BRKSEC Snort Implementation in Cisco Products Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems
|
|
- Teresa Cobb
- 6 years ago
- Views:
Transcription
1
2 BRKSEC-2137 Snort Implementation in Cisco Products Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems
3 Session Abstract Snort has become the de facto open standard for intrusion detection and intrusion protection. With the acquisition of Sourcefire in October, 2013, Snort is now one of the technologies used in Cisco products. This session will cover how Snort is implemented and deployed in Cisco product. No prior knowledge of Snort will be assumed, but some familiarity with IDS/IPS and firewall technologies is assumed.
4 Session Objectives Upon successful completion of this session, the attendee will be able to Describe the architecture of the Snort engine Describe the syntax of the Snort language Describe OpenAppID Describe how Snort is implemented in Cisco Sourcefire products Describe how Snort is implemented in other Cisco products
5 Agenda Introduction Snort Fundamentals OpenAppID Cisco Sourcefire Products Demonstration Other Cisco Products The Internet of Things Conclusion
6 Introduction
7
8 What is Cisco Sourcefire? Historical perspective Snort created Created by Martin Roesch in 1998 Snort is both a language and an engine Open source rapidly adopts and develops Snort Sourcefire founded Founded in 2001 by Martin Roesch Created a commercial version of Snort Sourcefire acquires Immunet cloud based anti-malware vendor Acquisition completed 2011 Cisco acquires Sourcefire Acquisition completed 2013 for $2,700,000,000
9 NSS Report on IPS Based on Sourcefire IPS technology
10 NSS Report on Breach Detection Based on Sourcefire AMP technology
11 New, Adaptive, Threat-focused NGFW Cisco Collective Security Intelligence Enabled WWW Clustering & High Availability Intrusion Prevention (subscription) FireSIGHT Analytics & Automation Advanced Malware Protection (subscription) URL Filtering (subscription) Network Firewall Routing Switching Application Visibility & Control Built-in Network Profiling Identity-Policy Control & VPN
12 NSS Report on NGFW Based on Cisco and Sourcefire technology
13 Snort Fundamentals
14 Snort Engine High-level Snort architecture Packet sniffer Packets are read using the Data AcQuisition library (DAQ) Packet decoder Decodes datalink, network and transport protocols Preprocessors Normalize traffic Detection engine Uses Snort rules to create signatures for threats Output module Handles the task of writing and displaying events DAQ libraries Network network Packet decoder Preprocessors Detection engine Output module Alert and log files
15 Snort Engine Packet sniffer (DAQ)
16 Snort Engine Packet sniffer (DAQ) Snort uses a Data Acquisition Module (DAQ) to collect packets The DAQ There is no native Snort packet capture library Different capture libraries may be used without the need to recompile Snort The DAQ promiscuously picks packets off the wire and passes it to the packet decoder DAQ mode inline, passive or read from file DAQ type PCAP The default DAQ AFPacket Like PCAP DAQ but with better performance, and allows inline operation IPQ The old way to process iptables packets. This replaces the compile option --enable-inline used in previous versions of Snort NFQ - This is the new and improved way to process iptables packets IPFW - Is used by BSD systems. It replaces the compile option --enable-ipfw
17 Snort Engine Packet decoder
18 Snort Engine Packet decoder
19 Snort Engine Packet decoder Decodes Layer 2 and Layer 3 protocols Focused on TCP/IP protocol suite Stores decoded packet information in data structures help in memory Data structures are utilized by the detection engine Configured at Snort start time (using CLI options of the configuration file) Specify DAQ mode Specify DAQ type Turn on or off alerting features of the decoder Exclude designated port/protocol pairs from inspection
20 Snort Engine Preprocessors
21 Snort Engine Preprocessors
22 Snort Engine Preprocessors Preprocessors play a vital function in network traffic inspection Present packets to the detection engine in a contextually relevant way Normalize traffic Alert if they detect anomalous conditions as defined by their settings Major preprocessors include the following frag3 Used to reassemble packet fragments prior to inspection stream5 Used to reconstruct TCP data streams so that inspection can be done in the context of a TCP conversation Protocol decoders Normalize TCP streams including: telnet, ftp, smtp, and rpc. http_inspect Normalizes http traffic DCE/RPC2 Used to decode and desegment DCE traffic sfportscan Used to detect portscans
