FirePower management interface

While installing Cisco FirePOWER on 5545-X, I was following the "Install and Configure a FirePOWER Services Module on an ASA Platform" guide.

One of the steps was to configure an IP address to the FirePower management interface. However, nowhere in the document it was mentioned how would that interface connect to the outside world.

So I tired to google it, and it looks like no one was asking that question: How would an internal module connect to the outside world? Not a single blog post about it. It just worked for everyone, no questions asked!

After digging around I found this document: "Cisco ASA FirePOWER Module Quick Start Guide"

And there I have found my answers:
  1. For 5585-X, FirePOWER is installed on a dedicated slot with its own mgmt0 interface.
  2. For 5545-X, FirePOWER module (SRF) is using the 5545-X's management0/0 interface. Which means that we can not use that interface for managment and it must be dedicated to FirePOWER!
  3. For the rest, it will use the "inside" interface.
 I would have expected a command to allow me to set up a bridge between the SRF management interface and some ifname on the ASA. But no, it is hard wired! Why?

VLAN Bridging with FirePOWER

Although not immediately obvious, the FirePOWER Series 3 devices can do a form of IPS on a stick. This means that the capability described here should be available to the current appliance versions of the FirePOWER managed devices. The premise involves connecting broadcast domains (VLANs) to bring the managed device inline between the initiator and responder of a flow. Configuration is fairly straightforward but does have some caveats.

Caveats

  • Even though only a single port is required, a virtual switch must be configured (this cannot just be an inline pair)
  • BPDUs being bridged between VLANs are detected and will render the switchport(s) in an inconsistent state
  • The FirePOWER physical interface will not activate until it is also bound to a Virtual Switch

FirePOWER Bridge VLANsThe diagram shows two devices in the same VLAN (we will assume /24 for the configuration). The device on the top is in VLAN 100. The FirePOWER managed device bridges VLAN 100 to VLAN 101 and allows the two devices to communicate directly with one another. The connection to the FirePOWER device is a single 802.1q trunk.

Frames arriving on VLAN 100 will be processed and egress with a VLAN tag of 101. This configuration is similar to a Continue reading

Mt. Gox CEO Karpeles arrested by Japanese police

The CEO of failed Bitcoin exchange Mt.Gox was arrested in Japan early Saturday by police, according to several media reports.Mark Karpeles faces charges related to the loss of 650,000 bitcoins worth hundreds of millions of U.S. dollars when the Tokyo-based trading exchange collapsed in February 2014.Karpeles, a French citizen, is suspected of accessing the company’s computer systems and falsifying financial data, according Japan’s Kyodo News.Japanese broadcaster NHK showed video of a man that appeared to be Karpeles being led to a car by police in a residential district of Tokyo. The TV station said the footage was recorded around 6:40am Saturday, or Friday afternoon U.S. time.To read this article in full or to leave a comment, please click here

Facebook says Flash security woes could hurt its business

Earlier this month, a security vulnerability in Adobe Flash compelled Google and Mozilla to temporarily block the plug-in from their browsers. Now, Facebook says the problems with Flash could hurt its bottom line.In a filing with U.S. regulators on Friday, Facebook said security issues with Flash could harm the revenue it collects from its Payments service. That’s because social games on Facebook rely on Flash, and they’re also the source for substantially all the revenue it gets from Payments.The company listed the concern for the first time among the “risk factors” in its quarterly filing. Public companies in the U.S. are required to disclose such risks to investors. It doesn’t mean Facebook’s revenue from Payments is about to collapse, but it means it’s enough of a concern that Facebook felt the need to disclose it.To read this article in full or to leave a comment, please click here

Show 248 – GPON For Campus Use Cases

Gigabit Passive Optical Network (GPON) is an interesting alternative to traditional Ethernet in situations where Ethernet might be difficult or expensive to deploy. Network engineers Andy Burridge and Wallace Chase join us to talk about exactly what GPON is, potential use cases for the technology, and network design challenges.

The post Show 248 – GPON For Campus Use Cases appeared first on Packet Pushers.

Personal health information in the wrong hands can be painful

Credit card data isn’t quite the mother lode it once was for cyber thieves. Not only is its useful life generally brief, it also isn’t worth as much as it used to be.But cyber criminals are, among other things, adaptable. As Daniel Berger, CEO of Redspin puts it, "hackers are bad guys but good economists.” So they simply turn to something that provides a bigger bang for the buck.And that, increasingly, is the data you voluntarily turn over to doctors, hospitals and health insurers, known as PHI, or Personal Health Information.MORE ON CSO: How to spot a phishing email The Identity Theft Resource Center reported in January that of reported breaches, the healthcare sector had the most for three years in a row, with 42.5% of the total in 2014.To read this article in full or to leave a comment, please click here

Bucharest, Romania: CloudFlare’s 37th data center

Our global expansion continues in Bucharest, Romania, the 6th largest city in the European Union* following London, Berlin, Madrid, Rome, and Paris (nearly all of which feature a CloudFlare PoP!). From Bucharest, our latest data center will serve all 11 million Romanian Internet users, as well as users throughout the Balkans and Eastern Europe.

In good company

Romania is geographically situated between Bulgaria, Hungary, Moldova, Serbia, and Ukraine, making it an ideal destination to attract additional Internet traffic throughout much of Eastern Europe. Of course, geographic reality is rarely a mirror of Internet reality. Adding a new point of presence doesn't automatically mean that traffic from surrounding areas (or even traffic in the very same country) will route to that particular data center. This entirely depends on the interconnection of International carriers with local Internet service providers (ISPs) and large networks like CloudFlare.

