Font size:

Description:

This is a bundled training package. It contains training for each of the bundled items below:

Course Price
Cisco IPS 7.0: Introduction to Intrusion Prevention and Detection Systems $74.95
Cisco IPS 7.0: IPS Traffic Analysis, Countermeasures, and Deployment Architecture $74.95
Cisco IPS 7.0: Performing the Cisco IPS Sensor Initial Setup $74.95
Cisco IPS 7.0: Managing Cisco IPS Devices $74.95
Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment $74.95
Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection $74.95

Bundle Price: $219.00
Total Savings: $230.70


Cisco IPS 7.0: Introduction to Intrusion Prevention and Detection Systems

In modern IT infrastructures, it is becoming increasingly important to protect company resources. Not only must company resources be defended passively, but the protection also must be constantly monitored and enhanced with systems that actively inspect the data that is passed over allowed and open connections. Intrusion prevention and intrusion detection systems are two technologies that can provide such risk reduction. Cisco provides various Cisco Intrusion Prevention System (IPS) sensor platforms that satisfy different requirements for network integration and performance.This course describes the basic definitions of and approaches to intrusion prevention and intrusion detection. It also enables you to choose sensor platforms, specific models, and management applications that best fit your requirements.
  • recognize the characteristics of intrusion detection and intrusion prevention systems
  • identify the benefits of policy-based, anomaly-based and signature-based IPS
  • describe the features of endpoint security controls
  • select an appropriate Cisco IPS sensor platform group for a particular scenario
  • describe the primary components of an IPS sensor software architecture
  • identify the features of Cisco IPS management products
  • describe the features of the Cisco SIO security infrastructure

Cisco IPS 7.0: IPS Traffic Analysis, Countermeasures, and Deployment Architecture

Network intrusion prevention system (IPS) and intrusion detection system (IDS) sensors use various techniques to analyze network traffic in order to optimally detect suspicious and malicious traffic while maintaining the desired performance levels. These sensors can be deployed in various situations and architectures to enhance network-based protection of enterprise assets. This course describes network IPS traffic analysis methods, evasion methods that are used by attackers to avoid detection, and common anti-evasive countermeasures that network IPS engines use to avoid false negatives. It also describes common deployment scenarios and provides design guidelines for these scenarios.
  • describe network IPS traffic analysis methods
  • describe network IPS evasion techniques
  • recognize where to deploy network IDS and IPS sensors
  • select an appropriate IPS Internet edge network integration method for a particular scenario
  • describe firewall integration methods for network IPS at the enterprise Internet edge
  • identify key considerations for deploying network IDS and IPS sensors in an enterprise WAN
  • identify key considerations for deploying network IDS and IPS sensors in enterprise data centers
  • recognize how to plan centralized sensor deployments in enterprise campus networks

Cisco IPS 7.0: Performing the Cisco IPS Sensor Initial Setup

A Cisco Intrusion Prevention System (IPS) sensor can be configured to provide detection or prevention capability to help defend against network attacks. Such sensors can be integrated into the network in several different ways, which require special consideration. By initializing the Cisco Intrusion Prevention System (IPS) sensor, you will configure and verify basic management and traffic forwarding capabilities of the Cisco IPS device. This course describes the available Cisco IPS sensor network integration modes, provides an analysis of their benefits and limitations, and enables you to perform configuration, verification, and troubleshooting tasks that are used when first deploying a Cisco IPS sensor in its environment and when managing it during its normal operation.
  • recognize how to plan the deployment of Cisco IPS sensors in Promiscuous Mode
  • identify key considerations for implementing Cisco IPS sensors in Promiscuous Mode
  • describe the features of Cisco IPS inline interface pair mode
  • identify key characteristics of the inline VLAN pair deployment mode of Cisco IPS sensors
  • identify key characteristics of VLAN group subinterfaces
  • describe the key characteristics of the selective inline analysis deployment mode of Cisco IPS sensors
  • recognize how to access the Cisco IPS command-line interface (CLI)
  • identify tasks that can be performed within CLI
  • describe how the setup command is used to initialize the Cisco IPS sensor
  • identify methods of gaining management access to a Cisco IPS sensor
  • recognize how to use basic Cisco IPS Device Manager (IDM) features
  • describe Cisco IPS sensor interface modes
  • identify sensor bypass functions that Cisco IPS sensors support
  • configure basic inline traffic forwarding through the sensor
  • recognize how to troubleshoot the initial IPS sensor configuration

