IPS - Cisco IPS Training - Firefly Communications

Course	Length	Format	Select an option
Implementing the Cisco Intrusion Prevention System (IPS) v6.0	4 days	Lecture/lab
Course outline
Module 1: Intrusion Prevention Overview Lesson 1: Explaining Intrusion Prevention Intrusion Detection vs. Intrusion Prevention Intrusion Prevention Technologies Intrusion Prevention Terminology Promiscuous and Inline Modes Features of Cisco IPS Sensor Software Version 6.0 Lesson 2: Examining Cisco IPS Products Cisco Network Sensors Network IPS Host-Based IPS Sensor Deployment Cisco Self-Defending Network Lesson 3: Examining Cisco IPS Sensor Software Solutions Cisco IPS Sensor Software Architecture Cisco IPS Element Management Products Cisco IPS Enterprise Management Products Lesson 4: Examining Evasive Techniques Evasive Techniques String Match Attacks Fragmentation Attacks Session Attacks Insertion Attacks Evasion Attacks TTL-Based Attacks Encryption-Based Attacks Resource Exhaustion Attacks Module 2: Installation of a Cisco IPS 4200 Series Sensor Lesson 1: Installing a Cisco IPS Sensor Using the CLI Introducing the CLI Initializing the Sensor Performing Administrative Tasks Additional Administrative Commands Lesson 2: Using the Cisco IDM Introducing the Cisco IDM Getting Started with the Cisco IDM How to Configure SSH How to Reboot and Shut Down the Sensor Lesson 3: Configuring Basic Sensor Settings How to Configure Allowed Hosts How to Set the Time How to Configure Certificates How to Configure User Accounts Defining Interface Roles How to Configure the Interfaces How to Configure Software and Hardware Bypass Mode Viewing Events in the Cisco IDM Module 3: Cisco IPS Signatures Lesson 1: Configuring Cisco IPS Signatures and Alerts Cisco IPS Signatures How to Locate Signature Information How to Configure Basic Signatures Special Considerations for Signature Actions Lesson 2: Examining the Signature Engines Introducing Cisco IPS Signature Engines Common Signature Engine Parameters ATOMIC Signature Engines FLOOD Signature Engines SERVICE Signature Engines STRING Signature Engines SWEEP Signature Engines TROJAN Signature Engines TRAFFIC Signature Engines AIC Signature Engines STATE Signature Engine META Signature Engine NORMALIZER Engine Lesson 3: Customizing Signatures Tuning Signatures Noise Reduction False Positive Reduction False Negative Reduction Focusing Cisco IPS Sensors Customizing Built-in Signatures How to Create Custom Signatures Custom Signature Scenarios Module 4: Advanced Cisco IPS Configuration Lesson 1: Performing Advanced Tuning of Cisco IPS Sensors Sensor Configuration IP Logging Reassembly Options How to Define Event Variables Target Value Rating Event Action Overrides Event Action Filters Risk Rating System General Settings of Event Action Rules Lesson 2: Monitoring and Managing Alarms Cisco IEV Overview Installing Cisco IEV Configuring Cisco IEV Viewing Events Cisco Security Management Suite Overview External Product Interface Integrating Cisco Security Agent into an IPS Installation Cisco ICS Lesson 3: Configuring a Virtual Sensor Virtual Sensor Overview Preparing for Virtual Sensors Creating Virtual Sensors Lesson 4: Configuring Advanced Features Anomaly Detection Overview Anomaly Detection Components Configuring Anomaly Detection Monitoring Anomaly Detection POSFP Overview Operating System Identification Configuring POSFP Monitoring POSFP Lesson 5: Configuring Blocking Blocking Overview ACL Considerations How to Configure Automatic Blocking How to Configure Manual Blocking How to Configure a Master Blocking Scenario Module 5: Additional Cisco IPS Devices Lesson 1: Installing the Cisco Catalyst 6500 Series IDSM-2 Cisco Catalyst 6500 Series IDSM-2 Overview Installing the Cisco Catalyst 6500 Series IDSM-2 Configuring Cisco Catalyst 6500 Series IDSM-2 Interfaces Monitoring the Cisco Catalyst 6500 Series IDSM-2 Maintaining the Cisco Catalyst 6500 Series IDSM-2 Lesson 2: Initializing the Cisco ASA AIP-SSM Cisco ASA AIP-SSM Overview Loading the Cisco ASA AIP-SSM Initial Cisco ASA AIP-SSM Configuration Using Cisco ASDM Configuring an IPS Security Policy Module 6: Cisco IPS Sensor Maintenance Lesson 1: Maintaining Cisco IPS Sensors Understanding Cisco IPS Licensing How to Upgrade and Recover Sensor Images How to Install Service Packs and Signature Updates Password Recovery How to Restore a Cisco IPS Sensor Lesson 2: Managing Cisco IPS Sensors Using the CLI to Monitor the Sensor Using the Cisco IDM to Monitor the Sensor Monitoring Using Cisco Security Manager Monitoring Using SNMP
Course labs
Lab 2-1: Install and Configure a Cisco IPS Sensor from the CLI Lab 2-2: Use the Cisco IDM to Perform a Basic Sensor Configuration Lab 3-1: Working with Signatures and Alerts Lab 3-2: Customizing Signatures Lab 4-1: Tune a Cisco IPS Sensor Using the Cisco IDM Lab 4-2: Monitor and Manage Alarms Lab 4-3: Configure a Virtual Sensor (Optional) Lab 4-4: Configure Anomaly Detection and POSFP Lab 6-1: Maintain Sensors and Verify System Configuration

CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners.