Hi Everyone,
I'm looking for recommendations for the best methodology you follow for a typical internet access on the firepower firewalls. For this case people are allowed to use the internet for personal use (social, videos, email etc) so long as it is not deemed inappropriate. ACLs are obviously more locked down for access to other areas within the network, servers etc. The goal is block them from the obvious risks but there is trust placed in the end user actions and the end user security.
The methodology I am thinking is best is :
- Block known malicious URLs/IP’s based on the Cisco Talos feeds in Security Intelligence
- Block blacklists from custom feeds in the Security Intelligence
- On Employee networks on a DC SSL decrypt (MIM) for non banking and non trusted URLs (What is the best practice for selecting what to decrypt)
- Block packets that have signatures matching what the intrusion policy matches for high or above for Balanced Security and Connectivity
- Interactive block certain url based on category (porn, hate, uncategorized high risk etc)
- Block specific applications you don’t want people using (Category high risk, games, remote access apps etc)
- Block specific countries that you feel have no business relevance and are high risk
- Block specific ports (DNS for example so everyone has to use the internal DNS)
- Scan file transfers for malware and block malware
- Allow everything else
Is a final allow all something typically done or do most organizing still allow specific ports and application then block everything else??
I appreciate any feedback you can give for what methodology you follow.
Thank you,