23 Snort Engine Detection engine
24 Snort Engine Detection engine Consists of two components to perform inspection Rules builder Inspection component Rules builder On Snort startup, assembles rules into rule chains Optimizes rule matching by the inspection component Sources, destinations and port sources and destinations redundancies are eliminated Implements rules chains as linked lists Inspection component Matches traffic to a rule chain Further inspects traffic against the options in the matching rule chain
25 Snort Engine Output module
26 Snort Engine Output module Handles the task of writing and displaying events Supports several output formats Can send output to files or Syslog Can send logs and alerts in straight ASCII Can send packets in PCAP format Can use Unified2 format (the replacement for Unified format) Fast and lightweight binary format Can be converted to other formats by utilities such as Barnyard2 The output module can receive input from several sources The packet decoder sends data that can be use to produce PCAP output Preprocessors send alerts on detection of anomalous conditions The detection engine sends log and alert data when rules are matched
27 Snort Language Overview A simple lightweight language for identifying Security policy violations Known network attacks and IDS/IPS evasion techniques Snort language supports event filters Limit Alert on the a specified number of events during a specified time interval, then ignore events for the rest of the specified time interval. Threshold Only alert if the event is seen a specified number of times within a specified time interval Communication between rules is accomplished using flowbits Note: The snort engine is not restricted to the Snort language. It can use precompiled shared objects in addition to Snort rules.
28 Snort Language Rule structure Rule header Used to match traffic and perform Action (pass, drop, sdrop, alert, log) Protocol, Source, Destination 5-tuple Rule body Contains the message used for alerts Contains flow attributes Contains the Signature ID and revision number Can specify content or regular expressions in combinations and locations in packet Can read packet contents to calculate offsets Can set and read flowbits to link to other rules
29 Snort Language Oversimplified rules (used for testing) alert tcp any any -> any any (msg:"projectz detected"; content:"projectz"; sid: ; rev:1;) alert tcp any any -> any any (msg:"projectq replaced"; content:"projectq"; replace:"projectr" sid: ; rev:1;) Notes about rule action The second rule has replace in the body, so it performs an action not specified in the rule header In Cisco Sourcefire products, the action is typically configured in the Management GUI
30 Snort Language Sample Rule alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"server-mysql Database COM_FIELD_LIST Buffer Overflow attempt"; flow:to_server,established; content:" 04 "; depth:1; offset:4; pcre:"/^[^\x0d\x0a\x00]{512}/ir"; metadata:policy max-detect-ips drop, service mysql; reference:cve, ; classtype:attempted-user; sid:16703; rev:10; ) Variables (set to any by default) Flow attribute Alert text Content search Metadata Signature ID and revision number Rule header Rule body
31 Snort Language Host Attribute Table XML file associated with a particular IP address Specifies OS and service to port associations on the host Affect on preprocessors Frag3 and Stream5 Uses OS information to determine policy, that is, the OS to emulate in packet re-assembly. Application layer preprocessors Users the service information to determine protocol to port mapping. Affect on Snort rules through metadata attribute see next slide Sourcefire builds Host Attribute Tables Manually Through network discovery
32 Snort Language Metadata Example: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"malware-cnc Win.Spyware.Rombertik outbound connection"; ; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; ; classtype:attempted-user; sid:33161; rev:1; Open Source Snort Provides a way to annotate a rule Service attribute Host Attribute Table Sourcefire makes additional use of metadata attribute, including: Impact flag Action to take, based on intrusion policy
