Implementing Cisco Intrusion Prevention System (IPS)
Course Code: IPS
Duration: 4 Days
Overview
Given an example of Cisco's defense in depth, the learner will explain how Cisco IPS protects network devices from attacks.
Prerequisites
Students who attend this advanced course must have experience in configuring Cisco IOS software and have met the following prerequisites: Certification as a CCNA or the equivalent knowledge. Basic knowledge of the Windows operating system Familiarity with the networking and security terms and concepts (the concepts are learned in prerequisite training or by reading industry publications)
Delegates will learn how to
After completing this course, delegates will be able to:
- Install an IPS sensor appliance in the Network and initialise it
- Use IDM to configure built-in signatures to meet the requirements of a given security policy
- Describe the functions of signature engines and their parameters and will use IDM to tune and create signatures
- IDM will be used to tune a sensor to work optimally in the network and will use the Monitoring Centre for Security and Cisco Threat Response
- Install both the NM-CIDS in a router and initialise it
- Install and recover the sensor software image and perform service pack and signature updates
Outline
Given an example of Cisco's defense in depth, the learner will explain how Cisco IPS protects network devices from attacks. Given an IPS sensor appliance, the learner will install the appliance in the network and initialise it. Use IDM to configure basic sensor settings. The learner will use IDM to configure built-in signatures to meet the requirements of a given security policy. The learner will describe the functions of signature engines and their parameters. The learner will use IDM to tune and create signatures to meet the requirements of a given security policy. Given a scenario, the learner will use IDM to tune a sensor to work optimally in the network. Given a scenario, the learner will use the Monitoring Center for Security and Cisco Threat Response to maximise alarm management efficiency. The learner will explain blocking concepts and use IDM to configure blocking for a given scenario. The learner will install the NM-CIDS in a router and initialise it. The learner will install the module in a Cisco Catalyst 6500 Switch and initialise it. The learner will use a Cisco Catalyst 6500 Switch to capture network traffic for intrusion prevention analysis. The learner will install and recover the sensor software image and perform service pack and signature updates. The learner will use the CLI and IDM to verify system configuration.
- Course Introduction
- Security Fundamentals
- Intrusion Prevention Overview
- Getting Started with the IDS Command Line Interface
- Using IDM Lesson 6:Basic Sensor Configuration
- Cisco Intrusion Detection System Alarms and Signatures
- Signature Engines
- Signature Configuration
- Sensor Tuning
- Alarm Monitoring and Management
- Blocking Configuration
- Cisco Intrusion Detection System Network Module
- Intrusion Detection System Module Configuration
- Capturing Network Traffic for Intrusion Detection Systems
- Sensor Maintenance
- Verifying System Configuration
Leads to examination
642-533 Implementing Cisco Intrusion Prevention System (IPS)
Leads to certification
This course is part of the following Certifications:
- Cisco Certified Security Professional (CCSP)
- Cisco IPS Specialist
- CCIE Security (CCIES Security)
Follow on Courses
There are no follow on courses associated with this course
