Cisco - Implementing Intrusion Prevention Systems

Description
This 4 days leader-led, lab-intensive course. This task-oriented course teaches the knowledge and skills needed to design, install, and configure a Cisco Intrusion Prevention solution for small, medium, and enterprise networks.
Who is this course suitable for?
This course is intended for
· Cisco customers who implement and maintain IPS solutions.
· Cisco Channel Partners who sell, implement and maintain IPS solutions and
Cisco System Engineers who support sales of Cisco IPS and security product solutions.
What does this course cover?
At the end of the course, delegates will be able to:
· Explain how Cisco IPS protects network devices from attacks.
· Install a sensor appliance in the network and initialise it.
· Use the sensor CLI to perform basic sensor configuration.
· Describe the management and monitoring capabilities of the IPS Device Manager.
· Use the IDM to configure the sensor's communication parameters
· Use the IDM to configure allowed hosts
· Use the IDM to set the sensor's time
· Use the IDM to create user accounts
· Use the IDM to configure sensor interfaces and interface pairs.
· Use the IDM to configure software bypass mode
· Describe the functions of signature engines and their parameters.
· Use the IDM to tune and create signatures to meet the requirements of a given security policy.
· Use the IDM to tune the sensor to work optimally in a network
· Explain blocking concepts
· Use the IDM to configure blocking for a given scenario
· Install the NM-CIDS in a router and initialise it.
· Configure communications between the router and the NM-CIDS and initialise the NM-CIDS
· Install and IDSM-2 in a Cisco Catalyst 6500 Switch and initialise it.
· Use the IDM to upgrade the senor image
· Use the IDM to install signature and service pack updates
· Use the IDM to configure automatic software updates.
· Recover the sensor image
· Use the CLI to back up and restore a sensor configuration
· Use the CLI and the IDM to monitor the sensor
· Use preventive maintenance and general troubleshooting commands.
During the course, you will learn:

Security Fundamentals
· Need for Network Security
· Network Security Policy
· Primary Network Threats and Attacks
· Reconnaissance Attacks and Mitigation
· Access Attacks and Mitigation
· Denial of Service Attacks and Mitigation
· Worm, Virus and Trojan Horse Attacks and Mitigation
· Management Protocols and Functions
Intrusion Prevention Overview
· Intrusion Detection versus Intrusion Prevention
· Intrusion Detection Technologies
· Cisco Network Sensors
· Sensor Appliances
· Cisco Defense-in-Depth
· Sensor Deployment
· IPS Terminology
· Cisco IPS Software Architecture
Getting Started with the IPS Command Line Interface
· Command Line Overview
· Sensor Software Installation
· Sensor Initialisation
· Administrative Task
· Basic Troubleshooting Commands
Using the Intrusion Prevention System Device Manager
· IPS Device Manager Overview
· Getting started with the IDM
· Configuring Certificates
· Configuring SSH
· Rebooting and Shutting down the Sensor
· Viewing Events in the IDM
Basic Sensor Configuration
· Configuring Allowed Hosts
· Setting the time
· Configuring User Accounts
· Configuring the Interfaces
· Configuring Software Bypass
Cisco Intrusion Prevention System Signatures and Alerts
· Cisco IPS Signatures, Engines, and Alerts
· Locating Signature Information
· Basic Signature Configuration
· Special Considerations fro Signature Actions.
· Configuring SNMP
Signature Engines
· Cisco IPS Signature Engines
· Atomic Signature Engines
· Flood Signature engines
· Meta Signature Engines
· Multi String Signature Engine
· Normalizer Engine
· OTHER Signature Engine
· Service Signature Engines
· State Signature Engines
· String Signature Engines
· Sweep Signature Engines
· Traffic Signature Engine
· Trojan Signature Engine
· AIC Signature Engines
Signature Configuration
· Parameters Common to All Signature Engines
· Signature Tuning
· Custom Signatures
Sensor Tuning
· Intrusion Detection Evasive Techniques
· Tuning the Sensor
· Logging
· Reassembly Options
· Event Action Rules
· Event Variables
· Target Value Rating
· Event action Overrides
· Event Action Filters
· General Settings
Getting Started with the IPS Command Line Interface
· Command Line Overview
· Sensor Software Installation
· Sensor Initialisation
· Administrative Task
· Basic Troubleshooting Commands
Using the Intrusion Prevention System Device Manager
· IPS Device Manager Overview
· Getting started with the IDM
· Configuring Certificates
· Configuring SSH
· Rebooting and Shutting down the Sensor
· Viewing Events in the IDM
Basic Sensor Configuration
· Configuring Allowed Hosts
· Setting the time
· Configuring User Accounts
· Configuring the Interfaces
· Configuring Software Bypass
Cisco Intrusion Detection System Network Module
· NM-CIDS Overview
· How the NM-CIDS Works
· Design Considerations
· Installation and Configuration Tasks
· Image Upgrade and Recovery
· Maintenance Tasks Unique to the NM-CIDS
Cisco Intrusion Detection System Module
· Introduction
· Ports, Traffic and Time
· Installation and Configuration Tasks
· Verifying IDSM-2 Status
· Upgrade and Recovery
Cisco Intrusion Prevention System Signatures and Alerts
· Cisco IPS Signatures, Engines, and Alerts
· Locating Signature Information
· Basic Signature Configuration
· Special Considerations fro Signature Actions.
· Configuring SNMP
Signature Engines
· Cisco IPS Signature Engines
· Atomic Signature Engines
· Flood Signature engines
· Meta Signature Engines
· Multi String Signature Engine
· Normalizer Engine
· OTHER Signature Engine
· Service Signature Engines
· State Signature Engines
· String Signature Engines
· Sweep Signature Engines
· Traffic Signature Engine
· Trojan Signature Engine
· AIC Signature Engines
Are there entry requirements?
Delegates are required to meet the following prerequisites:
· Certification as a CCNA or the equivalent knowledge (optional)
· Basic knowledge of Windows Operating System
· Familiarity with the networking and security terms and concepts (the concepts are learned in prerequisite training or by reading industry publications)
What's included?
Our package includes full course materials.

Although the course is non-residential, we offer help finding appropriate hotels, close to the training venue. To take advantage of this offer, drop us an email after you book your course.
Additional info
Testing and Certification

Recommended as preparation for exam(s):
· 642-532 IPS
This course is associated with the CCSP and the Security Specializations

Please note: the cost of the exam is not part of the course cost. The exam can be booked with us at an additional charge and taken at an exam venue in the UK at a later date.