The National Security Agency (NSA) has recently released a set of best practices for configuring and hardening Cisco Firepower Threat Defense (FTD) systems. These guidelines aim to assist network and system administrators in effectively configuring and securing Next Generation Firewalls (NGFW) for enhanced organizational security.
Cisco FTD systems offer a range of security features, including application visibility and controls (AVC), URL filtering, user identity and authentication, malware protection, and intrusion prevention. Properly configuring these systems is crucial to optimizing their performance and ensuring the overall security of the organization.
The NSA’s best practices document highlights several key practices that administrators should implement to improve the security of Cisco FTD systems. These practices include implementing access control, intrusion prevention policies, SSL policies, malware and file policies, enabling secure VPN settings, and hardening the FXOS (Firewall Xtensible Operating System).
Access control implementation is crucial for establishing a refined and controlled flow of desired traffic while minimizing unauthorized access and preventing the entry of undesirable traffic. These policies also restrict threat actors from accessing specific network resources, whether internal or external.
The implementation of intrusion prevention policies allows for the control of traffic on the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). These policies are inherited from Cisco Talos base policy templates, including Balanced Security and Connectivity, Connectivity over Security, Maximum Detection, and Security over Connectivity.
SSL policies are essential for inspecting and decrypting encrypted traffic within the Cisco FTD system. These policies primarily focus on Transport Layer Security (TLS). The components of SSL decryption involve a TLS proxy, session setup, and application data.
To effectively control the type of files allowed, blocked, or inspected within the system, administrators should implement malware and file policies. These policies cover all the traffic passing through the device and offer multiple actions for incoming files, such as detect, block, malware cloud lookup, and block malware. They also include static, dynamic, and local analysis.
Enabling secure VPN settings is crucial for creating a VPN with the device using secure protocols and strong encryption algorithms. The NSA recommends protocols such as Internet Key Exchange (IKE) version 2 (IKEv2) key management protocol due to its adherence to IPsec and Security Association (SA) standards.
Hardening the FXOS, the operating system used on Cisco Firepower devices, is essential for preventing exploitation. Regularly upgrading FXOS to the latest version is recommended to ensure optimal security.
The complete report detailing these best practices is available on the NSA’s website. Organizations are advised to review the guide and implement the measures accordingly to mitigate potential threats from adversaries.
By following these best practices, network and system administrators can enhance the security posture of their Cisco FTD systems and better protect their organization’s sensitive data and resources.
Stay informed about the latest cybersecurity news and developments by following us on Google News, Linkedin, Twitter, and Facebook.
Source: [GBHackers](https://gbhackers.com/cisa-released-free-cloud-security-tools-to-secure-cloud-data/)