33 Snort 3.0 Alpha now available at Also known as Snort++ User-friendly design Built-in Documentation Built-in configuration Command shell allows interaction with running instance of snort Auto-Detection of all protocols on all ports Support multiple packet processing threads Current version is multi-threaded, but only on thread processes packets Protocol Simplified rule language
34 OpenAppID
35 OpenAppID Overview What is OpenAppID? Application Visibility and Control (AVC) done the right way An open source application-focused detection language Enables users to create, share and implement custom application detection Available for download as an extension of Snort from Road-mapped for Cisco Sourcefire products Calendar Year 2015 Key advantages New simple language to detect apps Reduces dependency on vendor release cycles Build custom detections for new or specific (ex. Geo-based) app-based threats Easily engage and strengthen detector solutions Application-specific detail with security events
36 The AppID Preprocessor Identifies the application Generates appid attributes (payload, misc, client, service) that can be used in snort rules. alert tcp any any -> any any (msg:"ftp CWD to root"; appid:ftp; pcre:"/cwd.*root/i"; gid: ; sid: ; rev:4; ) Leverages Snort HTTP preprocessor for header extraction Generates application statistics Statistics are stored in Uniform2 format Statistics file can be read with the u2openappid or u2spewfoo commands Statistics can be forwarded to Syslog by using the u2streamer command
37 AppID Preprocessor Configuration Syntax preprocessor appid : [memcap <memsize>,] [app_stats_filename <filename>, ]... memcap upper bound for memory use in bytes [256 MB] app_stats_filename name of application statistics file [NULL] app_stats_period bucket size for statistics in seconds [300] app_stats_rollover_size file size that will cause rollover in bytes [20 MB] app_stats_rollover_time time duration that will cause rollover in seconds [1 day] app_detector_dir name of application statistics file [/usr/local/etc/appid] debug [disabled] dump_ports [disabled] Example of entry in the Snort configuration file (snort.conf): preprocessor appid : app_stats_filename appstats-detectora.log, app_stats_period 60, app_detector_dir /var/openappid
38 What is Lua? AppID preprocessor leverages the power of the Lua scripting language Application detectors are written using the Lua scripting language (not snort rules) Lua is a open-source scripting language. Lua is designed, implemented, and maintained by a team at PUC-Rio, the Pontifical Catholic University of Rio de Janeiro in Brazil. Lua is the Portuguese word for moon. Benefits of Lua Proven used in many industrial applications, including several Cisco products Powerful and fast utilizes LuaJIT just-in-time compiler Portable and embeddable well documented API Simple, lightweight, and small under Linux, interpreter is 182K, libraries 244K See more at
39 Cisco Sourcefire Products
40 FirePOWER Integration into Cisco Products FP 8000 Series 2 Gbps 60 Gbps NGIPS
41 FirePOWER Appliances Provides IPS/IDS capabilities and advanced malware protection (AMP) Provides AVC and URL filtering Provides Network Discovery Provides firewall capabilities NAT Routing FP Virtual 200 Mbps per core NGIPS FP 7000 Series 50 Mbps 1.25 Gbps NGIPS FP 8000 Series 2 Gbps 60 Gbps NGIPS
42 Scaling Provided by Stacking Stacking combines two or more devices One primary device One or more secondary devices Only the primary device has sensing interfaces Secondary devices provide their CPU and memory resources to the stack FP Gbps NGIPS FP8350 FP Gbps NGIPS FP8360 FP Gbps NGIPS FP8370 FP Gbps NGIPS FP8390
43 Snort Optimization on Sourcefire Appliances Uses Intel C compiler instead of GCC Major performance boost by virtue of optimized assembly. The network cards on the boxes are custom designed Load balances distinct TCP streams across the cores available on the box. This allows for horizontal scaling when boxes are stacked Each Snort instance has a single thread for packet processing Network monitoring works better with single treading Hardware processing Look for flow in flow state table, create if not there If flow disposition is Block or Trust, take immediate action mark entry in flow state table If flow disposition is Inspect, store access control policy rule and start inspection
