RouteMyPacket's CyberSecurity Blog

Cisco Re-Certification For those Engineers that look to certify themselves in a plethora of technologies, we have a choice to keep up to date or fall behind. In particular I want to speak on Cisco's certifications and process. I got the dreaded emails from Cisco that it was time to re-certify. I say "dreaded" because we are all busy and taking an exam can take time and energy BUT such is the field we have chosen, it is a necessary evil. Wow, three (3) years goes by fast eh? Some said study and sit the CCIE Security Written but as with many certified Engineers that are actively working projects etc. it is not always possible to take 2-3 months to prepare for an exam. With that said, I decided that I could not be prepared to sit the Security Written, so I chose what I remembered to be a fun exam, and this exam would re-certify my CCNP R&S, CCNP Security certs. TSHOOT (300-135) Part One I decided to take the exam cold, with no preparation whatsoever. I mean,

Firepower Management Center v6.2 Reference Guide While I have delivered Cisco Firepower to customers over the last several years, I always prefer that my customers are engaged and shadowing me as I install, configure, and tune Firepower. I am more than happy to explain as I go along however after Firepower is up and running I like to leave my customers with a reference guide that can help them better understand their new best of class NGIPS solution. I would like to share with you an example of this reference guide and I hope that it helps you better understand some partcular features or functions within Firepower Management Center, in this case v6.2. Once we understand the underlying features and functions, we can better configure and thereby tune the NGIPS so we can achieve the highly touted efficacy of the product in terms of detecting and preventing threats! Lets start at the beginning: Initial Configuration Steps - Definitions and HowTo Network Discovery Polic

Palo Alto Networks Firewall v8.0.4 SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Go to the Device Tab->Certficates. Lets import our CA certificate from the Microsoft Internal CA Server (e.g. http://x.x.x.x/certsrv). Click "Download a CA certificate, certificate chain, or CRL", choose Base64 and click "Download CA Certificate". Save this to an accessible location (e.g. Desktop) so it can be imported into the PAN-FW. 2. Back in the PAN GUI, import the CA cert and give it a comprehensive name (Note: You would click "Shared" if configuring this via Panorama and if you would like this cert to be used by multiple device/s. In this instance, we are configuring on a single local Firewall). Click ok!   Note: Click on the new Domain-RootCA cert, put a check mark next to "Trusted CA" and click ok! You will now see this reflected under the "

SSL Decryption - Why? SSL traffic has been around for some time now. It is an industry standard for transmitting secure data over the Internet. We all know that if we see a valid HTTPS session, we are safe to input sensitive data (e.g. Credit Card Numbers, SSN etc.) for online purchases, banking etc. Legacy stateful firewalls had no means of inspecting encrypted traffic flows. While security technology has improved and visibility has been gained by Engineers to better determine what traffic is traversing their network, the threat landscape has also adapted and threats can now be hidden in encrypted traffic flows rendering them undetectable as they pass from the Internet into the private network. While threats contained within encrypted channels are real, some would argue that these threats remain relatively small and do not warrant decryption and scanning as a best practice. However, each environment and need is different, assess your need and decide if decryption and scanning is

Cisco Firepower Management Center v6.2  SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Login to Firepower Management Center (FPMC), go to Objects->Object Management->PKI->Internal CA's and click "Generate CA"  2. Fill out each field according to your FPMC setup and click on "Generate CSR" 3. Copy the encrypted information from the certificate signing request, this can also be referred to as a base64 or .pem request. Now open a browser and access your internal certificate server and request a certificate. 4. Click on "Request a certificate", then click on "advanced certificate request" 5. Paste the content of the clipboard to the text box, Certificate Template should be selected as "Subordi