Cisco Cisco Firepower Management Center 2000
27-15
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
•
To allow specific web applications, follow the directions in
.
Step 7
Specify the protocols you want to allow.
To add a protocol, next to
Allowed Protocols
, follow the directions in
. Note that ARP, IP, TCP, and UDP are always allowed.
Adding an Application Protocol to a Host Profile
License:
FireSIGHT
You can configure a compliance white list, using either a shared host profile or a host profile that belongs
to a single white list, to allow certain application protocols to run on specific operating systems. You can
also configure a white list to allow certain application protocols to run on any valid target; these are
called globally allowed application protocols.
to a single white list, to allow certain application protocols to run on specific operating systems. You can
also configure a white list to allow certain application protocols to run on any valid target; these are
called globally allowed application protocols.
For any allowed application protocol, you can either specify the type of application protocol that you
want to allow — FTP and SSH are examples of application protocol types — or you can allow a custom
application protocol by specifying an application protocol type of
want to allow — FTP and SSH are examples of application protocol types — or you can allow a custom
application protocol by specifying an application protocol type of
any
. You must also specify the
protocol the allowed application protocol uses (TCP or UDP). You can allow the application protocol on
any port, or restrict it to a port that you specify.
any port, or restrict it to a port that you specify.
Optionally, you can require that the application protocol server have a specific vendor or version. For
example, you could allow SSH to run on Linux hosts on port 22. You could also restrict the particular
vendor and version to OpenSSH 4.2.
example, you could allow SSH to run on Linux hosts on port 22. You could also restrict the particular
vendor and version to OpenSSH 4.2.
To add an application protocol to a compliance white list host profile:
Access:
Admin
Step 1
While you are creating or modifying a white list host profile, click the add icon (
)next to
Allowed
Application Protocols
(or next to
Globally Allowed Application Protocols
if you are modifying the Any
Operating System host profile).
A pop-up window appears. The application protocols listed are:
•
application protocols that you created within the white list
•
application protocols that existed in the network map when you surveyed your networks as described
in
in
•
application protocols that are used by other host profiles in the white list, which may include built-in
application protocols created by the VRT for use in the default white list
application protocols created by the VRT for use in the default white list
Step 2
You have two options:
•
To add an application protocol already in the list, select it and click
OK
. Use Ctrl or Shift while
clicking to select multiple application protocols. You can also click and drag to select multiple
adjacent application protocols.
adjacent application protocols.
The application protocol is added. Note that if you added a built-in application protocol, its name
appears in italics. You can skip the rest of the procedure, or optionally, to change any of the
application protocol’s values (such as the port or protocol), click the application protocol you just
added to display the application protocol editor.
appears in italics. You can skip the rest of the procedure, or optionally, to change any of the
application protocol’s values (such as the port or protocol), click the application protocol you just
added to display the application protocol editor.
•
To add a new application protocol, select
<New Application Protocol>
and click
OK
.
The application protocol editor appears.