44 Cisco Adaptive Security Appliance (ASA) Next-generation security for the Internet edge 4 Gbps Max 1M Connections 50,000 CPS 1 Gbps Max 100K Connections 10,000 CPS 1.2 Gbps Max 250K Connections 15,000 CPS 2 Gbps Max 500K Connections 20,000 CPS 1 Gbps Max1 Gbps Max ASA 5525-X 3 Gbps Max 750K Connections 30,000 CPS ASA 5545-X ASA 5555-X ASA 5515-X ASA 5512-X Branch Locations Small / Medium Internet Edge
45 Cisco Adaptive Security Appliance (ASA) Next-generation security for the Internet edge and data center ASA 5585-SSP60 ASA 5585-SSP10 4 Gbps Max 1 Million Connections 50,000 CPS ASA 5585-SSP20 10 Gbps Max 2 Million Connections 125,000 CPS ASA 5585-SSP40 20 Gbps Max 4 Million Connections 200,000 CPS 40 Gbps Max 10 Million Connections 360,000 CPS Enterprise Internet Edge and Data Center
46 Scaling Provided by Clustering Up to 16 ASAs-X For ASA 5586-X FW MAX Throughput: 640 Gbps FirePOWER IPS 440 Byte Throughput: 96 Gbps Each Sourcefire Sensor is an independent instance ASAs share connection state information Sourcefire Sensors do not share signature state information State-sharing between firewalls for symmetry and high availability Every session has a Primary Owner Ownership managed by Director node ASA provides traffic symmetry to FirePOWER module
47 Multi-Context Support Security contexts share a single Sourcefire instance Context IDs are passed from the ASA to Sourcefire when ASA interfaces are discovered. Events passed to FireSIGHT conclude Context IDs.
48 Cisco Next Generation Firewalls for SMB 5506-X 5506W-X 5506H-X 5508-X 5516-X Desktop Model Ruggedized 1RU Rack Mounted 1RU Rack Mounted 750 Mbps Max 50,000 Connections 5000 CPS 750 Mbps Max 50,000 Connections 5000 CPS 1 Gbps Max 100,000 Connections 10,000 CPS 1.8 Gbps Max 250,000 Connections 20,000 CPS
49 ASA with FirePOWER Services Functional Distribution of Features URL Category/Reputation NGIPS Application Visibility and Control Advanced Malware Protection File Type filtering File capture FirePOWER Services TCP Normalization TCP Intercept IP Option Inspection IP Fragmentation Botnet Traffic Filter NAT Routing ACL VPN Termination ASA
50 ASA with FirePOWER Services
51 ASA with FirePOWER Services Packet flow between the solution components 1. Ingress processing inbound ACLs, IP defragmentation, TCP normalization, TCP intercept, protocol inspection, clustering/ha traffic control, VPN decryption, etc. 2. Sourcefire Services processing URL filtering, AVC, NGIPS, AMP, etc. 3. Egress processing outbound ACLs, NAT, routing, VPN encryption, etc. Packets are redirected using the Cisco ASA Modular Policy Framework (MPF) MPF supports fail-open, fail-closed and monitor only options MPF determines which traffic is send to the FirePOWER Services module
52 FireSIGHT Management Center Formally called Defense Center Centralizes configuration of FirePOWER appliances and ASAs with FirePOWER Services Receives events from FirePOWER appliances and ASAs with FirePOWER Services Correlates events to provide meaningful context for threats Can remediate devices in response to combinations of events
53 FireSIGHT Management Center Models Virtual Max. Devices Managed Event Storage 100 GB 125 GB 1.8 TB 400 GB 4.8/6.3 TB Virtual FireSIGHT Management Center Up to 25 Managed Devices Max. Network Map (hosts / users) Events per Sec (EPS) 2K/2K 50K/50K 150K/150K 300K/300K 600K/600K Virtual FireSIGHT Management Center offerings limited to 2 or 10 Managed Devices FS-VMW-2-SW-K9 FS-VMW-10-SW-K9 * Max number of devices is dependent upon sensor type and event rate
54 Snort Enhancements Preprocessor enhancements Security intelligence (also called IP Reputation) Provides many predefined IP backlists and whitelists AppID Provides over 3000 predefined application detectors Network discovery Provides context for evaluating IPS/IDS events Identifies host, applications and users by passively analyzing network traffic Populates Network Map and Host Profiles (Host Attribute Tables) Access control policy rules engine (not Snort rules) Can match Zones, VLAN, IPs, Ports & User/Group based on packet header Needs App ID for matching Applications and URLs
55 Snort Enhancements Language enhancements Protected content Available in Snort Available in Cisco Sourcefire 5.4 alert tcp $EXTERNAL_NET any -> any any (msg:"threatz detected"; protected_content:"59cb046fb3b51555f9b408b6b9cafa13"; hash:md5; length:7; distance:8; sid: ; rev:1;) Application ID Available in Snort Targeted for Cisco Sourcefire 6.0 alert tcp any any -> any any (msg:"ftp CWD to root attack"; appid:ftp; pcre:"/cwd.*root/i"; sid: ; rev:4;) File types and file groups Sourcefire Version Snort Version 5.3 on physical and virtual sensors on the ASA 5.4 on any device Available in Snort Available in Cisco Sourcefire 5.4 alert tcp $EXTERNAL_NET any -> any any (msg:"metaspoit call"; file_type:msexe; content:" 4d "; sid: ; rev:1;)
