The National Security Agency (NSA) has published best practices for setting and hardening Cisco Firepower Threat Defense (FTD). These best practices may assist network and system administrators in the process of building Next Generation Firewalls (NGFW).
These Cisco FTD systems provide a mix of application and network security capabilities, including as application visibility and controls (also known as AVC), URL filtering, user identification and authentication, virus protection, and intrusion prevention.
By configuring them in the most optimal manner, the organization’s overall security will be improved.
According to the findings of the research, some of the most critical procedures include putting in place.
- Access control
- Intrusion prevention policies
- SSL policies
- Malware and file policies
- Enabling Secure VPN settings
- Hardening FXOS (Firewall Xtensible Operating System).
The Establishment of an Access Control System
This solution not only produces a refined and regulated intended traffic flow, but it also minimizes unwanted access and prevents the flow of traffic that is not desired.Threat actors can’t access specifically configured external or internal network resources because of these access control regulations, which also prevent them from doing so.
Implementation of Procedures for the Prevention of Intrusion
The following policy templates were inherited from Cisco Talos: Balanced Security and Connectivity, Connectivity over Security, Maximum Detection, and Security over Connectivity. These rules manage traffic on the IDS and IPS systems.
Putting SSL Policies Into Effect
These rules primarily focus on TLS, which stands for transport layer security, and manage the inspection and decryption of encrypted communication that takes place inside the device. The TLS proxy, the session configuration, and the application data are three crucial elements that are involved in the decryption of SSL data.
Malware and File Policies
These rules determine which types of files are permitted, prohibited, or reviewed from the whole of the traffic that moves through the device.There are a number of different actions that may be taken for incoming files, such as detect, block, search in a malware cloud, and block malware. In addition, these strategies include both static and dynamic analyses, in addition to local ones.
Establishing a Secure VPN Connection
When establishing a virtual private network (VPN) with the device, it is essential to make use of a trustworthy protocol and robust encryption techniques.Protocols such as Internet Key Exchange version 2 (IKEv2) key management protocol are suggested by the National Security Agency (NSA) as a result of the IPsec and Security Association (SA) specifications.
Hardening the FXOS Operating System
These Firepower devices employ the FXOS operating system as their operating system, and the FTD image is put on top of the container.It is strongly suggested that customers update their FXOS to the most recent version on a regular basis to reduce the risk of being exploited.
The National Security Agency (NSA) has made public a comprehensive study on the ideal procedures that should be adhered to during the setup and installation of these network devices.It is advised that organizations adhere to the guidance and apply the steps in accordance with the recommendations to stop threat actors.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.