[python]Cisco FMC REST API example – GET Server version and add device to Cisco FMC

Introduction The version used for this lab is Cisco FMC 6.4.0, and Cisco FTD used is 6.3.0. To access the Cisco FMC REST API, you need to ensure it is enabled. You can test it by going to https:///api/api-explorer if you can see the swagger like documentation then the REST API is enabled, you can … Continue reading [python]Cisco FMC REST API example – GET Server version and add device to Cisco FMC

Cisco IPS: Anomaly detection Introduction

Introduction Cisco IPS 4240 establishes a baseline (normal traffic) and uses this baseline to check for deviation from traffic patterns to determine if there is anomaly in the network. This detection technique mainly detects worm attacks originated from host/s in the network. Worm propagated by email, instant messages and file sharing cannot be detected by … Continue reading Cisco IPS: Anomaly detection Introduction

Cisco IPS: Allowing Global Correlation update through ASA5505

Management only interface Cisco ASA has a management only interface which you have to disable in order to allow IPS to get global correlation update. management-only command denies traffic that is not destined to the ASA itself. IPS that connects to management-only interface will never get updates from the internet. Conditional NAT ASA5505 allows you … Continue reading Cisco IPS: Allowing Global Correlation update through ASA5505

IPS: Update sid-msg.map

Reference: http://oinkmaster.sourceforge.net/faq.shtml You need to update the sid-msg.map in order for the events to show its description, if sid-msg.map is not updated the events will be like Snort Alert [1:19187:2]. To update the sid-msg.map download the tar file from oinkmaster. Inside the tar file contains a perl script create-sidmap.pl. Use this perl script to update … Continue reading IPS: Update sid-msg.map

IPS: Snort

Tested systems 1. CentOS 6.4 32-bit, kernel version 2.6.32-358.2.1.el6.i686. 2. CentOS 6.4 32-bit, kernel version 2.6.32.60-grsec (grsec patched kernel) 3. Virtualbox version 4.2.10. 4. Snort engine version 2.9.4. Snort rules version 2940. Reference guide There are numerous installation guide over the internet, however the guide written by nachum234 is by far the best of the … Continue reading IPS: Snort

Cisco Systems: IPS4360 Test case

Intrusion detection and prevention test This post demonstrate an example on how to do IPS factory acceptance test. Test plan parameters example Product:IPS4360-K9 Serial Number: abcdefg Date:27/Jan/2013 Purpose: This test is to test the ability for IPS to block malicious when a signature is matched. Procedure: On the attacker PC launch metasploit. Launch an attack … Continue reading Cisco Systems: IPS4360 Test case

Cisco Systems: IPS4360, Cisco Security Manager, simple example on how to create a test plan

Cisco IPS4360 The IPS4300 series is the latest intrusion prevention/detection system by Cisco Systems, it has two quad core CPUs, 8GB RAM and 8GB flash, it has an option for redundant power supply as well. If you are using Cisco security manager to manage be sure to use Cisco Security Manager version 4.3, Cisco Security … Continue reading Cisco Systems: IPS4360, Cisco Security Manager, simple example on how to create a test plan