Cisco IPS Training Class Implementing Cisco Intrusion Prevention Systems CCSP
 Training Class Description
In this enhanced 5-day course, you will gain the skills required to deploy Cisco's recently updated version 5.0 network-based intrusion prevention system. New
features added to version 5.0 include in-line protection, meta-event generation, and the application firewall. The course introduces you to Cisco IDS detection platforms
including the 4200 Series Sensors, the Catalyst 6000 Series Intrusion Detection Module 2 (IDSM2), and the IDS Network Module (NM-CIDS). The command line and
the IPS Device Manager GUI are used to configure the sensor. .
Audience
Internetwork professionals who want to ensure security on their network or who seek Cisco certification.
Upon Completion of this course you will learn
- Describe the basic intrusion prevention terminology
- Explain the different intrusion prevention technologies and evasive techniques
- Design a Cisco IPS solution for small, medium, and enterprise customers
- Identify the Cisco IPS Sensor platforms and describe their features
- Install and configure a Cisco IPS Sensor
- Tune Cisco IPS signatures to work optimally in unique network environments
- Create and implement customized intrusion prevention signatures
- Create alarm filters to reduce alarms and possible false positives
- Configure IPS protective reactions such as TCP reset and deny attacker inline
- Configure a Cisco IPS Sensor to perform blocking on IOS routers and PIX firewalls
- Perform maintenance operations such as signature updates and software upgrades
CCSP Certification Training Boot Camp
Cisco IPS Training Class Outline Voice over IP
- Defining Security Fundamentals
- Explaining Intrusion Prevention
- Getting Started with the IPS Command-Line Interface
- Using IPS Device Manager
- Configuring the Sensor
- Working with Signatures and Alerts
- Describing Signature Engines
- Configuring Signatures
- Tuning the Sensor
- Configuring Blocking
- Maintaining the Sensor
- Monitoring the Sensor
- Installing and Maintaining the NM-CIDS
- Installing and Maintaining the IDSM-2
Lab 1: Remote Lab Environment
- We provide an unparalleled lab infrastructure for CCSP-oriented courses. For IPS, each pod will have a router, a
switch, a PIX Firewall, a 4200 Series IPS Sensor, and four PC systems. These devices are organized in a
real-world fashion and are configured to work together to provide a complete security solution. The four PCs are
strategically placed in the topology to provide interesting and realistic demonstrations of function. There is an
Inside PC, which is treated like the Security Administrator's office desktop PC, and an Inside Server, which runs
the applications (such as Cisco Secure Access Control Server) that are intended to be installed in the data
center and shared among multiple administrators. The DMZ server is partially exposed to the Internet and
provides HTTP and FTP services. There is also an Outside PC connected to the simulated Internet, where it is often used as the source of network attack traffic.
Lab 2: Initialize the Sensor
- Re-image the sensor from the recovery partition
- Initial login to the sensor
- Initial setup of the sensor
- Exclusive - Demonstrate intrusion detection
Lab 3: The IPS Command Line
- Introduction to the IPS 5.0 CLI
- Configure the sensor via the CLI
- Manage user accounts
- Exclusive - Perform a signature update
- Exclusive - View and tune signatures via the CLI and trigger signatures
- Backup the sensor's configuration
Lab 4: Introduction to IDM
- Exclusive - Install and configure the Java plug-in for IDM support
- Manage the sensor with IDM
Lab 5: Configuring the Sensor
- Configure the sensor using IDM, including allowed hosts, user accounts, and NTP
- Monitor events on the sensor using IDM
Lab 6: Working with Signatures
- Configure and test Deny Packet Inline feature
- Configure and test Deny Attacker Inline feature
- Configure and test IP Log feature
Lab 7: Study Built-In Signatures Lab
- Exclusive - View the settings of 6 different signatures representing the characteristics of 6 different
micro-engines. Understand what unique traffic characteristics cause each of these signatures to trigger, and demonstrate by causing the signatures to trigger.
Lab 8: Signature Configuration
- Exclusive - Configure and demonstrate behavior changes with Alarm Summarization settings
- Configure and test the HTTP application firewall
- Create and test a meta event
- Create a signature using the signature wizard
- Create a signature with the signature wizard, defining the signature engine first
Lab 9: Sensor Tuning
- Tune signature parameters to see the dynamic effects on alert risk ratings
Configure and use event variables
- Configure event action overrides
- Configure event filters
Lab 10: Blocking
- Configure the sensor to prepare for a blocking exercise
- Implement blocking using an IOS router as the blocking device
- Exclusive - Implement blocking using a PIX Firewall as the blocking device
Lab 11: Sensor Maintenance
- Update the sensor via IDM
- Exclusive - Using the Service Account
Lab 12: Monitoring the Sensor
- Troubleshooting via the CLI
- Capturing traffic from the CLI
- Troubleshooting via IDM
Dates and Locations
9/17/2007-9/21/2007 Atlanta, GA
9/17/2007-9/21/2007 Toronto, ON
9/24/2007-9/28/2007 Ottawa, ON
9/24/2007-9/28/2007 Washington, DC
10/15/2007-10/19/2007 Montreal, QC
12/10/2007-12/14/2007 Toronto, ON
12/17/2007-12/21/2007 Ottawa, ON
|
