( IPs and URLs) Preview
Cisco FTD Security Intelligence is used to black IPs, URLs and Domains with bad reputation. It uses mainly a database created by cisco Talos Security Group which periodically update the list of malicious senders and contents.
In this section, we will talk about security intelligence to block IPs and URLs with bad reputation. Blocking malicious domains will be discussed in the next video since the process is somehow different.
9. cisco FTD DNS Security Intelligence and DNS Sinkhole Preview
Cisco FTD DNS Security Intelligence is used to quickly block connections to or from domain names with a bad reputation based on a database created by Cisco Talos security group. You have the option to drop DNS queries for malicious domain names or return a specific IP address called DNS sinkhole to redirect users to that sinkhole IP address and log the users accessing malicious domains.
10. Cisco FTD Threat Intelligence Director (Cisco TID) Preview
Cisco FTD Threat Intelligence Director (TID) is a supplemental security intelligence solution to block IPs, URLs, and domains with bad reputations based on third-party sources and not just based on a specific source from a specific vendor.
11. Cisco FTD URL Filtering Preview
Cisco FTD URL Filtering feature gives the capability to control the websites that users on your network can access based on category, reputation, and also manual.
12. Cisco Firepower Malware and File Policy Preview
Cisco Firepower Malware and File Policy, as the name suggests, gives the capability to inspect and control the files as they are transmitted over the network. We can inspect them with local or cloud anti-malware (AMP) to detect and block malware files. We can also control files based on file types if they are allowed to be transmitted over the network.
13. Cisco FTD SSL Decryption Preview
Cisco FTD SSL Decryption Policy gives the capability to inspect SSL encrypted contents over the network, otherwise encrypted traffic, such as HTTPS connections, which make up most of the Internet content, cannot be inspected.
14. Cisco Firepower SSL Decryption: Decrypt Known Key Preview
Cisco Firepower SSL Decryption Policy gives the capability to inspect SSL encrypted contents over the network, otherwise encrypted traffic, such as HTTPS connections, which make up most of the Internet content, cannot be inspected.
In the last section, we implemented the “Decrypt Re-Sign” method, where users inside the network see all HTTPS/SSL applications outside the network with Firepower certificate.
In this section we implement “Decrypt Known Key” method in which users from outside the network access our HTTPS/SSL applications inside the network with erver certificate but traffic will be first decrypted and inspected in firepower before they are forwarded to the servers.
15. Cisco FTD NAT Fundamentals Preview
Cisco FTD NAT is the most basic and important function in this device like any other firewall. With NAT we have the possibility to access the internet with a private IP address or to give access from the internet to the services with private IP addresses.
16. Cisco FTD NAT Configuration Preview
Cisco FTD NAT configuration is the topic of this section. In the last section, we discussed the concept of different types of NAT and how they are implement in a Cisco FTD device. In this section we implement examples of different types of NAT.
17. Cisco Firepower Active Directory Integration Preview
Cisco Firepower Active Directory integration is a prerequisite for identity-based access control. In this section, you will learn how to integrate Cisco FMC with Active Directory. In the next section, we continue the discussion to enable identity-based access control in the network.
Cisco Firepower Create and Manage Realms
18. Cisco FTD Identity Policy : Active Authentication Preview
Cisco FTD Identity Policy gives the capability to control network traffic based on user identity instead of IP address. It will be done through user authentication and mapping IP address with the username. This is, what we will discuss in this section.
19. Cisco FTD Transparent Mode Preview
Cisco FTD Transparent Mode is another way of inserting a firewall in the network. In transparent mode, FTD is mostly like a switch and does not need an IP address to be assigned in each interface and also does not take part in the network routing.
20. Cisco FTD Network Discovery Policy Preview
Cisco FTD Network Discovery gives the capability to collects data on your organization’s network.
Which hosts exists on your network? IP address and MAC address of hosts on your network, operating system running on each host and also clients and web applications running on each host are the most important information retrieved by network discovery feature.
Network Discovery is not just for monitoring network traffic, but we can later predefine a host profile and then compare if any hosts on the network are violating the profile.
21. Cisco Firepower IPS Policy Preview
Cisco Firepower IPS is to detect and prevent intrusions in the network. This is the topic of this section to be discussed.
22. Cisco Firepower Deployment Modes Preview
Cisco Firepower deployment modes are the methods to insert a Firepower into the network as a Firewall/IPS device or as a IPS-only device. In Firewall/IPS mode, you have the option to choose routed or transparent mode and as a IPS-only device you can choose between inline and passive mode.
We discussed routing mode and transparent mode in the previous sections. In this section, we will discuss IPS-only inline and passive modes.
23. Cisco Firepower Event Suppression Preview
Cisco Firepower Event Suppression is a feature to reduce or suppress intrusion event notification based on some thresholds or IP address range.
24. Cisco Firepower Network Analysis Policy Preview
Cisco Firepower Network Analysis Policy determines how much deep a traffic must be pre-processed and decoded before traffic is inspected by access control and IPS policy. Some features like data loss detection or port scan detection require deep traffic pre-processing.
25. Firepower Sensitive Data Detection Preview
Firepower Sensitive Data Detection, or Data Loss Prevention (DLP), detects and generates events where intentionally or accidentally sensitive data such as social security numbers, credit card numbers, driver’s license numbers, etc. are leaked.
26. Cisco Firepower Port Scan Detection Preview
Cisco Firepower Port Scan Detection, as the name suggests, detects and filters all port scan activity from unauthorized sources.
27. Cisco Firepower Correlation Policy Preview
Cisco Firepower Correlation Policy is to take an action against threats in real time when threats are not detected by IPS signatures since it a zero day attack and there is no signature for it or the behaviour is not normal in our network.
28. Cisco Firepower Traffic Profile changes in Correlation Policy Preview
Cisco Firepower Traffic Profile is a graph of network traffic measured over a profiling time windows (PTW) represents normal traffic. any traffic violating normal traffic is suspicious to be abnormal traffic.
29. Cisco FTD High Availability Configuration
Cisco FTD High Availability makes two FTD devices to be failover that means if primary device fails, the secondary device takes over to forward the traffic.