CCNP Security - Cisco Certified Network Professional IPS - Implementing Cisco Intrusion Prevention System
This course covers, Cisco's network-based Intrusion Prevention System (IPS). Introduction to Cisco IPS platforms and managers, including:
- 4200 Series Sensors
- Catalyst 6000 Series Intrusion Detection Module 2 (IDSM-2)
- Advanced Inspection and Prevention Security Services Module (AIP-SSM)
- IPS Device Manager (IDM) GUI
- IPS Manager Express (IME)
Bonus Lab Credits
You'll receive five extra security e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.
Objectives
- How Cisco IPS protects network devices from attacks
- Basic intrusion prevention terminology
- Intrusion prevention technologies and evasive techniques
- Cisco IPS Sensor platforms and their features
- Install and configure basic settings on a Cisco IPS 4200 Series Sensor
- Use the IDM to configure built-in signatures to meet the requirements of a given security policy
- Create and implement customized intrusion prevention signatures
- Create alarm filters to reduce alarms and possible false positives
- Configure the sensor with the command line and IDM
- Configure IPS protective reactions such as TCP reset and deny attacker inline
- Configure a Cisco IPS Sensor to perform blocking on IOS routers and Adaptive Security Appliances (ASAs) or PIX firewalls
- Perform maintenance operations such as signature updates
- Configure and monitor anomaly detection, passive OS fingerprinting, and virtual sensors
- Initialize and install remaining Cisco IPS family of products
- Utilize global correlation to adjust sensor actions based on the reputation of the source IP address
- Use the CLI and Cisco IDM to obtain system information
- Internal specifications of different signature engines
Who Can Take This Course
- Cisco customers who implement and maintain Cisco IPS solutions
- Cisco channel partners who sell, implement, and maintain Cisco IPS solutions
- Cisco systems engineers who support the sale of Cisco IPS solutions
Prerequisites
Follow-On Courses
Certification Programs
This course is part of the following programs
Course Outline
1. Introduction
- Evaluating Intrusion Prevention and Intrusion Detection Systems
- Choosing Cisco IPS Software, Hardware, and Supporting Applications
- Evaluating Network IPS Traffic Analysis Methods
- Evasion Possibilities and Anti-Evasive Countermeasures
- Choosing a Network IPS and IDS Deployment Architecture
2. Installing and Maintaining Cisco IPS Sensors
- Integrating into a Network
- Performing the Initial Setup
- Managing Cisco IPS Devices
3. Applying Cisco IPS Security Policies
- Configuring Basic Traffic Analysis
- Implementing Cisco IPS Signatures and Responses
- Configuring Signature Engines and the Signature Database
- Deploying Anomaly-Based Operation
4. Adapting Traffic Analysis and Response to the Environment
- Customizing Traffic Analysis
- Managing False Positives and False Negatives
- Improving Alarm and Response Quality
5. Managing and Analyzing Events
- Installing and Integrating IME with IPS Sensors
- Managing and Investigating Events
- Reporting and Notifications
- Integrating IPS with SMN and MARS
- Using the Cisco IntelliShield Database and Services
6. Advanced Solutions
- Using Cisco IPS Virtual Sensors
- Deploying Cisco IPS for High Availability and High Performance
7. Configuring and Maintaining Specific IPS Hardware
- ASA AIP SSM and AIP SSC Modules
- ISR IPS AIM and IPS NME Modules
- IDSM-2 Module
Labs
Our IPS labs go above and beyond the standard Cisco IPS labs. Our most significant enhancement is the focus on signatures-the heart of IPS sensor technology. In fact, signatures are triggered in the very first lab that you will run in our class.
Lab 1: Enhanced - Perform Cisco IPS Sensor Initial Setup
Lab 2: Enhanced - Manage a Cisco IPS Sensor
Lab 3: Enhanced - Configure and Modify Basic Cisco IPS Signatures and Responses
Lab 4: Enhanced - Configure Cisco IPS Anomaly-Based Operation
Lab 5: Enhanced - Configure Cisco IPS Custom Signatures
Lab 6: Enhanced - Manage False Positives and Negatives
Lab 7: Enhanced - Improve Alarm and Response Quality
Lab 8: Enhanced - Use the Cisco IME
Lab 9: Enhanced - Use Cisco IPS and Security Intelligence Web Resources
Lab 10: Enhanced - Configure Policy Virtualization
| |
Corporate training |
Quality can only be experienced, not described.
|
|
CCIE Bootcamp Schedule |
CCIE R&S 10-DAY BOOTCAMP
CCIE SERVICE PROVIDER V3.0 10-DAY BOOTCAMP
CCIE SECURITY V4.0 10-DAY BOOTCAMP
CCIE VOICE 10-DAY BOOTCAMP
|
|