Blog

Cisco Firepower Terminology

Legend :
Cisco CDO = Cisco Defense Orchestrator
Cisco FTD = Cisco Firepower Threat Defense
Cisco FMC = Cisco Firepower Management Center
Cisco FDM = Cisco Firepower Device Management
Cisco FXOS = Cisco Firepower eXtensible Operating System

————————————————————————————————–

Cisco FTD is unified code for firewall capabilities AND IPS capabilities
Cisco FMC is your application to manage FTD devices (off-box)
Cisco FDM is your application to manage one FTD device (on-box)
Cisco FXOS is underlay OS in Cisco Firepower 4100/9300 chassis where you can install above it ASA , FTD , Radware DDoS software ( AS three physical modules in one chassis )

Cisco CDO is your cloud application to manage ASA , ASA 5500-X with FirePOWER Services , Firepower 2100/4100/9300

Cisco Firewalls that can use FTD are ASA 5500-X with FirePOWER Services , Firepower 2100/4100/9300.

Cisco FMC can manage also Firepower 7000/8000 and Firepower Services for Cisco ASA.

Cisco FXOS is the underlying operating system that manages hardware platforms like FP4100 and FP9300.

Those platforms can run different applications on them, such as FTD  ,Cisco ASA image, or even a third-party software like Radware anti-DoS.

————————————————————————————————–

In old days we used to have the following:
ASA is device with code for firewall capabilities only
ASDM is your application to manage ASA devices
Firepower 7000/8000 device with code for IPS capabilities only
Cisco FMC (aka FireSIGHT)  is your application to manage Firepower 7000/8000 and other Firepower devices
ASA with Firepower is device for firewall capabilities AND IPS capabilities, this code could be unified (FTD) or separate ASA code + Firepower (ips) code , in this case only Firepower code can be managed by Cisco FMC , for ASA we use ASDM.

————————————————————————————————–

Lets not forget Cisco firewall for ICS and IoT networks ISA 3000:
Cisco Industrial Security Appliance 3000 platforms can run either the Cisco ASA Firewall, Cisco ASA Firewall plus Sourcefire FirePOWER (ASA+FP) or Cisco Firepower Threat Defense (FTD).

Also for small business we have Meraki MX Series Firewall

Cisco Firepower Compatibility Guide
https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html

 

Kali 2020.1 New Adds for CEH, Pen Test+ and OSCP

If you download Kali 2020 version
https://www.kali.org/releases/kali-linux-2020-1-release/

,You might need to read this

Default username: kali password: kali

no more root/toor by default

To type commands need admin rights such as ifconfig , you use sudo , example:
sudo ifconfig

root account still exists , if you want to use it , follow the following steps:
1: Issue command “sudo su” in terminal
2: Enter the password for the kali account
3: Issue command “passwd root” in terminal
4: Make a password for the root account and retype it
5: Click logout and type
username: “root” (no caps) and
password: “{the one that you entered at step 4}”

1
KALI interface can looks like Windows 10 if you want that , open terminal and type:
kali-undercover
To stop it run the above command again (its just a script)

Also PowerShell is now can be run in Kali, bring the ability to execute PowerShell scripts directly on Kali ,to install the feature type:
apt update
apt install powershell
To run powershell in your Kali terminal type:
pwsh

To run powershell in your Kali terminal type:
exit

4

6

List of Kali 2020 Hacking tools:

https://tools.kali.org/tools-listing

Be aware that some tools versions are updated and coming with new GUI as well such as Ettercap

7

Kali 2020 removed all tools based in Python version 2  but unfortunately Kali OS still coming by default with python 2.7 , you will need to install python 3.8 by yourself.

 

Yasser Ramzy Auda

 

SD-WAN to replace MPLS ? nay

I started with SD-WAN end of 2019 when a customer asked  to set with me for few days to explain Cisco SD-WAN.

I followed Cisco SD-WAN Operation and Deployment (ENSDW) course outline.

While I am preparing, I found all viptela components and terminology were really easy to understand.

The 4Vs in cisco viptela are similar to the three VeloCloud Components etc

But since I knew that my training could be change to  a  consultation session , I asked myself ,

WHY , WHY we are doing SD-WAN ?

And I found that the answer is also the same answer for another question which is

What is next?

What is next after implementing transport connections (colors) to connect my branches with HQ using MPLS , 4G …etc?

To answer that I decide to think like I am the customer and since nowadays, the majority of enterprise traffic flows to public clouds and the Internet, I found the following:

I need to see the connections between my HQ/ branches automated, smart and policy based with centralized management.

I need to have the capability to add more branches without touching or changing anything in my color

I need to have the capability to automate my QoS settings and make it change dynamically based in real time bandwidth monitoring

I need to have capability to communicate over my SD-WAN fabric with my cloud services such as office 365 & Salesforce.com (SaaS) or even communicate with branch that is completely exists in AWS (IaaS)  .

Also how all of this will be secure and how security services layer can be added dynamically to all of it.

SD-WAN try to help us with these new requirements for security, application performance, cloud connectivity, WAN management, and operations

It fully integrates routing, security, centralized policy, and orchestration into large-scale networks.

It is multi-tenant, cloud-delivered, highly-automated, secure, scalable, and application-aware with rich analytics.

With Cisco SD-WAN Cloud OnRamp, the SD-WAN fabric continuously measures the performance of a designated application through all permissible paths from a branch (i.e. MPLS, Internet, and 4G LTE).

The Cisco SD-WAN fabric automatically makes real-time decisions to choose the best-performing path between the end users at a remote branch and the cloud application.

sd

What all of the above doing with MPLS? The simple answer is nothing

MPLS is just one of many a underlay networks we can use to have our overlay SD-WAN fabric

I can say people who compare MPLS with SD-WAN are not really understand what is SD-WAN.

Also they skip the fact that MPLS is not only MPLS L3 VPN.

Anyway , replacement for MPLS as transport option  could be a high speed Internet connection (if we can ensure privacy to it).

Another more realistic replacement option for MPLS could be SRv3 , specially when to come to MPLS TE.

I wrote this article as introduction to cisco SD-WAN:

https://learningnetwork.cisco.com/s/article/cisco-sd-wan-introduction-part-1

Also Cisco SD-WAN Viptela Resources and prerequisites:

https://learningnetwork.cisco.com/s/article/cisco-sd-wan-viptela-resources-and-prerequisites

Yasser Ramzy Auda

My Free Technical Sessions in August

Cisco ISE Deployment Session
Sat, Aug 8, 2020 11:00 PM – 1:00 AM (GMT+04:00)
Presented by me , Free , Language English

Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/245002845

You can also dial in using your phone.
United States: +1 (224) 501-3412

Access Code: 245-002-845

New to GoToMeeting? Get the app now and be ready when your first meeting starts:
https://global.gotomeeting.com/install/245002845

Tools & Techniques for Cisco DevNet Certifications
Sat, Aug 15, 2020 11:00 PM – 1:00 AM (GMT+04:00)

Presented by me , Free , Language English

Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/907198509

You can also dial in using your phone.
United States: +1 (646) 749-3122

Access Code: 907-198-509

New to GoToMeeting? Get the app now and be ready when your first meeting starts:
https://global.gotomeeting.com/install/907198509