56 Snort Feature Disparity Based on Snort with OpenAppID and the Cisco Sourcefire 5.4 release OpenAppID On-box decryption NAT Routing Application bypass URL filtering AMP for Networks FirePOWER Physical Appliance FirePOWER Virtual Appliance ASA with FirePOWER Services Open Source Snort O O O P P O O O P O P O P O P O P P O O P P P O P P P O
57 File Processing Example of file policy rule
58 File Processing Details Critical for Advanced Malware Protection (AMP) for Networks Leverage FTP, HTTP, SMTP, POP, IMAP Snort preprocessors File type is identified using ClamAV libraries Usually within first packet of the file payload Malware signature calculation & lookup Requires entire file Uses SHA256 hash in addition to more advanced detection techniques Can dynamically submit files for sandboxing Can block file transfer Can log file and malware events
59 Life of a Flow (slide 1 of 2) Simplified Packet sniffing and hardware processing Packet decoding Preprocessing Security Intelligence (IP blacklist and white list) Immediately mark flow as blocked or trusted Update hardware flow state Network layer preprocessors Defragmentation and stream re-assembly AppID Access control rules engine Network discovery Remaining preprocessors
60 Life of a Flow (slide 2 of 2) Simplified Snort detection engine Leverages AppID preprocessor to select rules for relevant applications Generates events If action is to block, mark the flow as blocked and update hardware flow state File processing
61 FirePOWER Architecture ASA with FirePOWER Services and Virtual FirePOWER appliance are the, except: No NFE card Different DAQ libraries No SSL decryption
62 On-box Decryption 5.4 FirePOWER physical appliances Provides inspection of SSL traffic More granular AVC for HTTPS Provides AMP and IPS for HTTPS, FTPS, etc. Integrated into DAQ Decryption happens before the inspection engine sees the packets. Inspection engine still sees SSL handshake DAQ interacts with the SSL preprocessor through policy API Road-mapped for: FirePOWER virtual appliances ASA with firepower services
63 Demonstration
64 Other Cisco Products
65 Other Cisco Products Sourcefire technologies, including Snort are the centerpiece of the Cisco Security strategies Sourcefire technologies will be integrated into a wide range of Cisco products Snort will Internet of Things (IoT) and Internet of Everything (IoE) Cisco ISA Several products currently utilize Cisco Sourcefire AMP without a Snort engine Cisco Security Appliance (ESA) Cisco Web Security Appliance (WSA) Cisco Cloud Web Security (CWS)
66 Meraki Implementation of Snort Deploys traditional Sourcefire engine Downloads rules from Sourcefire servers First to the Meraki backend Then rules are distributed to devices Utilizes predefined security / connectivity / balanced policies Does not allow customization of IPS policies Implements organization level security reporting Administrators can see what signatures fire where across their whole domain
67 Meraki vs. ASA with FirePOWER Services Cisco Meraki MX Lean IT focus Best in class UTM Radically simplified deployment Ultra low operating cost via cloud management Robust security Optimized for highly distributed environments Cisco ASA with FirePOWER Services Threat-focused NGFW Advanced threat protection capabilities Low cost form factor available Unmatched visibility and control Provides correlation and advanced analytics Advanced remediation capabilities Protect against advanced threats
68 Cisco Integrated Services Router (ISR) For the ISR 4k, services are deployed on a UCS-E blade Blade contains ESXi hypervisor Sourcefire sensor is deployed as a virtual machine Can consolidate network functionality into a single router Physical IPS sensor Cisco Sourcefire virtual sensor Physical WAN optimization device Cisco vwaas Physical QoS appliance IOS QoS capabilities Snort integration is road-mapped for lower-end ISR routers Similar to Meraki Snort deployment Snort without the full Sourcefire sensor
69 The Internet of Things