It is for this precise reason that we place even more emphasis on our interconnection within a particular PoP as opposed to the absolute number of dots we add to our network map. Of course, the combination of the two (expanding wide and deep) is even better, and is why CloudFlare is blazing fast Continue reading

ISP argues net neutrality rules violate its right to block content

The U.S. Federal Communications Commission’s net neutrality rules violate the free speech rights of broadband providers because the regulations take away their ability to block Web traffic they disagree with, one ISP has argued.The FCC’s net neutrality rules take away broadband providers’ First Amendment rights to block Web content and services, ISP Alamo Broadband argued to an appeals court this week. While not a new argument for ISPs, it’s a curious one, given that most broadband providers have argued the regulations aren’t needed because they promise never to selectively block or degrade Web traffic.The FCC rules violate the First Amendment because they prohibit broadband providers’ ability to engage in political speech by “refusing to carry content with which they disagree,” wrote lawyers for Alamo Broadband, a small wireless ISP based in Elmendorf, Texas. Broadband providers, by carrying their own and other Web content, have the ability to “exercise editorial discretion,” wrote lawyers with Wiley Rein, a Washington, D.C., law firm.To read this article in full or to leave a comment, please click here

Former Hacking Team developer reportedly in contact with a terrorist group

An individual who did work for Hacking Team was in contact with hackers working for a terrorist organization, and disgruntled employees—who deny the charge—were planning to sell an antidote to the spyware vendor’s surveillance software, an Italian newspaper reported Friday.A general in the Italian foreign intelligence service (AISE), identified as “G” in internal emails published by WikiLeaks three weeks ago, told Hacking Team CEO David Vincenzetti that “an ex-collaborator of Hacking Team is working with foreign hackers who collaborate with terrorist organizations,” according to Il Fatto Quotidiano.Hacking Team, a Milan-based company that sold surveillance software to law enforcement agencies around the world and was criticized for helping oppressive regimes crack down on their political opponents, suffered a disastrous security breach at the beginning of July, with 400 GB of confidential information eventually dumped online.To read this article in full or to leave a comment, please click here

PlexxiPulse—Partnering with Arrow

This week, we announced today an exclusive distribution agreement with one of the largest and most innovative distributors in the industry, Arrow Electronics. Under this agreement, Arrow’s Enterprise Computing Business will become the sole distributor of our next-generation networking products and solutions for scale-out applications, agile datacenters and distributed cloud environments. This agreement represents a joint vision that a new generation of Third Platform applications (IoT, Big Data, social, mobile and distributed apps) demand a new software-defined infrastructure to meet the demands for scale-out, virtualized computing. If you’re interested in learning more about our partnership with Arrow, take a look at the CRN Exclusive article on this announcement.

Below please find a few of our top picks for our favorite news articles of the week. Have a great weekend!

eWEEK: Enterprise Cloud Economy Booming, Driven by Big Data
By Nathan Eddy
The SteelBrick report analyzes how enterprise companies are selling to customers and also examines B2B selling trends compared to this time last year. The market for enterprise technology products is booming, with 72 percent of high-technology providers reporting growth in sales quote volumes, and 42 percent reporting accelerating sales cycles, according to a report from SteelBrick. The report analyzes Continue reading

Italian police shutter Dark Web marketplace

Italian police have shut down a Dark Web marketplace offering illegal goods ranging from child pornography to forged luncheon vouchers, and seized 11,000 bitcoin wallets worth about 1 million euros, authorities said Friday.Officials compared the marketplace discovered by “Operation Babylon” to the Silk Road online black market that was taken down by the U.S. Federal Bureau of Investigation in 2013.More than 14,000 people had signed up to the illegal community, which was allegedly run by an Italian living near Naples. There was evidence of 170,000 transaction messages on the Tor platform, which provided 12 kinds of hidden services, police said. These ranged from pornographic images to arms, drugs, false identity papers, hacker kits and credit card codes.To read this article in full or to leave a comment, please click here

Black Hat 2015: Cracking just about anything

Researchers at the Black Hat 2015 conference next week will show how to crack Internet routing protocols, malware-detecting honeypots, radio-frequency ID gear that gates building access, and more, but also offer tips on how to avoid becoming victims to their new attacks.A pair of researchers will release a hardware device that exploits weaknesses in RFID access controls and show how to use it to break into buildings. The device exploits the communication protocol used by most access-control systems, according to the team, Eric Evenchick, a freelance developer, and Mark Baseggio, a security consultant for Accuvant.+ ALSO ON NETWORK WORLD: The Black Hat Quiz 2014 +To read this article in full or to leave a comment, please click here

Ad group urges FTC to reject right to be forgotten in US

The U.S. Federal Trade Commission should reject a privacy group’s push to extend the E.U.’s controversial right to be forgotten rules to the U.S. because such regulations would have a “sweeping” negative effect on many U.S. companies, a trade group said.The FTC should dismiss a July 7 complaint from Consumer Watchdog against Google, the Association of National Advertisers [ANA] said Friday, because the privacy group’s request that Google and other Internet firms enforce the right to be forgotten could open the door to more European privacy regulations in the U.S.To read this article in full or to leave a comment, please click here

Ad group urges FTC to reject right to be forgotten in US

The U.S. Federal Trade Commission should reject a privacy group’s push to extend the E.U.’s controversial right to be forgotten rules to the U.S. because such regulations would have a “sweeping” negative effect on many U.S. companies, a trade group said.The FTC should dismiss a July 7 complaint from Consumer Watchdog against Google, the Association of National Advertisers [ANA] said Friday, because the privacy group’s request that Google and other Internet firms enforce the right to be forgotten could open the door to more European privacy regulations in the U.S.To read this article in full or to leave a comment, please click here

1 3,387 3,388 3,389 3,390 3,391 3,854