Recent Blog Posts
-
The Management Center Performs a Cloud Lookup – Cisco Malware and File Policy
•
The Management Center Performs a Cloud Lookup If the management center is able to resolve a DNS query, it should be able to connect and register with the Cisco cloud as well. Registration with the cloud allows the management center to perform cloud lookups for malware disposition. This section assumes…
-
Tip – Cisco Malware and File Policy
•
Tip Cloud Lookup Timeout in the Action column indicates that the management center is unable to connect to the cloud. When you see this, check whether the management interface of the management center is connected to the Internet. If the Internet connectivity is operational, make sure the management center can…
-
The Management Center Is Unable to Communicate with the Cloud – Cisco Malware and File Policy
•
The Management Center Is Unable to Communicate with the Cloud After deploying the file policy with the Block Malware rule action, you can attempt to download the same MSEXE file 7z1900.exe as you did previously. In this instance, the threat defense calculates the file’s SHA-256 hash and attempts to perform…
-
Best Practices for File Policy Configuration – Cisco Malware and File Policy
•
Best Practices for File Policy Configuration You should consider the following best practices when you configure a file policy: When you want to block a file by using a file policy, use the Reset Connection option. It enables the application sessions to close before the connection times out by itself.…
-
Malware Analysis – Cisco Malware and File Policy
•
Malware Analysis To protect a network from the latest malware, Cisco Secure Firewall is empowered with the malware defense technology (also known as advanced malware protection or AMP). This technology enables a threat defense to analyze a file for potential malware and viruses while the file traverses a network. To…
-
File Policy Essentials – Cisco Malware and File Policy
•
File Policy Essentials To monitor and control network-based file transfers, Secure Firewall offers a standalone policy known as a file policy. A file policy enables you to detect any file type, such as media files (.mp3, .mpeg) and executable files (.exe, .rpm). In addition, a threat defense can analyze a…
-
“Do I Know This Already?” Quiz – Cisco Malware and File Policy
•
“Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your…
-
Tip – Cisco Network Analysis and Intrusion Policies
•
Tip Some Telnet servers may return a different failure message, such as Login Failed. To detect this string, a different Snort rule, 1:492, is available. Depending on the settings for rule action, interface mode, and inspection mode, the threat defense can act differently on the same Snort rule. The management…
-
Verification – Cisco Network Analysis and Intrusion Policies
•
Verification To verify whether an intrusion policy is active, you can run traffic to and from hosts on either side of the threat defense. However, if the traffic does not carry a signature of any vulnerability, the threat defense does not trigger an intrusion alert for it. To verify the…
-
Policy Deployment – Cisco Network Analysis and Intrusion Policies
•
Policy Deployment So far, you have configured various parts of an intrusion detection and prevention system. They do not begin acting on live traffic until and unless you bring together all the policy components and deploy them on the threat defense. An access control policy acts as the central place…