I wanted to write up a review of my experience with Micronics Learning Z2H Security class. A lot of folks have asked me both on Twitter and on forums about it. I was lucky enough to attend the first class they had late in 2015 and it was honestly one of the best uses of my money for training that I've ever spent. If you're looking for CCIE Security v5 training or just Cisco security training in general, this is probably the best class on the market to get it. Since they are a Cisco Learning Partner, they do accept Cisco Learning Credits definitely can help if you have an employer that will only purchase training with learning credits.
In this post, I'm going to go through Rapid Threat Containment utilizing both ISE and Firepower. The pre-requirements in order to do this is to have configured pxGrid between ISE and the Firepower Management Center (FMC) prior. If you would like to know how to do so, I went over how to do it with self-signed certificates in this post here or CA-signed certificates in this post here.
I'm going to go over integration ISE 2.1 and Stealthwatch via pxGrid with self-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate but this isn't always the ideal situation for everyone. For those without a PKI infrastructure or for lab environments, it's pretty easy to set up pxGrid integration without an external PKI infrastructure.
I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using self-signed certificates. We went through the configuration of Firepower with CA-signed certificates in a previous post and you'll see that the configuration is very similar to that in this post.
In this blog post I'm going to go through the setup of a virtual Web Security Appliance from scratch and a couple of different options you can take. This is a basic setup for the purposes of labbing later with TrustSec and pxGrid. This is what I set up prior to my pxGrid configuration post.
This blog post is going to be a quick one. I'm going to share the configuration of NetFlow so I can export to my StealthWatch system. In previous posts, I mentioned that I'm using a Cisco Catalyst 3650 and ASA 5506 in my lab so I'll go over what I configured on them.
In a previous blog post, I configured pxGrid integration with StealthWatch and ISE using a CA-Signed certificate. In this blog post, I'm going to go through the configuration using self-signed certificates to enable StealthWatch to mitigate threats on the network using ISE.
If you are using AMP for Endpoints in your lab or implementation, I would highly recommend adding the cloud connection to your Firepower Management Center. The reason you would do this is that it allows you to import threat identifications, indications of compromise (IOC), and other malware-related information that the AMP cloud gathers from the endpoints.
In this post, I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using CA-signed certificates. In future posts, I'm planning on going through the configuration for both Firepower 5.4 and 6.0 using both self-signed and CA-signed certificates. The reason I plan on doing that is because they are slightly different and it's important to know this.
In this post, I'm going to do a basic setup of my ASA with Firepower. I'm not going to dig too deep into individual policies since those should be dedicated to their own blog post. Instead, I'm going to go through the basic setup of the ASA and the Firepower Management Center (FMC).
In this blog post, I'll go over the configuration of the ASA for TrustSec. This is for the native ASA code - not Firepower. I'll be going over Firepower separately in later blog posts. I'll be going over the configuration of TrustSec, SXP, and writing SGACLs for the ASA in this post. I'll be mostly utilizing the ASDM to make things a little easier and simpler to follow along with.
I have an ASA 5506 running in my lab and I wanted to establish the basic configuration for it first before I jump into the TrustSec configuration. This post isn't much of a deep dive but more informational in the even someone is building a lab similar to mine.
In this blog post, I'll go through the configuration for TrustSec and SXP for both my Catalyst 3650 switch and wireless controller. I'll walk through the configuration, create the SXP connection, and verify. After that, I'll test out a policy by connecting a client to the switch, watching the tag be applied on ingress and the policy applied.
In this blog post, I'm going to actually configure the Nexus 1000v for TrustSec. I'm going to walk through configuring the SXP connection, downloading the environmental data, and then assigning SGTs to devices.
In this blog post, we're going to go over the configuration of TrustSec in ISE 2.1. This configuration also applies to ISE 2.0 as well for the most part. While TrustSec is not a required configuration for a secure ISE deployment, it definitely has some great advantages. It's a security architecture utilizing security group tags (SGTs) that allows that network to enforce access control policy, reduce ACL complexity, and can be utilized for policy in other security devices which I will go into further in later blog posts when I go over pxGrid on different systems.
In this blog post, I'm going to go through the installation of the Nexus 1000v on my ESXi host. The reason I'm installing the Nexus 1000v in my lab is so that I can tag vNIC traffic with Security Group Tags (SGTs) for later labbing.
This blog post is going to be going over integration ISE 2.1 and WSA via pxGrid with CA-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate.
This post is going to go over the integration of ISE 2.1 and AMP for Endpoints. ISE 2.1 introduces the concept of a "Threat Centric NAC" which allows you to configure vulnerabiltiy and threat adapters to send high fidelity Indicators of Compromise (IoC), Threat Detected events, and CVSS scores to ISE so that threat-centric access policies can be created to change the privilege of the endpoint accordingly.
In this post, I'm going to go over host groups and why they're so critical to the StealthWatch system. Using host groups correctly in the StealthWatch system will ensure that you're alerted correctly on events and that the information given to you is more relevant to your enterprise
I'm definitely going to go over this more in future posts after I'm done with my StealthWatch series. I'll just post this high level information about some of the additional features of ISE 2.1 which I'm pretty excited about.