Getting Traffic to a Virtual Firepower Sensor

I wanted to jot down some quick notes relating to running a virtual Firepower sensor on ESXi and how to validate that all the settings are correct for getting traffic from the physical network down into the sensor.

Firepower is the name of Cisco’s (formerly Sourcefire’s) so-called Next-Gen IPS. The IPS comes in many form-factors, including beefy physical appliances, integrated into the ASA firewall, and as a discrete virtual machine.

Since the virtual machine (likely) does not sit in-line of the traffic that needs to be monitored, traffic needs to be fed into the VM via some method such as a SPAN port or a tap of some sort.

1 – Validate vSwitch Settings

This is probably not a very real-world example since most environments will be running some form of distributed vSwitch (dvSwitch) and not the regular vSwitch, but all I’ve got in my lab is the vSwitch, so work with me. The same considerations apply when running a dvSwitch.

Ensure that the port-group where you’re attaching the NGIPSv allows promiscuous mode. The NGIPSv acts as sniffer and will attempt to put its NICs into promisc mode.

NGIPSv_ESXi_Port_Group_Promisc
Set ESXi Port Group to Allow Promiscuous Mode

Set this either at Continue reading

IDG Contributor Network: 3 ways to protect data and control access to it

Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical Security Controls are best practices devised by the Center for Internet Security (CIS), a nonprofit dedicated to improving cybersecurity in the public and private sectors.A company’s data is its crown jewels, and because it’s valuable, there will always be people looking to get their hands on it. Threats include corporate espionage, cybercriminals, disgruntled employees and plain old human error. Fortunately it’s relatively easy to reduce your potential exposure. It calls for protecting your data, using encryption and authentication, and carefully restricting access.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 ways to protect data and control access to it

Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical Security Controls are best practices devised by the Center for Internet Security (CIS), a nonprofit dedicated to improving cybersecurity in the public and private sectors.A company’s data is its crown jewels, and because it’s valuable, there will always be people looking to get their hands on it. Threats include corporate espionage, cybercriminals, disgruntled employees and plain old human error. Fortunately it’s relatively easy to reduce your potential exposure. It calls for protecting your data, using encryption and authentication, and carefully restricting access.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Skull-produced sounds could replace existing biometric authentication

Are you happy with your on-device biometric fingerprint scanner? I’m not. The scanner on my most recent tablet has failed to unlock the device. The cause then was probably dirty hands coming in from the garage. I disabled that biometric experiment—likely never to be used again.I'm not the only one who sometimes disregards security in favor of ease of use. Half of passwords are more than 5 years old, a report found last year. And three-fourths of those surveyed then said they use duplicate passwords. Clearly not secure. The more complicated and consequently secure one makes the password, though, the harder it is to remember.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Skull-produced sounds could replace existing biometric authentication

Are you happy with your on-device biometric fingerprint scanner? I’m not. The scanner on my most recent tablet has failed to unlock the device. The cause then was probably dirty hands coming in from the garage. I disabled that biometric experiment—likely never to be used again.I'm not the only one who sometimes disregards security in favor of ease of use. Half of passwords are more than 5 years old, a report found last year. And three-fourths of those surveyed then said they use duplicate passwords. Clearly not secure. The more complicated and consequently secure one makes the password, though, the harder it is to remember.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hitachi forms unit to drive IoT opportunities

News today from Hitachi is that the company is forming a new, standalone Silicon Valley-based unit to explore and execute upon opportunities within the Internet of Things.This is interesting, since the parent group, Hitachi Limited, has a dizzying variety of business units, many (if not most) of which have their own IoT opportunities. Indeed, when attending a Hitachi Data Systems conference last year, I was amazed at the variety of businesses that fall under the Hitachi moniker. Many of those businesses were demonstrating in the expo hall, and a huge number had an IoT bent to what they were doing.To read this article in full or to leave a comment, please click here

The vendors that got you here may not get you there

IT departments eager to meet their goals for digital transformation should evaluate whether their traditional IT vendors are adapting to new technologies fast enough or whether to enlist a new crop of more innovative vendors, says research and advisory firm IDC.To read this article in full or to leave a comment, please click here(Insider Story)

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund or the contingency account in case of unexpected circumstances. But what if those circumstances are a data breach that is bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up the proverbial creek without a paddle but fear not as some security pros are willing to throw out a lifeline to help you at least get your head above the water with some sage advice. The common theme when asked about where to cut corners was to make sure your policies and procedures are sewn up tight. There are really no corners to cut but more about having solid policies in place.To read this article in full or to leave a comment, please click here(Insider Story)

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund or the contingency account in case of unexpected circumstances. But what if those circumstances are a data breach that is bigger than you could have ever imagined? And you don’t have cyberinsurance?Look to open sourceTo read this article in full or to leave a comment, please click here(Insider Story)

Attackers are probing and exploiting the ImageTragick flaws

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.The flaws were publicly disclosed last Tuesday by researchers who had reason to believe that malicious attackers already had knowledge about them after an initial fix from the ImageMagick developers proved to be incomplete. The flaws were collectively dubbed ImageTragick and a website with more information was set up to attract attention to them.To read this article in full or to leave a comment, please click here

Attackers are probing and exploiting the ImageTragick flaws

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.The flaws were publicly disclosed last Tuesday by researchers who had reason to believe that malicious attackers already had knowledge about them after an initial fix from the ImageMagick developers proved to be incomplete. The flaws were collectively dubbed ImageTragick and a website with more information was set up to attract attention to them.To read this article in full or to leave a comment, please click here

Bangladesh central bank hack may be an insider job, says FBI

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of US$81 million from the bank through a complex hack, according to a newspaper report.The number of employees involved could be higher, with people familiar with the matter suggesting that a handful of others may also have assisted hackers to negotiate Bangladesh Bank’s computer system, The Wall Street Journal reported on Tuesday.Bangladesh Bank officials could not be reached for comment.To read this article in full or to leave a comment, please click here

Bangladesh central bank hack may be an insider job, says FBI

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of US$81 million from the bank through a complex hack, according to a newspaper report.The number of employees involved could be higher, with people familiar with the matter suggesting that a handful of others may also have assisted hackers to negotiate Bangladesh Bank’s computer system, The Wall Street Journal reported on Tuesday.Bangladesh Bank officials could not be reached for comment.To read this article in full or to leave a comment, please click here

IBM’s Watson is going to cybersecurity school

It's no secret that much of the wisdom of the world lies in unstructured data, or the kind that's not necessarily quantifiable and tidy. So it is in cybersecurity, and now IBM is putting Watson to work to make that knowledge more accessible.Towards that end, IBM Security on Tuesday announced a new year-long research project through which it will collaborate with eight universities to help train its Watson artificial-intelligence system to tackle cybercrime.To read this article in full or to leave a comment, please click here

IBM’s Watson is going to cybersecurity school

It's no secret that much of the wisdom of the world lies in unstructured data, or the kind that's not necessarily quantifiable and tidy. So it is in cybersecurity, and now IBM is putting Watson to work to make that knowledge more accessible.Towards that end, IBM Security on Tuesday announced a new year-long research project through which it will collaborate with eight universities to help train its Watson artificial-intelligence system to tackle cybercrime.To read this article in full or to leave a comment, please click here

1 3,008 3,009 3,010 3,011 3,012 3,872