CCIE or Null!

My journey to CCIE!

Posts Tagged ‘SourceFire

SourceFire & AMP showing up on CCNP: Security

leave a comment »

sourcefirelogo

Looks like the SITCS Exam, that is part of the CCNP: Security exam is going from v1.0 to v1.5. SITCS is the exam oriented around ‘Implementing Cisco Threat Control Soluation’. Now, it only makes sense as the original version of this exam was more geared towards Cisco IPS & CX which has since been EoX’ed some time ago. If you have been studying for your CCNP: Security and are getting ready for SITCS v1.0 exam you still have time, Cisco kept the original exam available till December 31st of 2016 so you have until the end of year.

Cisco has published a dedicated PDF regarding the charges between the exams, which can be found here.

In a nutshell though:

  • EoX – Cisco IPS and CX software have been removed.
  • SourceFire & AMP Software has been added in as the replacement topics.
  • The exam code will be changed to 300-210 from 300-207

In my opinion, SourceFire documentation is still a little scarce even nowadays (Finding the proper version of User Agent on Cisco.com is still a bit of scavenger hunt) but hopefully this push for SourceFire knowledge will change that! (In the meantime I highly recommend checking out CiscLive365 and going through the available sessions, small collection here but it has not updated since Cisco Live 2016.)

As always, happy hunti…I mean studying!

Written by Stephen J. Occhiogrosso

September 22, 2016 at 9:00 AM

Where to start with Cisco & SourceFire

with 4 comments

sourcefirelogo

Since Cisco announced EoX for both it’s traditional IPS and it’s CX-Modules it’s been time to start looking at the new SourceFire modules, however that can be quite an undertaking since SourceFire is a completely different beast from its predecessors. Which raises the question where do you start to begin getting familiar with this new system.

I’ve found a good place to start is with a Cisco Live Sessions BRKSEC-2018 (Link below), the reason I like this session is the fact it covers many of the initial questions for implementing or migrating to the new platforms:

  • How is the new platform managed & maintained. Being able to successfully manage a platform is one of the most important aspects of deploying a technology. After you verify that technology will meet your deployment requirements of course.
  • What is the best way to migrate from the traditional IPS or CX platforms. whether or not you using a software module in the 5500-X ASA Firewalls, hardware modules in the 5585-X platforms, or if you have been using dedicated IPS appliances.
  • The new licensing structure. Sometimes we get lost in the technical details, however the licensing details can take our deployment and stop it dead in its tracks.
  • How the new policies work. Next-Gen IPS is a much needed and drastic change from its predecessor, understanding the new capabilities and how to configure these features are detrimental to a successful and secure deployment.

Outside of the deployment considerations, this session skims the surface of a technical deep dive. However, There are a handful of other Cisco Live Sessions, (links are below) that go more in depth into other aspects of SourceFire and FireSight’s capabilities.

The next best stop is going to be reviewing the configuration guide for FireSIGHT, which is the management platform for the SourceFire platforms. Like many other configuration guides you are looking down a few hundred intimidating pages. So it might be best to start off with the topics you need and then expand.

There are also some great Configuration Examples out on Cisco.com that cover topics from the initial setup and install, URL Filtering, Active Directory Integration and required permissions, to some SNORT examples.

Small collection of SourceFire Links:

A few CiscoLive365 sessions:

Written by Stephen J. Occhiogrosso

July 27, 2015 at 9:00 AM

%d bloggers like this: