Saturday, May 18, 2024

CISA Guide to Network and System Administrators to Harden Cisco Firewalls

The National Security Agency (NSA) has released best practices for configuring and hardening Cisco Firepower Threat Defense (FTD) which can help network and system administrators in configuring these Next Generation Firewalls (NGFW).

These Cisco FTD systems provide a combination of application and network security features like application visibility and controls (AVC), URL filtering, user identity and authentication, malware protection, and intrusion prevention.

Configuring them in the best possible way will enhance the overall security of the organization.

Practices mentioned by NSA

According to the report, some of the most important practices include implementing 

  • Access control
  • Intrusion prevention policies
  • SSL policies
  • Malware and file policies 
  • Enabling Secure VPN settings and 
  • hardening FXOS (Firewall Xtensible Operating System). 

Implementation of Access Control

This implementation creates refined and controlled desired traffic flow along with minimised unauthorized access and prevention of undesirable traffic.

These access control policies also restrict threat actors from accessing specially configured external or internal network resources.

Intrusion Prevention Policies Implementation

These policies control traffic on the IDS and IPS systems which are inherited from Cisco Talos base policy templates: Balanced Security and Connectivity, Connectivity over Security, Maximum Detection, and Security over Connectivity.

Implementing SSL Policies

These policies control the inspection and decryption of encrypted traffic within the device and mostly target TLS (Transport Layer Security). Three major components of SSL decryption are a TLS proxy, the session setup, and the application data.

Implementation of Malware and File Policies

These policies control the type of files that are allowed, blocked, or inspected from all the traffic that passes through the device.

Multiple actions are available for incoming files, such as detect, block, malware cloud lookup, and block malware. In addition, these policies include static, dynamic, and local analysis.

Enabling Secure VPN settings

The use of secure protocol and strong encryption algorithms when creating a VPN with the device is extremely important.

Protocols like Internet Key Exchange (IKE) version 2 (IKEv2) key management protocol due to the IPsec and Security Association (SA) standards are recommended by the NSA.

Hardening FXOS

FXOS is the operating system used on these Firepower devices, and the FTD image is installed on top of the container.

For preventing exploitation, it is recommended that users upgrade the FXOS to the latest version periodically.

NSA has released a complete report on the best practices that can be followed during the configuration and implementation of these network devices.

Organizations are recommended to follow the guide and implement the measures accordingly to prevent threat actors.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


Latest articles

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...

Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles