Course duration: 5 Days
Associated Certifications: CCSP
Prerequisites
Students who attend this advanced course must have experience in configuring Cisco IOS software and have met the following prerequisites: Certification as a CCNA or the equivalent knowledge. Basic knowledge of the Windows operating system Familiarity with the networking and security terms and concepts (the concepts are learned in prerequisite training or by reading industry publications)
Course Content
Given an example of Cisco’s defence in depth, the learner will explain how Cisco IPS protects network devices from attacks. Given an IPS sensor appliance, the learner will install the appliance in the network and initialize it. Use IDM to configure basic sensor settings. The learner will use IDM to configure built-in signatures to meet the requirements of a given security policy. The learner will describe the functions of signature engines and their parameters. The learner will use IDM to tune and create signatures to meet the requirements of a given security policy. Given a scenario, the learner will use IDM to tune a sensor to work optimally in the network. Given a scenario, the learner will use the Monitoring Center for Security and Cisco Threat Response to maximize alarm management efficiency. The learner will explain blocking concepts and use IDM to configure blocking for a given scenario. The learner will install the NM-CIDS in a router and initialize it. The learner will install the module in a Cisco Catalyst 6500 Switch and initialize it. The learner will use a Cisco Catalyst 6500 Switch to capture network traffic for intrusion prevention analysis. The learner will install and recover the sensor software image and perform service pack and signature updates. The learner will use the CLI and IDM to verify system configuration.
Course Outline:
Lesson 1: Course Introduction
Lesson 2: Security Fundamentals
Lesson 3: Intrusion Prevention Overview
Lesson 4: Getting Started with the IDS Command Line Interface
Lesson 5: Using IDM
Lesson 6: Basic Sensor Configuration
Lesson 7: Cisco Intrusion Detection System Alarms and Signatures
Lesson 8: Signature Engines
Lesson 9: Signature Configuration
Lesson 10: Sensor Tuning
Lesson 11: Alarm Monitoring and Management
Lesson 12: Blocking Configuration
Lesson 13: Cisco Intrusion Detection System Network Module
Lesson 14: Intrusion Detection System Module Configuration
Lesson 15: Capturing Network Traffic for Intrusion Detection Systems
Lesson 16: Sensor Maintenance
Lesson 17: Verifying System Configuration