Implementing Cisco Intrusion Prevention System (IPS) Version 6.0
4 days Instructor-Led
Course Overview
Securing Networks Using Intrusion Prevention Systems (IPS) v6.0 is an update to Securing Networks Using Intrusion Prevention Systems (IPS) v5.0, an existing five-day instructor led course on using the Cisco Intrusion Detection System v. 5.0 product to protect network systems from intrusions and security threats. The course covers important new IPS 6.0 features. The IPS 6.0 course takes a task-oriented approach to teaching the skills to deploy, configure and administer Cisco IPS sensors.
Who will benefit from this course?
This course is intended for networking professionals who are considering or making the migration from IPv4 to IPv6. The goal is to gain the skills needed to understand and explain the operation of IPv6, implement IPv6 services and applications including DNS and DHCPv6 and identify IPv6 security threats and design practices.
Prerequisites
• CCNA or the equivalent knowledge
• Basic knowledge of Windows operating system
• Familiarity with the networking and security terms and concepts (the concepts are learned in prerequisite training or by reading industry publications)
Course Objectives:
After completing this course, students will be able to:
Students will deploy, configure, and administer Cisco IPS sensors to protect network devices as well as efficiently manage IPS alarms.
Course OutlineModule 1: Intrusion Prevention Overview
Lesson 1: Explaining Intrusion Prevention
• Intrusion Detection vs. Intrusion Prevention
• Intrusion Prevention Technologies
• Intrusion Prevention Terminology
• Promiscuous and Inline Modes
• Features of Cisco IPS Sensor Software Version 6.0
Lesson 2: Explaining Cisco IPS Products
• Cisco Network Sensors
• Network IPS
• Host-Based IPS
• Sensor Deployment
• Cisco Self-Defending Network
Lesson 3: Examining Cisco IPS Sensor Software Solutions
• Cisco IPS Sensor Software Architecture
• Cisco IPS Element Management Products
• Cisco IPS Enterprise Management Products
Lesson 4: Examining Evasive Techniques
• Evasive Techniques
• String Match Attacks
• Fragmentation Attacks
• Session Attacks
• Insertion Attacks
• Evasion Attacks
• TTL-Based Attacks
• Encryption-Based Attacks
• Resource Exhaustion Attacks
Module 2: Installation of a Cisco IPS 4200 Series Sensor
Lesson 1: Installing a Cisco IPS Sensor Using the CLI
• Introducing the CLI
• Initializing the Sensor
• Performing Administrative Tasks
• Additional Administrative Commands
Lesson 2: Using the Cisco IDM
• Introducing the Cisco IDM
• Getting Started with the Cisco IDM
• How to Configure SSH
• How to Reboot and Shut Down the Sensor
Lesson 3: Configuring Basic Sensor Settings
• How to Configure Allowed Hosts
• How to Set the Time
• How to Configure Certificates
• How to Configure User Accounts
• Defining Interface Roles
• How to Configure the Interfaces
• How to Configure Software and Hardware Bypass Mode
• Viewing Events in the Cisco IDM
Module 3: Cisco IPS Signatures
Lesson 1: Configuring Cisco IPS Signatures and Alerts
• Cisco IPS Signatures
• How to Locate Signature Information
• How to Configure Basic Signatures
• Special Consideration for Signature Actions
Lesson 2: Examining the Signature Engines
• Introducing Cisco IPS Signature Engines
• Common Signature Engine Parameters
• ATOMIC Signature Engines
• FLOOD Signature Engines
• SERVICE Signature Engines
• STRING Signature Engines
• SWEEP Signature Engines
• TROJAN Signature Engines
• TRAFFIC Signature Engines
• AIC Signature Engines
• STATE Signature Engine
• META Signature Engine
• NORMALIZER Engine
Module 4: Advanced Cisco IPS Configuration
Lesson 1: Performing Advanced Tuning for Cisco IPS Sensors
• Sensor Configuration
• IP Logging
• Reassembly Options
• How to Define Event Variables
• Target Value Rating
• Event Action Filters
• Risk Rating System
• General Setting of Event Action Rules
Lesson 2: Monitoring and Managing Alarms
• Cisco IEV Overview
• Installing Cisco IEV
• Configuring Cisco IEV
• Viewing Events
• Cisco Security Management Suite Overview
• External Product Interface
• Integrating Cisco Security Agent into an IPS Installation
• Cisco ICS
Lesson 3: Configuring a Virtual Sensor
• Virtual Sensor Overview
• Preparing for Virtual Sensors
• Creating Virtual Sensors
Lesson 4: Switch Security Practices and Features
• Anomaly Detection Overview
• Anomaly Detection Components
• Configuring Anomaly Detection
• POSFP Overview
• Operating System Identification
• Configuring POSFP
• Monitoring POSFP
Lesson 5: Configuring Blocking
• Blocking Overview
• ACL Considerations
• How to Configure Automatic Blocking
• How to Configure Manual Blocking
• How to Configure a Master Blocking Scenario
Module 5: Additional Cisco IPS Devices
Lesson 1: Installing the Cisco Catalyst 6500 Series IDSM-2
• Cisco Catalyst 6500 Series IDSM-2 Overview
• Installing the Cisco Catalyst 6500 Series IDSM-2
• Configuring Cisco Catalyst 6500 Series IDSM-2
• Monitoring the Cisco Catalyst 6500 Series IDSM-2
• Maintaining the Cisco Catalyst 6500 Series IDSM-2
Lesson 2: Initializing the Cisco ASA AIP-SSM
• Cisco ASA AIP-SSM Overview
• Loading the Cisco ASA AIP-SSM
• Initial Cisco ASA AIP-SSM Configuring Using Cisco ASDM
• Configuring an IPS Security Policy
Module 6: Cisco IPS Sensor Maintenance
Lesson 1: Maintaining Cisco IPS Sensors
• Understanding Cisco IPS Licensing
• How to Upgrade and Recover Sensor Images
• How to Install Service Packs and Signature Updates
• Password Recovery
• How to Restore a Cisco IPS Sensor
Lesson 2: Managing Cisco IPS Sensors
• Using the CLI to Monitor the Sensor
• Using the Cisco IDM to Monitor the Sensor
• Monitoring Using Cisco Security Manager
• Monitoring Using SNMP
