Cisco Firepower Threat Defense (FTD): Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation ... (AMP) (Networking Technology: Security)

Nazmul Rajib

買這商品的人也買了...

商品描述

The authoritative visual guide to Cisco Firepower Threat Defense (FTD)


This is the definitive guide to best practices and advanced troubleshooting techniques for the Cisco flagship Firepower Threat Defense (FTD) system running on Cisco ASA platforms, Cisco Firepower security appliances, Firepower eXtensible Operating System (FXOS), and VMware virtual appliances.


Senior Cisco engineer Nazmul Rajib draws on unsurpassed experience supporting and training Cisco Firepower engineers worldwide, and presenting detailed knowledge of Cisco Firepower deployment, tuning, and troubleshooting. Writing for cybersecurity consultants, service providers, channel partners, and enterprise or government security professionals, he shows how to deploy the Cisco Firepower next-generation security technologies to protect your network from potential cyber threats, and how to use Firepower’s robust command-line tools to investigate a wide variety of technical issues.


Each consistently organized chapter contains definitions of keywords, operational flowcharts, architectural diagrams, best practices, configuration steps (with detailed screenshots), verification tools, troubleshooting techniques, and FAQs drawn directly from issues raised by Cisco customers at the Global Technical Assistance Center (TAC). Covering key Firepower materials on the CCNA Security, CCNP Security, and CCIE Security exams, this guide also includes end-of-chapter quizzes to help candidates prepare.


·        Understand the operational architecture of the Cisco Firepower NGFW, NGIPS, and AMP technologies

·         Deploy FTD on ASA platform and Firepower appliance running FXOS

·         Configure and troubleshoot Firepower Management Center (FMC)

·         Plan and deploy FMC and FTD on VMware virtual appliance

·         Design and implement the Firepower management network on FMC and FTD

·         Understand and apply Firepower licenses, and register FTD with FMC

·         Deploy FTD in Routed, Transparent, Inline, Inline Tap, and Passive Modes

·         Manage traffic flow with detect-only, block, trust, and bypass operations

·         Implement rate limiting and analyze quality of service (QoS)

·         Blacklist suspicious IP addresses via Security Intelligence

·         Block DNS queries to the malicious domains

·         Filter URLs based on category, risk, and reputation

·         Discover a network and implement application visibility and control (AVC)

·         Control file transfers and block malicious files using advanced malware protection (AMP)

·         Halt cyber attacks using Snort-based intrusion rule

·         Masquerade an internal host’s original IP address using Network Address Translation (NAT)

·         Capture traffic and obtain troubleshooting files for advanced analysis

·         Use command-line tools to identify status, trace packet flows, analyze logs, and debug messages

 

商品描述(中文翻譯)

這是一本關於Cisco Firepower Threat Defense (FTD)的權威視覺指南。

這本書是關於Cisco旗艦Firepower Threat Defense (FTD)系統在Cisco ASA平台、Cisco Firepower安全設備、Firepower eXtensible Operating System (FXOS)和VMware虛擬設備上的最佳實踐和高級故障排除技術的權威指南。

資深的Cisco工程師Nazmul Rajib憑藉其在全球支援和培訓Cisco Firepower工程師的經驗,以及對Cisco Firepower部署、調優和故障排除的詳細知識,為網絡安全顧問、服務提供商、渠道合作夥伴以及企業或政府安全專業人員展示了如何部署Cisco Firepower下一代安全技術來保護您的網絡免受潛在的網絡威脅,以及如何使用Firepower強大的命令行工具來調查各種技術問題。

每個章節都有一致的組織結構,包括關鍵詞定義、操作流程圖、架構圖、最佳實踐、配置步驟(附有詳細的截圖)、驗證工具、故障排除技術以及直接來自Cisco全球技術支援中心(TAC)客戶提出的問題的常見問題。本指南還包括章末測驗,以幫助考生準備相關的CCNA Security、CCNP Security和CCIE Security考試。

本書的內容包括:

- 瞭解Cisco Firepower NGFW、NGIPS和AMP技術的操作架構
- 在ASA平台和運行FXOS的Firepower設備上部署FTD
- 配置和故障排除Firepower管理中心(FMC)
- 計劃在VMware虛擬設備上部署FMC和FTD
- 設計和實施FMC和FTD上的Firepower管理網絡
- 瞭解並應用Firepower許可證,並將FTD註冊到FMC
- 在路由、透明、內聯、內聯監控和被動模式下部署FTD
- 通過檢測、阻止、信任和繞過操作來管理流量流
- 實施速率限制並分析服務質量(QoS)
- 通過安全情報將可疑IP地址列入黑名單
- 阻止對惡意域名的DNS查詢
- 基於類別、風險和聲譽過濾URL
- 發現網絡並實施應用程序可見性和控制(AVC)
- 控制文件傳輸並使用高級惡意軟件保護(AMP)阻止惡意文件
- 使用基於Snort的入侵規則阻止網絡攻擊
- 使用網絡地址轉換(NAT)偽裝內部主機的原始IP地址
- 捕獲流量並獲取用於高級分析的故障排除文件
- 使用命令行工具來識別狀態、跟踪封包流、分析日誌和調試消息。