Implementing Cisco Intrusion Prevention System


Introduction

The Implementing Cisco Intrusion Prevention System (IPS) v7.0 course is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course aims at providing network security engineers with the knowledge and skills needed to deploy Cisco Intrusion Prevention System (IPS)-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS.

Course Objectives

Students should be able to:

  • evaluate products and deployment architectures for the Cisco IPS product line
  • perform an initial implementation of a Cisco IPS sensor
  • implement an initial security policy using a Cisco IPS sensor according to local policies and environmental requirements
  • deploy customized policies to adapt Cisco IPS traffic analysis and response to the target environment
  • implement a basic Cisco IPS data management and analysis solution
  • implement complex Cisco IPS policy virtualisation, high availability, and high performance solutions according to policy and environmental requirements
  • perform the initial setup of, and maintain specific Cisco IPS hardware

Target Audience

  • Internetwork professionals who want to ensure security on their network
  • Channel Partner/Reseller

Pre-Requisites

Students who wish to attend this advanced course should fulfill following prerequisites:

  • Interconnecting Cisco Network Devices 1 (ICND1)
  • Interconnecting Cisco Network Devices 2 (ICND2)

Cisco Certified Network Associate Security (CCNA Security) certification:

  • Implementing Cisco IOS Network Security (IINS)
  • Working knowledge of the Microsoft Windows operating syste

Course Outline

Day 1: Introduction to Intrusion Prevention and Detection, Cisco IPS Software, and Supporting Devices; Installing and Maintaining Cisco IPS Sensors

  • Course Introduction
  • Lesson 1-1: Evaluating Intrusion Prevention and Intrusion Detection Systems
  • Lesson 1-2: Choosing Cisco IPS Software, Hardware, and Supporting Applications
  • Lesson 1-3: Evaluating Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-Evasive Countermeasures
  • Lesson 1-4: Choosing a Network IPS and IDS Deployment Architecture
  • Lesson 2-1: Integrating the Cisco IPS Sensor into a Network
  • Lesson 2-2: Performing the Cisco IPS Sensor Initial Setup
  • Lab 2-1: Performing the Cisco IPS Sensor Initial Setup

Day 2: Installing and Maintaining Cisco IPS Sensors; Applying Cisco IPS Security Policies

  • Review of Day 1
  • Lesson 2-3: Managing Cisco IPS Devices
  • Lab 2-2: Managing a Cisco IPS Sensor
  • Lesson 3-1: Configuring Basic Traffic Analysis
  • Lesson 3-2: Implementing Cisco IPS Signatures and Responses
  • Lab 3-1: Configuring and Modifying Basic Cisco IPS Signatures and Responses
  • Lesson 3-3: Configuring Cisco IPS Signature Engines and the Signature Database

Day 3: Applying Cisco IPS Security Policies; Adapting Traffic Analysis and Response to the Environment

  • Review of Day 2
  • Lesson 3-4: Deploying Anomaly-Based Operation
  • Lab 3-2: Configuring Cisco IPS Anomaly-Based Operation
  • Lesson 4-1: Customizing Traffic Analysis
  • Lab 4-1: Configuring Custom Cisco IPS Signatures
  • Lesson 4-2: Managing False Positives and False Negatives
  • Lab 4-2: Managing False Positives and False Negatives
  • Lesson 4-3: Improving Alarm and Response Quality

Day 4: Adapting Traffic Analysis and Response to the Environment; Managing and Analyzing Events

  • Review of Day 3
  • Lab 4-3: Improving Alarm and Response Quality
  • Lesson 5-1: Installing and Integrating Cisco IPS Manager Express with Cisco IPS Sensors
  • Lesson 5-2: Managing and Investigating Events using Cisco IPS Manager Express
  • Lesson 5-3: Using Cisco IME Reporting and Notifications
  • Lab 5-1: Using the Cisco IME
  • Lesson 5-4: Integrating Cisco IPS with Cisco Security Manager and Cisco Security MARS
  • Lesson 5-5: Using the Cisco IntelliShield Database and Services
  • Lab 5-2: Using Cisco IPS and Security Intelligence Web Resources

Day 5: Deploying Virtualization, High Availability, and High Performance Solutions; Configuring and Maintaining Specific Cisco IPS Hardware

  • Review of Day 4
  • Lesson 6-1: Using Cisco IPS Virtual Sensors
  • Lab 6-1: Configuring Policy Virtualization
  • Lesson 6-2: Deploying Cisco IPS for High Availability and High Performance
  • Lesson 7-1: Configuring and Maintaining the Cisco ASA AIP SSM and AIP SSC Modules
  • Lesson 7-2: Configuring and Maintaining the Cisco ISR IPS AIM and IPS NME Modules
  • Lesson 7-3: Configuring and Maintaining the Cisco IDSM-2 Module
  • Wrap-up

On-Site Training

If you need training for three or more people, ask us about training at your site. You can enjoy the convenience of reduced travel cost and time, as well as a familiar environment for your staff. Additionally, we can customise the course for your business needs.




User Reviews

Not yet rated. You will need to follow this course before you can write a review.

Course Info


Next Step

Enquire Now
Tell a Friend
Email Course Outline