View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0174 - ASA FirePower IPS Advance (Part 2)

Rating: 
5
Average: 5 (4 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video takes you deeper into Intrusion Policy configuration on Cisco ASA FirePower as we use Policy Layer and FireSight Recommendation. Policy Layer provides configuration flexibility, while FireSight Recommendation assist you in determining appropriate intrusion rules to enable or disable. We will also test our configuration by simulating attacks using Metasploit vulnerability testing tool. The video will close by showing you how to setup intrusion event alert and manage intrusion incidents.
 
Part 2 of this video goes through implementation of FireSight Recommendation and validation using Metasploit teting tool
 
Topic:
  • Intrusion Policy using Policy Layer
  • FireSight Recommendations
  • Metasploit Vulnerability Testing
  • Intrusion Event Management
  • Intrusion Event Alerting

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

4 comments

in this video you apply the signature which can prevent attack vsftpd and ircd, how can I know which signature I should enable prior the attack take place.

If you have critical services you are trying to protect then you can try to look up relavent signature, or enable FireSight recommendation after it has been discovering you network for a while.

Excellent video (and all the videos!). Performing the actual attack with Metasploit made it really interesting. It would be great to actually see if when the actual application is used by normal users the FireSIGHT would pick it up. One thing I would add is that the impact flag is directly related to FireSIGHT discovery information and indicates if the host is actually vulnarable to a given attack based on the FireSIGHT info. It's probably the key (selling) "feature" of the system :)

Good point and good feedback. Thanks Raf..