Font size:

Description:

This is a bundled training package. It contains training for each of the bundled items below:

Course Price
Cisco IPS 7.0: Adapting Traffic Analysis and Response to the Environment $74.95
Cisco IPS 7.0: False Positives, Negatives and Response Improvement $74.95
Cisco IPS 7.0: Managing and Analyzing Events $74.95
Cisco IPS 7.0: Virtualization, High-Availability, and High-Performance Solutions $74.95
Cisco IPS 7.0: Configuring and Maintaining Cisco IPS Hardware $74.95

Bundle Price: $199.00
Total Savings: $175.75


Cisco IPS 7.0: Adapting Traffic Analysis and Response to the Environment

When you need to address a threat that is uniquely specific to your environment, or otherwise do not have an appropriate signature in the default signature set to address a particular threat, you can create custom signatures on the Cisco Intrusion Prevention System (IPS) sensor. This course describes the methods and configuration procedures that allow you to create custom signatures on a Cisco IPS sensor and examines some methodologies to tune a Cisco IPS sensor to properly manage false positive and negative events.
  • recognize matching strategies for creating custom signatures
  • describe how to use regular expressions to create custom signatures
  • describe how to configure a custom signature using the Custom Signature Wizard and selecting a signature engine
  • create a basic custom signature
  • describe how to configure a custom signature using the Custom Signature Wizard without selecting a signature engine
  • create a custom layer 4 stateful string-match signature
  • recognize how to configure a custom signature without using the Custom Signature Wizard
  • create an advanced application-layer signature with custom parameters
  • create an advanced application-layer signature manually with custom parameters

Cisco IPS 7.0: False Positives, Negatives and Response Improvement

Network intrusion prevention technologies are much more effective when they are customized for the environment in which they operate, which increases the quality of produced alarms and responses. This course examines some methodologies to tune a Cisco Intrusion Prevention System (IPS) sensor to properly manage false positive and negative events. This course also provides configuration guidance for integrating the Cisco Intrusion Prevention System (IPS) sensor with your network and system environment and discusses several Cisco IPS sensor features can be enabled to increase the quality of the alarms and responses that are produced.
  • describe the process of tuning false positives
  • match false positives and false negatives to their descriptions
  • recognize the process of tuning the IPS sensor to reduce false positives
  • describe the process of counting signatures to reduce false positives
  • describe the process of selectively disabling signatures for specific traffic
  • tune signatures to eliminate false positives
  • order the phases of the false-negative tuning process
  • describe the solutions for false negative reduction
  • match the operating system identification method to its description
  • recognize operating system identification guidelines
  • describe how to adjust signature fidelity ratings to influence event risk rating values
  • recognize how to use the Management Center for Cisco Security Agent attacker information to influence risk rating
  • sequence the steps to deploy and configure the Cisco IPS sensor Global Correlation feature

Cisco IPS 7.0: Managing and Analyzing Events

Cisco IPS Manager Express (IME) is a powerful, integrated intrusion prevention system (IPS) management application that is designed to meet IPS sensor configuration, operation, event monitoring, and event reporting needs of small- and medium-sized businesses. With one application, you can provision, monitor, troubleshoot, and generate reports for as many as 10 Cisco IPS sensors. Cisco IME allows administrators to create long-term reports that are based on the event database, and real-time notifications to quickly alert administrators about critical events, as defined by the notifications policy. In larger enterprise environments, or when features provided by Cisco IPS Device Manager (IDM) or Cisco IME are not adequate for specific purposes, Cisco IPS sensors are often integrated with the Cisco Security Manager for enhanced provisioning, and the Cisco Security Monitoring, Analysis, and Response System (MARS) for enhanced event monitoring and analysis capabilities. This course provides an overview of Cisco IME, enabling you to use most aspects of its user interface, and create custom reports and custom notifications. Additionally, this course provides you with configuration guidance to initially integrate a Cisco IPS Sensor with Cisco Security Manager and Cisco Security MARS, and use the Cisco Security Intelligence Operations (SIO) site, the Cisco IntelliShield database, and the Cisco IntelliShield Alert Manager services to increase your operational capability when evaluating data from Cisco IPS sensors.
  • evaluate features of Cisco IME
  • recognize how to install the Cisco IME software
  • identify features of the Cisco IME user interface
  • recognize how to configure and verify integration between Cisco IME and Cisco IPS sensors
  • identify Cisco IPS Manager Express advanced event-monitoring capabilities
  • recognize how to use Cisco IME tools to investigate event details
  • recognize the ways you can manage database events in the Cisco IME’s database
  • identify features of Cisco IME reporting
  • identify ways to modify e-mail notifications in Cisco IME
  • identify the benefits of Cisco Security Manager
  • recognize how to initialize IPS Sensors for Cisco Security Manager
  • identify how to initialize IPS devices for Cisco Security MARS
  • recognize the prerequisites to Cisco Security Manager and MARS cross-launch capability
  • identify Cisco SIO features
  • describe Cisco IntelliShield Alert Manager features
  • describe Cisco IntelliShield Alert Manager Service components
  • recognize how to add IntelliShield Alert Manager product sets
  • recognize how to create a notification in the Cisco IntelliShield Alert Manager Service

