The National Security Agency (NSA) has released best practices for configuring and hardening Cisco Firepower Threat Defense (FTD) which can help network and system administrators in configuring these Next Generation Firewalls (NGFW).
These Cisco FTD systems provide a combination of application and network security features like application visibility and controls (AVC), URL filtering, user identity and authentication, malware protection, and intrusion prevention.
Configuring them in the best possible way will enhance the overall security of the organization.
According to the report, some of the most important practices include implementing
This implementation creates refined and controlled desired traffic flow along with minimised unauthorized access and prevention of undesirable traffic.
These access control policies also restrict threat actors from accessing specially configured external or internal network resources.
These policies control traffic on the IDS and IPS systems which are inherited from Cisco Talos base policy templates: Balanced Security and Connectivity, Connectivity over Security, Maximum Detection, and Security over Connectivity.
These policies control the inspection and decryption of encrypted traffic within the device and mostly target TLS (Transport Layer Security). Three major components of SSL decryption are a TLS proxy, the session setup, and the application data.
These policies control the type of files that are allowed, blocked, or inspected from all the traffic that passes through the device.
Multiple actions are available for incoming files, such as detect, block, malware cloud lookup, and block malware. In addition, these policies include static, dynamic, and local analysis.
The use of secure protocol and strong encryption algorithms when creating a VPN with the device is extremely important.
Protocols like Internet Key Exchange (IKE) version 2 (IKEv2) key management protocol due to the IPsec and Security Association (SA) standards are recommended by the NSA.
FXOS is the operating system used on these Firepower devices, and the FTD image is installed on top of the container.
For preventing exploitation, it is recommended that users upgrade the FXOS to the latest version periodically.
NSA has released a complete report on the best practices that can be followed during the configuration and implementation of these network devices.
Organizations are recommended to follow the guide and implement the measures accordingly to prevent threat actors.
Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…