70 Cisco Security for Modern Industry Leverage industrial network infrastructure products are already on the market Industrial Ethernet (IE) switches Connected Grid Routers (CGR) Leverage ASA and Sourcefire technologies VPN technologies New Snort preprocessors for operational technology (OT) protocols New Snort rules for specific OT threats or commands Partner with (OT) vendors to build Industrial protections into the Cisco Industrial Security Appliance (ISA) Provide Cisco Validated Designs to fit Industrial processes
71 Industrial Security Appliance (ISA) ISA 3000 beta to start in July, 2015 Software Firewall: ASA IPS: Sourcefire FirePOWER Services Identify and block threats Generic OT protocol specific OT application specific Application Visibility and Control Protocols Applications Individual commands
72 Conclusion
73 Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could Be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to View the official rules at
74 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
75 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings Related sessions
76 Thank you
77
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationFirepower Threat Defense: Advanced Capabilities, Deployment and Troubleshooting
Firepower Threat Defense: Advanced Capabilities, Deployment and Troubleshooting Eric Kostlan Technical Marketing Engineer BRKSEC-3121 Cisco Spark Ask Questions, Get Answers, Continue the Experience Use
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationFirePOWER: Advanced Configuration and Tuning
FirePOWER: Advanced Configuration and Tuning Charlie Stokes Security Technical Marketing Engineer Agenda Introduction FirePOWER Appliances and Modules Before: Changes to Policy During: Changing how the
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationImproving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015
Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015 1 Agenda Frontal Communication: Who we are? - Key points - Competencies Areas
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationThe following topics describe how to manage various policies on the Firepower Management Center:
The following topics describe how to manage various policies on the Firepower Management Center: Policy Deployment, page 1 Policy Comparison, page 11 Policy Reports, page 12 Out-of-Date Policies, page
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationPass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS
Pass4sure.500-285.42q Number: 500-285 Passing Score: 800 Time Limit: 120 min File Version: 6.1 Cisco 500-285 Securing Cisco Networks with Sourcefire IPS I'm quite happy to announce that I passed 500-285
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationIntelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010
Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Agenda Challenges Architectures Cisco IWAN Proof Points Challenges Application landscape is changing Applications Are Moving to
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCisco Firepower Thread Defence. Claudiu Boar
Cisco Firepower Thread Defence Claudiu Boar Security everywhere Stop threats at the edge Control who gets onto your network Find and contain problems fast Protect users wherever they work Simplify network
More informationChapter 6: IPS. CCNA Security Workbook
Chapter 6: IPS Technology Brief As the awareness of cyber and network security is increasing day by day, it is very important to understand the core concepts of Intrusion Detection/Defense System (IDS)
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationNew methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall
New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall Claudiu Onisoru, Senior Network Specialist Cisco Connect - 15 May 2014 1 Agenda Frontal Communication: Who
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-210 Title : Implementing Cisco Threat Control Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-210
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationChapter 1: Content Security
Chapter 1: Content Security Cisco Cloud Web Security (CWS) Cisco offers Cisco Cloud Web Security (CWS) to protect End Stations and Users devices from infection. Cisco Cloud Web Security (CWS) depends upon
More informationConnection Logging. About Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL
More information* Knowledge of Adaptive Security Appliance (ASA) firewall, Adaptive Security Device Manager (ASDM).
