EntWorld

Layer 2 mode : 

- FTD act for L2 bridge.

- No interface IP,

- no routing,

- MAC based Forwarding.

Snort 란 ?

오픈소스 IDS 엔진.

Cisco가 sourcefire를 인수, Snort는 ASA -> FirewPower - >FTD 내부 IPS 엔진으로 발전함.

FMC에서 snort 3->2로 바꿀수있다.Device>Inspection Engine에서 선택가능.

Snort 2 : Legacy IPS 
Snort 3 : New snort Engine

Hello, Protector,

Today I explain how to protect ransomware effect from importan maetarails and resources within Cisco ISE with FTD/FMC.

I my verbose, I have expreience about customer attack from attacker via ransomware.

This situation not only for other customer, but also impact to us site.

So Listen Carefully.

1st, If ransomware is enter to the user PC from pishing E-mail and Domain, or unidentified Files.

2nd, They obeserve ARP scan, Netbios , SMB(445) , RDP(3389), and AD server too. ( 1min ~ 3 min)

-> In this situation, we can look multiple session in Firewall, multiple acecss try in same segment.

3rd, rogue and steal the credential.(3min~ 5min)

4th, effect in same LAN.(5min ~ 15min)

5th, System paralized.(15min~)

So, We need quckly automated protect netework from virus & attacked computer via malware , etc..

Cisco ISE, and Cisco FTD/FMC 's PxGrid should protect automatecally from Policy based ACL, SGT.

SGT(Security Group tag) oritened Policy Based protect, not IP based,

So This is we can call about ZeroTrust Network.

ISE and when antivirus inpect the attack from PC, in 10~30second, FTD/FMC provisioning the DENY Policy to that PC.

Solution : 

1st , Effect virus impact in PC.

2nd,  ISE SGT change and with PxGrid, FTD/FMC change the access Policy

So Simple.

This is very useful and important at Plant network, If admin can't protect from them, factory will shutdown.

Cisco Secure Network ,  Only Protect Turnkey Solution for Plants and other customer site.

Thank you.

There are three DOO and four design included in examination.

So we hope to verify the details for exam at blog.

I will be back with quailty of document and infomration soon.

Thank you.