Author: John Clark

  • Verifying the Operation: Outside to DMZ – Cisco Network Address Translation (NAT)

    Verifying the Operation: Outside to DMZ This section demonstrates the operation of a static Auto NAT rule on a threat defense. As in the previous exercise, this one also uses the SSH service to generate traffic. However, unlike in the previous exercise, the SSH connection is initiated by an external…

  • The Management Center Performs a Cloud Lookup – Cisco Malware and File Policy

    The Management Center Performs a Cloud Lookup If the management center is able to resolve a DNS query, it should be able to connect and register with the Cisco cloud as well. Registration with the cloud allows the management center to perform cloud lookups for malware disposition. This section assumes…

  • Tip – Cisco Malware and File Policy

    Tip Cloud Lookup Timeout in the Action column indicates that the management center is unable to connect to the cloud. When you see this, check whether the management interface of the management center is connected to the Internet. If the Internet connectivity is operational, make sure the management center can…

  • The Management Center Is Unable to Communicate with the Cloud – Cisco Malware and File Policy

    The Management Center Is Unable to Communicate with the Cloud After deploying the file policy with the Block Malware rule action, you can attempt to download the same MSEXE file 7z1900.exe as you did previously. In this instance, the threat defense calculates the file’s SHA-256 hash and attempts to perform…

  • Best Practices for File Policy Configuration – Cisco Malware and File Policy

    Best Practices for File Policy Configuration You should consider the following best practices when you configure a file policy: When you want to block a file by using a file policy, use the Reset Connection option. It enables the application sessions to close before the connection times out by itself.…

  • Malware Analysis – Cisco Malware and File Policy

    Malware Analysis To protect a network from the latest malware, Cisco Secure Firewall is empowered with the malware defense technology (also known as advanced malware protection or AMP). This technology enables a threat defense to analyze a file for potential malware and viruses while the file traverses a network. To…

  • File Policy Essentials – Cisco Malware and File Policy

    File Policy Essentials To monitor and control network-based file transfers, Secure Firewall offers a standalone policy known as a file policy. A file policy enables you to detect any file type, such as media files (.mp3, .mpeg) and executable files (.exe, .rpm). In addition, a threat defense can analyze a…

  • “Do I Know This Already?” Quiz – Cisco Malware and File Policy

    “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your…

  • Tip – Cisco Network Analysis and Intrusion Policies

    Tip Some Telnet servers may return a different failure message, such as Login Failed. To detect this string, a different Snort rule, 1:492, is available. Depending on the settings for rule action, interface mode, and inspection mode, the threat defense can act differently on the same Snort rule. The management…

  • Verification – Cisco Network Analysis and Intrusion Policies

    Verification To verify whether an intrusion policy is active, you can run traffic to and from hosts on either side of the threat defense. However, if the traffic does not carry a signature of any vulnerability, the threat defense does not trigger an intrusion alert for it. To verify the…