Tag Archives: Security

A little bit about Firepower Network Analysis Policy (NAP)

We have previously talked about Intrusion Prevention Policy, or IPS, and saw how to configure and tweak the same. What we did not talk about and is closely tied to the IPS policy is Network Analysis Policy or NAP. So, … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire, Uncategorized | Tagged , , , , | Leave a comment

Client side exploitation attacks

Let’s take a short break from Sourcefire and talk a little bit about client side exploitation. Don’t worry, we will go back to SF soon. So, what is client side exploitation? Well, let’s talk a little bit about “regular” exploitation. Perhaps … Continue reading

Posted in Metasploit, PENTEST, Security | Tagged , , , | Leave a comment

Connecting Sourcefire to SIEM with eStreamer

Currently we are satisfied with our Sourcefire set up. Our effort was not in vain. Let’s now connect our Sourcefire to the SIEM solution. Briefly, SIEM is an abbreviation of “Security Information and Event Management” and is a system that … Continue reading

Posted in Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , , | 1 Comment

Sourcefire File Policies (aka Advanced Malware Protection)

With Sourcefire ASA software modules we are able to control what file types are allowed and what are not to be downloaded or uploaded. What can be tracked depends on protocols supported by the Sourcefire and the direction of file … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , , , | 13 Comments

Sourcefire Security Intelligence

Let’s talk a little bit about a nice capability of Sourcefire system called “Security Intelligence” (SI). With the SI we have the option to block the traffic based on its reputation, before it reaches detection engine. We had this functionality … Continue reading

Posted in ASA, Cisco, FirePOWER, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 18 Comments

Introduction to Cisco ASA modules

We have been using ASA firewalls for years now, and we know it is a great firewall. But, over the years threats evolved and needs for something more than just a traditional firewall emerged. The ASA is considered a traditional … Continue reading

Posted in ASA, Cisco, Security | Tagged , , | 1 Comment

Preparing Kali linux for penetration testing/vulnerability assessment

We all know what Kali linux is and what it’s used for. What we need is a comprehensive guide or reminder how to install it and set it up from the scratch. And make it more powerful by adding some … Continue reading

Posted in LINUX, PENTEST, Security | Tagged , , , , , , , , | 1 Comment

Sending syslog messages from a Linux box to SIEM

Let’s imagine that we need to direct log messages from our Linux box to SIEM solution. For centralized management/backup or correlation purposes. How do we do that? This article is about SuSE Linux or SLES, but it can be easily … Continue reading

Posted in LINUX, Security | Tagged , , , , | Leave a comment

Initial setup of Palo Alto Networks Next Generation Firewall

Ok, we just unboxed our PA-500 NG Firewall and we want to deploy it in our network for variety of purposes. Before we deploy it, there are several steps that should be taken care of, such as assigning IP parameters, registering … Continue reading

Posted in Firewall, Paloalto, Security | Tagged , , | 56 Comments

Creating and applying a security profile

By now we have our, let’s call it, a cloud. It looks like this: We have two tenants each of which has one client and one server. Each tenant has a VSG assigned to it from the previous blog. To … Continue reading

Posted in Cisco, Cloud, Security, Virtualization | Tagged , , , , | 1 Comment