Posts

SSL Decryption

SSL Decryption - Why? SSL traffic has been around for some time now. It is an industry standard for transmitting secure data over the Internet. We all know that if we see a valid HTTPS session, we are safe to input sensitive data (e.g. Credit Card Numbers, SSN etc.) for online purchases, banking etc. Legacy stateful firewalls had no means of inspecting encrypted traffic flows. While security technology has improved and visibility has been gained by Engineers to better determine what traffic is traversing their network, the threat landscape has also adapted and threats can now be hidden in encrypted traffic flows rendering them undetectable as they pass from the Internet into the private network. While threats contained within encrypted channels are real, some would argue that these threats remain relatively small and do not warrant decryption and scanning as a best practice. However, each environment and need is different, assess your need and decide if decryption and scanning is

Cisco Re-Certification

Cisco Re-Certification For those Engineers that look to certify themselves in a plethora of technologies, we have a choice to keep up to date or fall behind. In particular I want to speak on Cisco's certifications and process. I got the dreaded emails from Cisco that it was time to re-certify. I say "dreaded" because we are all busy and taking an exam can take time and energy BUT such is the field we have chosen, it is a necessary evil. Wow, three (3) years goes by fast eh? Some said study and sit the CCIE Security Written but as with many certified Engineers that are actively working projects etc. it is not always possible to take 2-3 months to prepare for an exam. With that said, I decided that I could not be prepared to sit the Security Written, so I chose what I remembered to be a fun exam, and this exam would re-certify my CCNP R&S, CCNP Security certs. TSHOOT (300-135) Part One I decided to take the exam cold, with no preparation whatsoever. I mean,

Cisco Firepower Management Center v6.2 - Reference Guide

Image
Firepower Management Center v6.2 Reference Guide While I have delivered Cisco Firepower to customers over the last several years, I always prefer that my customers are engaged and shadowing me as I install, configure, and tune Firepower. I am more than happy to explain as I go along however after Firepower is up and running I like to leave my customers with a reference guide that can help them better understand their new best of class NGIPS solution. I would like to share with you an example of this reference guide and I hope that it helps you better understand some partcular features or functions within Firepower Management Center, in this case v6.2. Once we understand the underlying features and functions, we can better configure and thereby tune the NGIPS so we can achieve the highly touted efficacy of the product in terms of detecting and preventing threats! Lets start at the beginning: Initial Configuration Steps - Definitions and HowTo Network Discovery Polic

SSL Decryption with Palo Alto NGFW

Image
Palo Alto Networks Firewall v8.0.4 SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Go to the Device Tab->Certficates. Lets import our CA certificate from the Microsoft Internal CA Server (e.g. http://x.x.x.x/certsrv). Click "Download a CA certificate, certificate chain, or CRL", choose Base64 and click "Download CA Certificate". Save this to an accessible location (e.g. Desktop) so it can be imported into the PAN-FW. 2. Back in the PAN GUI, import the CA cert and give it a comprehensive name (Note: You would click "Shared" if configuring this via Panorama and if you would like this cert to be used by multiple device/s. In this instance, we are configuring on a single local Firewall). Click ok!   Note: Click on the new Domain-RootCA cert, put a check mark next to "Trusted CA" and click ok! You will now see this reflected under the "

SSL Decryption with Cisco Firepower Management Center

Image
Cisco Firepower Management Center v6.2  SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Login to Firepower Management Center (FPMC), go to Objects->Object Management->PKI->Internal CA's and click "Generate CA"  2. Fill out each field according to your FPMC setup and click on "Generate CSR" 3. Copy the encrypted information from the certificate signing request, this can also be referred to as a base64 or .pem request. Now open a browser and access your internal certificate server and request a certificate. 4. Click on "Request a certificate", then click on "advanced certificate request" 5. Paste the content of the clipboard to the text box, Certificate Template should be selected as "Subordi

Cisco 5505 Replacement Now Available

Image
As of February 2015, you might have noticed a new Product SKU in CCW. The new Cisco ASA 5506-X has arrived. What does this new model bring and is it the only new offering in the ASA line? What's new? FirePOWER services, that's what. SOHO's and SMB's can now take advantage of NGFW offerings like AVC, IPS, URL Filtering, and AMP. While licensing costs remain the same regardless of model (after all it is a subscription based service with no relationship to ASA model), there are some caveats to be aware of. You will have the option of choosing two methods of managing FirePOWER services - On-Box Management - Off-Box Management On-Box Management : As with it's predecessor CX (w/ Prime Security), the new 5506-X will house FireSIGHT Management Center (FMC) on-box. However, the caveats being various lacking features as opposed to the off-box FMC Virtual and Physical Appliances. Off-Box Management : There are multiple options for off-box management and which op

What is Cisco IWAN?

IWAN = Intelligent Wide Area Network Intelligent WAN leverages IOS routing technologies to enhance traditional networks while reducing WAN bandwidth costs. Let's take a look at what IWAN is and what it can do for us. IWAN is based on four (4) components Transport Independent    - Consistent operational model    - Simple provider migrations    - Scalable and modular design    - IPsec routing overlay design Intelligent Path Control (Pfr)      - Dynamic Application best path based on policy/s      - Load balancing for full utilization of bandwidth      - Improved network availability Application Optimization (AVC and WAAS)       - Application visibility with performance monitoring       - Application acceleration and bandwidth optimization Secure Connectivity (DMVPN)       - Certified strong encryption       - Comprehensive threat defense       - Cloud Web Security for secure direct Internet access IWAN provides a flexible secure WAN design (DMVPN) a

Cisco ASA with FirePOWER Explained

Image
What is Cisco ASA with FirePOWER? "FirePOWER" is Cisco's latest attempt to further strengthen their Security/Firewall platform. It has been argued for some time that Cisco have rested on their laurels of the ASA platform, allowing other vendors to sweep in and take the lead in the Next Generation Firewall (NGFW) race. Companies quickly came to the realization that it is imperative to have visibility past traditional Layer 1 through Layer 4. The growth of the Internet and the ever growing features and applications that companies leverage on the Internet has grown to be commonplace and continues to grow as more "Cloud" based resources are adopted. Traditional ASA brought about stateful packet inspection, and the ability to implement various modules (IPS, CSC-SSM) and was the standard bearer in edge security for some time. The PIX firewall was replaced and the ASA had arrived. As of 2012 Cisco had introduced their first line of NGFW, Cisco ASA w/ CX brought