Contents Introduction Prerequisites Requirements Components Used Background Information Configuration Step 1. Configure Intrusion Policy Step 1.1. Create Intrusion Policy Step 1.2. Modify Intrusion Policy
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationFirepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017
Firepower 6.2.1 Techupdate April 2017 Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017 Firepower 6.2.1 Nr. 1 most important!! Firepower 6.2.1 BUGFIXES!!!!! Alle kendte severity
More informationThe following topics describe how to configure correlation policies and rules.
The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response
More informationNext Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security
Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional
More informationFP NGIPS Deployment and Operationalisation Mark Pretty, Consulting Systems Engineer
FP NGIPS Deployment and Operationalisation Mark Pretty, Consulting Systems Engineer Agenda Introduction The Issue of Threats Introduction to IPS Deploying IPS Operationalise IPS Q & A Objectives What will
More informationChapter 7. Network Intrusion Detection and Analysis. SeoulTech UCS Lab (Daming Wu)
SeoulTech UCS Lab Chapter 7 Network Intrusion Detection and Analysis 2015. 11. 3 (Daming Wu) Email: wdm1517@gmail.com Copyright c 2015 by USC Lab All Rights Reserved. Table of Contents 7.1 Why Investigate
More informationFireSIGHT Virtual Installation Guide
Version 5.3.1 July 17, 2014 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
More informationA Deep Dive into the Firepower Manager
A Deep Dive into the Firepower Manager William Young, Security Solutions Architect willyou@cisco.com @WilliamDYoung BRKSEC-2058 Just some Security Guy William Young Security Solutions Architect, Cisco
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationSourcefire and ThreatGrid. A new perspective on network security
Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection
More informationFeatures and Functionality
Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File
More informationNew Features and Functionality
This section describes the new and updated features and functionality included in Version 6.2.1. Note that only the Firepower 2100 series devices support Version 6.2.1, so new features deployed to devices
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationSOURCEFIRE 3D SYSTEM RELEASE NOTES
SOURCEFIRE 3D SYSTEM RELEASE NOTES Version 5.3 Original Publication: April 21, 2014 These release notes are valid for Version 5.3 of the Sourcefire 3D System. Even if you are familiar with the update process,
More informationAdvanced Firepower IPS Deployment
Advanced Firepower IPS Deployment Gary Halleen, Technical Solutions Architect BRKSEC-3300 Webex Teams Questions? Use Webex Teams to chat with the speaker after the session How 1 2 3 4 Find this session
More informationFirePower 2100 NGFW. Elodie Heurtevent Security BDM Commercial. 21 March 2017
FirePower 2100 NGFW Elodie Heurtevent Security BDM Commercial 21 March 2017 Capture the NGFW Opportunity "Less than 40% of enterprise Internet connections today are secured using nextgeneration firewalls
More informationSOURCEFIRE 3D SYSTEM RELEASE NOTES
SOURCEFIRE 3D SYSTEM RELEASE NOTES Version 5.3.0.3 Original Publication: April 21, 2014 These release notes are valid for Version 5.3.0.3 of the Sourcefire 3D System. Even if you are familiar with the
More informationMcAfee Network Security Platform 9.1
9.1.7.15-9.1.5.9 Manager-NS-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationCisco ASA with FirePOWER Services
Data Sheet Cisco ASA with FirePOWER Meet the industry s first adaptive, threat-focused next-generation firewall (NGFW) designed for a new era of threat and advanced malware protection. Cisco ASA with FirePOWER
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationClarify Firepower Threat Defense Access Control Policy Rule Actions
Clarify Firepower Threat Defense Access Control Policy Rule Actions Contents Introduction Prerequisites Requirements Components Used Background Information How ACP is Deployed Configure ACP Available Actions
More informationIntroduction to the Cisco Sourcefire NGIPS
Introduction to the Cisco Sourcefire NGIPS Gary Spiteri Consulting Security Engineer #clmel Are you a laugher or a liar? Problems with Traditional IPS Technology Overwhelms you with irrelevant events Doesn