Cisco IPS 7.0: Virtualization, High-Availability, and High-Performance Solutions

Cisco Intrusion Prevention System (IPS) sensors allow you to use multiple virtual contexts (also called virtual sensors) that allow the use of different IPS policies on different sets of inline or promiscuous interfaces. Additionally, Cisco IPS sensors are often used in environments that demand high-service availability and deterministic network performance and may require specific design decisions or configuration tuning to perform optimally. This course provides configuration guidance on Cisco IPS policy virtualization, and enables you to choose Cisco IPS network integration methods that can provide fault-tolerant IPS solutions as well as IPS solutions that provide optimal performance.
  • recognize the elements of virtual sensors
  • describe how to configure a new virtual sensor
  • describe how to verify the operation of the virtual Cisco IPS sensor
  • configure policy virtualization
  • describe how to evaluate design options for switching-based high availability
  • identify how to evaluate design options for routing-based high availability
  • identify how to evaluate design options for Cisco ASA-based high availability
  • describe how to evaluate sensor performance issues
  • recognize options for sensor load sharing
  • recognize options for reducing traffic through an IPS sensor to increase its performance

Cisco IPS 7.0: Configuring and Maintaining Cisco IPS Hardware

Cisco ASA Adaptive Security Appliance Advanced Inspection and Prevention (AIP) Security Services Module (SSM) and AIP Security Services Card 5 (SSC-5) modules, Cisco Intrusion Prevention System (IPS) Advanced Integration Module (AIM) and Network Module Enhanced (NME) modules, and the Cisco Intrusion Detection System Services Module 2 (IDSM-2) module allow you to provide rich IPS functionality that is integrated into various Cisco products. This course focuses on configuration and maintenance procedures that are specific to these integration modules as opposed to standalone Cisco IPS appliances.
  • differentiate between the Cisco ASA AIP SSC and AIP SSM modules and the IPS 4200 Series sensors
  • describe how to manage the Cisco ASA AIP SSM and AIP SSC
  • match the Cisco ASA SSM and AIP SSC initialization steps to their descriptions
  • describe how to configure a Cisco IPS traffic redirection policy on a Cisco ASA adaptive security appliance
  • troubleshoot Cisco ASA AIP SSM and AIP SSC integration
  • differentiate between Cisco ISR IPS AIM and Cisco ISR IPS NME and the Cisco IPS 4200 series sensors
  • recognize the Cisco ISR IPS AIM and IPS NME initialization steps
  • describe how to configure traffic forwarding integration of Cisco ISR IPS AIM and IPS NME with the Cisco ISR and ISR Generation 2 platforms
  • recognize how to troubleshoot Cisco ISR IPS AIM and IPS NME Cisco ISR and ISR G2 integration
  • describe how mode selection effects the features of the Cisco Catalyst 6500 Series IDSM-2
  • sequence the steps to initialize the Cisco IDSM-2
  • describe how to configure integration of the Cisco IDSM-2 with the Cisco Catalyst 6500 Series Switches
  • match the key Cisco IDSM-2 maintenance tasks to their descriptions
  • check the state of password recovery
Register Now
IPS 7.0: Implementing Cisco Intrusion Prevention System Part 2 e-learning bundle
  • Course ID:
    252717
  • Duration:
    7 hours
  • Price:
    $199