Implementing Cisco Intrusion Prevention System

Implementing Cisco Intrusion Prevention Systems (IPS) 6.0 is a nstructor-led, lab-intensive course delivered by Cisco Learning Partners (CLPs). This task-oriented course teaches the knowledge and skills needed to design, install, and configure a Cisco intrusion prevention solution for small, medium, and enterprise networks. The course covers Cisco intrusion prevention system (IPS) platforms, including the Cisco 4200 Series sensors, and the Catalyst 6500 Series Intrusion Detection System (IDS) Module 2. The IPS Device Manager (IDM) is used to configure and manage Cisco IPS sensor platforms and view and respond to IPS Alarms.Course contentSecurity Fundamentals

• Need for Network Security
• Network Security Policy
• Primary Network Threats and Attacks
• Reconnaissance Attacks and Mitigation
• Access Attacks and Mitigation
• Denial of Service Attacks and Mitigation
• Worm, Virus and Trojan Horse Attacks and Mitigation
• Management Protocols and Functions

Intrusion Prevention Overview

• Intrusion Detection versus Intrusion Prevention
• Intrusion Detection Technologies
• Cisco Network Sensors
• Sensor Appliances
• Cisco Defence-in-Depth
• Sensor Deployment
• IPSTerminology
• CiscoIPSSoftware Architecture

Getting Started with theIPSCommand Line Interface

• Command Line Overview
• Sensor Software Installation
• Sensor Initialisation
• Administrative Task
• Basic Troubleshooting Commands

Using the Intrusion Prevention System Device Manager

• IPSDevice Manager Overview
• Getting started with theIDM
• Configuring Certificates
• ConfiguringSSH
• Rebooting and Shutting down the Sensor
• Viewing Events in theIDM

Basic Sensor Configuration

• Configuring Allowed Hosts
• Setting the time
• Configuring User Accounts
• Configuring the Interfaces
• Configuring Software Bypass

Cisco Intrusion Prevention System Signatures and Alerts

• CiscoIPSSignatures, Engines, and Alerts
• Locating Signature Information
• Basic Signature Configuration
• Special Considerations fro Signature Actions.
• ConfiguringSNMP

Signature Engines

• CiscoIPSSignature Engines
• Atomic Signature Engines
• Flood Signature engines
• Meta Signature Engines
• Multi String Signature Engine
• Normalizer Engine
• OTHERSignature Engine
• Service Signature Engines
• State Signature Engines
• String Signature Engines
• Sweep Signature Engines
• Traffic Signature Engine
• Trojan Signature Engine
• AICSignature Engines

Signature Configuration

• Parameters Common to All Signature Engines
• Signature Tuning
• Custom Signatures

Sensor Tuning

• Intrusion Detection Evasive Techniques
• Tuning the Sensor
• Logging
• Reassembly Options
• Event Action Rules
• Event Variables
• Target Value Rating
• Event action Overrides
• Event Action Filters
• General Settings

Blocking

• Introduction
• ACLConsiderations
• Automatic Blocks
• Manual Blocks
• Master Blocking Sensors

Sensor Maintenance

• Upgrading and Recovering the Sensor Image
• Service Pack and Signature Updates
• Resetting, Powering Down, and Restoring the Default Configuration

Monitoring the Sensor

• UsingCLIto Monitor the Sensor
• Using theIDMto Monitor the Sensor

Cisco Intrusion Detection System Network Module

• NM-CIDS Overview
• How the NM-CIDS Works
• Design Considerations
• Installation and Configuration Tasks
• Image Upgrade and Recovery
• Maintenance Tasks Unique to the NM-CIDS

Cisco Intrusion Detection System Module

• Introduction
• Ports, Traffic and Time
• Installation and Configuration Tasks
• VerifyingIDSM-2 Status
• Upgrade and Recovery