topic There isn't one that I know in Network Security

Official Hardening Guide for Firepower 4100 Series

seekianherng — Sun, 10 Mar 2019 13:47:46 GMT

hi,

Anyone know if there's a official hardening guide for Cisco Firepower 4100 series platform ?

I only manage to find guide for ASA Firewall

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200150-Cisco-Guide-to-Harden-Cisco-ASA-Firewall.html

Thank you.

There isn't one that I know

Marvin Rhoads — Tue, 14 Mar 2017 13:50:55 GMT

There isn't one that I know of. However note if you are running the ASA image you can follow that. FTD is too new to have one out.

Note there are some features introduced in FX-OS 2.1(1) that are specific to hardening. Among them are:

■You can now use the FXOS Chassis Manager to enable FIPs/Common Criteria mode to support achieving compliance with FIPS (Federal Information Processing Standard) 140-2 and Common Criteria security certifications.

■FXOS 2.1(1) contains several new features and numerous enhancements to support achieving compliance with the UC-APL (Unified Capabilities Approved Product List) security certification:

–Enable/Disable FIPS/CC Mode using Firepower Chassis Manager

–Configuring Management ACL (ip-block) via Firepower Chassis Manager

–Configuring SSH Server – MAC Authentication via Firepower Chassis Manager

–Configuring SSH Server – Encryption Algorithms via Firepower Chassis Manager

–Login Notifications

–Periodic update of CRL list

–Client Cert authentication

■You can now enable NTP server authentication.

Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos211/release/notes/fxos211_rn.html#pgfId-148118

Re: Official Hardening Guide for Firepower 4100 Series

toddlammle — Thu, 04 Jan 2018 20:42:13 GMT

I wrote something in my blog about the ICMP issues (https://www.lammle.com/about/blog/) where I discuss how the FTD is NOT like the ASA...this basically describes the hardening problem and provides only the ICMP solution.

I am working hard on writing a hardening chapter for my new FTD book..March 2018!

This is desperately needed by ALL my customers!!

Todd Lammle

Re: Official Hardening Guide for Firepower 4100 Series

John500 — Tue, 15 Jan 2019 10:31:28 GMT

Does anyone have Cisco Firepower, FTD, FMC hardening guide.

Re: Official Hardening Guide for Firepower 4100 Series

toddlammle — Tue, 15 Jan 2019 14:33:04 GMT

So I started discussing this a year or so ago with some of my staff, and the reality is the hardening for the FMC is System>Configuration, but the real hardening for the FTD is completely in the Device>Platform Settings.

It wasn’t enough to write a book about, but it is very important, so I added the intense labs into my class and also did a video series on it at my web site.

I can’t list the web site or they’d just delete it here, but its my name ☺

Thanks!

Todd Lammle

Re: Official Hardening Guide for Firepower 4100 Series

Sheraz.Salim — Tue, 15 Jan 2019 16:51:40 GMT

Hello Sir I am your big fun @tod