More informationGetting Started with Access Control Policies
Getting Started with Control Policies The following topics describe how to start using access control policies: Introduction to Control, page 1 Managing Control Policies, page 6 Creating a Basic Control
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationBuild a Software-Defined Network to Defend your Business
Build a Software-Defined Network to Defend your Business Filip Vanierschot Systems Engineer fvanierschot@juniper.net Kappa Data 2020 Software Defined Secure Networks Juniper s Innovation in Secure Networks
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationFirefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran
Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2 Tuncay Seyran Security in a virtualized environment: same security risks + more TRADITIONAL SECURITY RISKS IMPACTING VIRTUAL ENVIRONMENTS
More informationVirtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112
Toonces LOOK OUT! Virtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112 Agenda Video Industry Evolution and Challenges
More informationDMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationEasy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.
Cisco ASA with Firepower Services Easy Setup Guide You can easily set up your ASA in this step-by-step guide. Connecting PC to ASA Installing ASDM 3 Configuring ASA 4 Using Umbrella DNS Connecting PC to
More informationMX Sizing Guide. 4Gon Tel: +44 (0) Fax: +44 (0)
MX Sizing Guide FEBRUARY 2015 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Mike Mercier Consulting Systems Engineer BRKSEC-2030 Agenda Introduction to IPS Cisco NGIPS Solutions Deploying Cisco NGIPS Migrating to Firepower NGIPS Conclusion
More informationAdvanced IPS Deployment
Advanced IPS Deployment Gary Halleen, Technical Solutions Architect BRKSEC-3300 About your Speaker Gary Halleen gary@cisco.com Technical Solutions Architect Cisco Global Security Sales Organization Oregon
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationCisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016
Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Agenda Security Challenges Design and Integration Compliance Guidance Cloud Data Center Security Challenges
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationCisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model:
MX Sizing Guide AUGUST 2016 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth
More informationApplication Layer Preprocessors
The following topics explain application layer preprocessors and how to configure them: Introduction to, page 1 The DCE/RPC Preprocessor, page 2 The DNS Preprocessor, page 12 The FTP/Telnet Decoder, page
More informationThe Importance of Threat-Centric Security
The Importance of Threat-Centric Security Jay Iyer Distinguished Engineer, Office of the Security CTO Martin Roesch Vice President and Chief Architect, Cisco Security Business Group BRKSEC-2135 Agenda
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationDMVPN for R&S CCIE Candidates
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationFully Integrated, Threat-Focused Next-Generation Firewall
Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of
More informationConfigure FTD Interfaces in Inline-Pair Mode
Configure FTD Interfaces in Inline-Pair Mode Contents Introduction Prerequisites Requirements Components Used Background Information Configure Inline Pair Interface on FTD Network Diagram Verify Verify
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationMcAfee Network Security Platform 9.2
McAfee Network Security Platform 9.2 (9.2.7.22-9.2.7.20 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationGetting Started with Network Analysis Policies
The following topics describe how to get started with network analysis policies: Network Analysis Policy Basics, page 1 Managing Network Analysis Policies, page 2 Network Analysis Policy Basics Network
More informationMcAfee Network Security Platform 9.2
Revision B McAfee Network Security Platform 9.2 (9.2.7.9-9.2.7.10 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationJURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN
JURUMANI CLOUD MANAGED SECURITY & SD-WAN SECURITY BY DESIGN OVERVIEW Cisco Meraki MX Security Appliances are ideal for organizations considering a Unified Threat Managment (UTM) solution, for distributed
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More information