Security

The video takes you deeper into Intrusion Policy configuration on Cisco ASA FirePower as we use Policy Layer and FireSight Recommendation. Policy Layer provides configuration flexibility, while FireSight Recommendation assist you in determining appropriate intrusion rules to enable or disable. We will also test our configuration by simulating attacks using Metasploit vulnerability testing tool. The video will close by showing you how to setup intrusion event alert and manage intrusion incidents.

The video takes you deeper into Intrusion Policy configuration on Cisco ASA FirePower as we use Policy Layer and FireSight Recommendation. Policy Layer provides configuration flexibility, while FireSight Recommendation assist you in determining appropriate intrusion rules to enable or disable. We will also test our configuration by simulating attacks using Metasploit vulnerability testing tool. The video will close by showing you how to setup intrusion event alert and manage intrusion incidents.

The video walks you through basic configuration of Intrusion Policy on Cisco ASA FirePower. We begin by explaining significance of the use of Variable Set, the concept of Base Policy, and various settings in an Intrusion Rule. We will adjust some of an Intrusion Rule settings including, Threshold, Suppression, and Dynamic State, and observe how they effect the rule behavior using ICMP Reply Undefined Code rule as our example.

The video walks you through basic configuration of Intrusion Policy on Cisco ASA FirePower. We begin by explaining significance of the use of Variable Set, the concept of Base Policy, and various settings in an Intrusion Rule. We will adjust some of an Intrusion Rule settings including, Threshold, Suppression, and Dynamic State, and observe how they effect the rule behavior using ICMP Reply Undefined Code rule as our example.

The video walks you through configuration of wired 802.1X using EAP-TLS and PEAP on Cisco ISE 1.3. By leveraging AD integration from the previous video, we will configure authentication and authorization policies to support both user and machine authentications and enforce Machine Access Restriction (MAR). Here we assume user and machine certificate are already installed. We will perform testing on both domain, and non-domain computers and observe authentication results.

The video walks you through configuration of wired 802.1X using EAP-TLS and PEAP on Cisco ISE 1.3. By leveraging AD integration from the previous video, we will configure authentication and authorization policies to support both user and machine authentications and enforce Machine Access Restriction (MAR). Here we assume user and machine certificate are already installed. We will perform testing on both domain, and non-domain computers and observe authentication results.

The video demonstrates Cisco ISE 1.3 capability to integrate with multiple Active Directory forest/domains. We will be joining our ISE deployment to three domains: two participate in two-way trust, and one being untrusted, and try to understand how a user is searched through different domains, and how search scope can be limited. We will also look at feature enhancements such as identity rewrite, user test authentication, diagnostic tool, and scope mode. At the end, we will see how an AD join point appear under Identity Source Sequence.

The video demonstrates Cisco ISE 1.3 capability to integrate with multiple Active Directory forest/domains. We will be joining our ISE deployment to three domains: two participate in two-way trust, and one being untrusted, and try to understand how a user is searched through different domains, and how search scope can be limited. We will also look at feature enhancements such as identity rewrite, user test authentication, diagnostic tool, and scope mode. At the end, we will see how an AD join point appear under Identity Source Sequence.

The video demonstrates wildcard certificate generation on the new Cisco ISE 1.3 web interface and builds a two-node distributed deployment. We will go through CSR generation on ISE, have it signed by Windows 2008 CA, and use it to register a secondary node to a primary. The concept of Certificate Usage and Group Tag will be introduced as well ass an ability to centrally manage node certificates. 

The video demonstrates wildcard certificate generation on the new Cisco ISE 1.3 web interface and builds a two-node distributed deployment. We will go through CSR generation on ISE, have it signed by Windows 2008 CA, and use it to register a secondary node to a primary. The concept of Certificate Usage and Group Tag will be introduced as well ass an ability to centrally manage node certificates.