Cisco Cisco Firepower Management Center 4000 Installationsanleitung
1-4
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 1 Introduction to Cisco NGIPS for Blue Coat X-Series
Components of the FireSIGHT System
•
•
FireSIGHT
FireSIGHT™ is Cisco’s discovery and awareness technology that collects information about hosts,
operating systems, applications, users, files, networks, and vulnerabilities, in order to provide you with
a complete view of your network.
operating systems, applications, users, files, networks, and vulnerabilities, in order to provide you with
a complete view of your network.
You can use the Defense Center’s web interface to view and analyze data collected by FireSIGHT. You
can also use this data to help you perform access control and modify intrusion rule states. In addition,
you can generate and track indications of compromise on hosts on your network based on correlated
event data for the hosts.
can also use this data to help you perform access control and modify intrusion rule states. In addition,
you can generate and track indications of compromise on hosts on your network based on correlated
event data for the hosts.
Access Control
Access control is a policy-based feature that allows you to specify, inspect, and log the traffic that can
traverse your network. An access control policy determines how the system handles traffic on your
network. You can use a policy that does not include access control rules to handle traffic in one of the
following ways, using what is called the default action:
traverse your network. An access control policy determines how the system handles traffic on your
network. You can use a policy that does not include access control rules to handle traffic in one of the
following ways, using what is called the default action:
•
block all traffic from entering your network
•
trust all traffic to enter your network without further inspection
•
allow all traffic to enter your network, and inspect the traffic with a network discovery policy only
•
allow all traffic to enter your network, and inspect the traffic with intrusion and network discovery
policies
policies
You can include access control rules in an access control policy to further define how traffic is handled
by targeted devices, from simple IP address matching to complex scenarios involving different users,
applications, ports, and URLs. For each rule, you specify a rule action, that is, whether to trust, monitor,
block, or inspect matching traffic with an intrusion or file policy.
by targeted devices, from simple IP address matching to complex scenarios involving different users,
applications, ports, and URLs. For each rule, you specify a rule action, that is, whether to trust, monitor,
block, or inspect matching traffic with an intrusion or file policy.
For each access control policy, you can create a custom HTML page that users see when the system
blocks their HTTP requests. Optionally, you can display a page that warns users, but also allows them
to click a button to continue to the originally requested site.
blocks their HTTP requests. Optionally, you can display a page that warns users, but also allows them
to click a button to continue to the originally requested site.
As part of access control, the Security Intelligence feature allows you to blacklist (that is, deny traffic to
and from) specific IP addresses before the traffic is subjected to analysis by access control rules.
and from) specific IP addresses before the traffic is subjected to analysis by access control rules.
Geolocation conditions are not supported, and you cannot block traffic based on user or application
conditions using Cisco NGIPS for Blue Coat X-Series.
conditions using Cisco NGIPS for Blue Coat X-Series.
Access control includes intrusion detection and prevention, file control, and advanced malware
protection. On Cisco NGIPS for Blue Coat X-Series, you cannot do advanced malware protection. For
more information, see the next sections.
protection. On Cisco NGIPS for Blue Coat X-Series, you cannot do advanced malware protection. For
more information, see the next sections.
Intrusion Detection and Prevention
Intrusion detection and prevention allows you to monitor your network traffic for security violations and,
in inline deployments, to block or alter malicious traffic.
in inline deployments, to block or alter malicious traffic.