Cisco IPS 7.0: Managing Cisco IPS Devices

Cisco IPS sensors require initial and periodic (operational) management in order to perform optimally. This course provides you with configuration, verification, and troubleshooting skills that you can employ when deploying Cisco IPS device management features.
  • recognize how to configure time settings on a sensor using the Cisco IPS Device Manager (IDM)
  • recognize how to verify basic IPS device features
  • identify the privileges associated with local user roles
  • identify the deployment guidelines for implementing Cisco IPS sensor user database and remote management channels
  • create user accounts and privileges
  • identify the main considerations for Cisco IPS sensor licensing keys
  • describe Cisco IPS sensor recovery methods
  • describe Cisco IPS signature update methods
  • recognize troubleshooting methods for automatic signature updates
  • describe system password recovery methods for core sensor platforms
  • select the correct commands to perform sensor management and monitoring tasks for a particular scenario
  • describe the commands used for managing management and monitoring sensor
  • describe the methods in which sensor health and performance can be monitored

Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment

After you have configured the sensing interfaces of a Cisco Intrusion Prevention System (IPS) sensor, you will need to attach them to the sensor analysis engine, and optionally tune basic, low-level analysis options that apply to inspected traffic. In this course, you will learn about virtual sensors and their session tracking modes, traffic sources and analysis engine settings, inline normalization and promiscuous mode reassembly options, IP version 6 (IPv6) support and how to configure the bypass feature. This course also introduces the configuration of the built-in signatures in the Cisco Intrusion Prevention System (IPS) sensor products. You will be able to find individual signatures and classes of signatures, and perform basic signature-related configuration actions. You will also learn how to configure the actions that you would like the sensor to take, and configure the two configuration mechanisms that allow you to scalably change responses for a large number of signatures.
  • describe a default virtual sensor
  • identify the characteristics of traffic normalization in inline sensor mode
  • describe the configuration parameters for TCP stream reassembly in promiscuous mode
  • recognize when to use virtual sensor, interface and VLAN and VLAN only TCP session tracking modes
  • identify the major characteristics of Cisco IPS software bypass
  • assign the Cisco IPS sensor inline interface pair to the default virtual sensor to enable traffic inspection
  • recognize the characteristics of Cisco IPS sensor generated alerts
  • identify the characteristics of Cisco IPS sensor software version 7.0
  • describe how to configure basic signature properties
  • choose appropriate preventative signature actions for a particular scenario
  • describe the guidelines for detective and preventative signature actions
  • describe how ACLs are used on blocking devices
  • configure remote blocking on a Cisco IPS sensor for a particular scenario
  • identify the characteristics of IP logging in a Cisco IPS sensor
  • describe the components of a risk rating system
  • calculate the risk rating value for a particular event
  • select the appropriate active signature configuration tool for a particular scenario
  • manually configure and select signature responses
  • recognize the benefits and limitation of signature action response strategies

Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection

This course describes the engine architecture found in the Cisco Intrusion Prevention System (IPS) sensors. It introduces each engine category and briefly describes each engine. You can use the information in this course to better understand individual signatures when tuning them, and when creating custom signatures. Anomaly detection is also introduced in this course. The anomaly detection component of the Cisco Intrusion Prevention System (IPS) Sensor Software detects known and yet-unknown network treats and can take appropriate preventive actions to prevent their spreading in the network. Anomaly detection enables the sensor to be less dependent on signature updates by letting the Cisco IPS sensor learn normal activity, send alerts, and take dynamic response actions for behavior that deviates from what it has learned as normal behavior. In this course, you will learn to deploy and troubleshoot the anomaly detection functionality of the Cisco IPS sensor.
  • describe Cisco IPS signature engine configuration
  • recognize the characteristics of alarm summarization
  • match the ATOMIC signature engine to its function
  • describe the characteristics of STRING signature engines
  • describe the characteristics of SERVICE signature engines
  • describe the characteristics of FLOOD signature engines
  • describe the characteristics of SWEEP signature engines
  • sequence the steps to configure META signatures
  • describe the NORMALIZER signature engine
  • identify the tasks to enable the AIC engines
  • identify the characteristics of anomaly detection
  • match the components used by anomaly detection to their characteristics
  • describe the process of configuring anomaly detection of a Cisco IPS sensor
  • sequence the steps to configuring anomaly detection
  • recognize basic anomaly detection troubleshooting steps
Register Now
IPS 7.0: Implementing Cisco Intrusion Prevention System Part 1 e-learning bundle
  • Course ID:
    252716
  • Duration:
    10 hours
  • Price:
    $219