In this Global Knowledge-enhanced course, you will gain the skills required to deploy Cisco's network-based Intrusion Prevention System (IPS). You will get an introduction to Cisco IPS platforms and managers, including:

• 4200 Series Sensors
• Catalyst 6000 Series Intrusion Detection Module 2 (IDSM-2)
• Advanced Inspection and Prevention Security Services Module (AIP-SSM)
• IPS Device Manager (IDM) GUI
• IPS Manager Express (IME)

Our labs take the mystery out of the sensor, allowing you to understand how signatures are implemented and what causes them to trigger and making you comfortable with the technology. In our labs, signatures are triggered via realistic intrusion attempts, not just arbitrary methods, and you'll learn why particular signatures are triggered when attack conditions are initiated, whether through using a network attack tool or entering a suspicious request in a web browser.

A Global Knowledge Exclusive: Bonus Lab Credits

You'll receive five extra security e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

What You'll Learn

• How Cisco IPS protects network devices from attacks
• Basic intrusion prevention terminology
• Intrusion prevention technologies and evasive techniques
• Cisco IPS Sensor platforms and their features
• Install and configure basic settings on a Cisco IPS 4200 Series Sensor
• Use the IDM to configure built-in signatures to meet the requirements of a given security policy
• Create and implement customized intrusion prevention signatures
• Create alarm filters to reduce alarms and possible false positives
• Configure the sensor with the command line and IDM
• Configure IPS protective reactions such as TCP reset and deny attacker inline
• Configure a Cisco IPS Sensor to perform blocking on IOS routers and Adaptive Security Appliances (ASAs) or PIX firewalls
• Perform maintenance operations such as signature updates
• Configure and monitor anomaly detection, passive OS fingerprinting, and virtual sensors
• Initialize and install remaining Cisco IPS family of products
• Utilize global correlation to adjust sensor actions based on the reputation of the source IP address
• Use the CLI and Cisco IDM to obtain system information
• Internal specifications of different signature engines

Who Needs to Attend

• Cisco customers who implement and maintain Cisco IPS solutions
• Cisco channel partners who sell, implement, and maintain Cisco IPS solutions
• Cisco systems engineers who support the sale of Cisco IPS solutions

Prerequisites

• IINS 2.0 - Implementing Cisco IOS Network Security

Follow-On Courses

• SECURE - Securing Networks with Cisco Routers and Switches
• FIREWALL - Deploying Cisco ASA Firewall Solutions
• FIREWALL 2.0 - Deploying Cisco ASA Firewall Solutions
• VPN - Deploying Cisco ASA VPN Solutions
• VPN 2.0 - Deploying Cisco ASA VPN Solutions

Certification Programs and Certificate Tracks

This course is part of the following programs or tracks:

• Cisco IPS Specialist
• CCNP Security - Cisco Certified Network Professional Security

Course Outline

1. Introduction

• Evaluating Intrusion Prevention and Intrusion Detection Systems
• Choosing Cisco IPS Software, Hardware, and Supporting Applications
• Evaluating Network IPS Traffic Analysis Methods
• Evasion Possibilities and Anti-Evasive Countermeasures
• Choosing a Network IPS and IDS Deployment Architecture

2. Installing and Maintaining Cisco IPS Sensors

• Integrating into a Network
• Performing the Initial Setup
• Managing Cisco IPS Devices

3. Applying Cisco IPS Security Policies

• Configuring Basic Traffic Analysis
• Implementing Cisco IPS Signatures and Responses
• Configuring Signature Engines and the Signature Database
• Deploying Anomaly-Based Operation

4. Adapting Traffic Analysis and Response to the Environment

• Customizing Traffic Analysis
• Managing False Positives and False Negatives
• Improving Alarm and Response Quality

5. Managing and Analyzing Events

• Installing and Integrating IME with IPS Sensors
• Managing and Investigating Events
• Reporting and Notifications
• Integrating IPS with SMN and MARS
• Using the Cisco IntelliShield Database and Services

6. Advanced Solutions

• Using Cisco IPS Virtual Sensors
• Deploying Cisco IPS for High Availability and High Performance

7. Configuring and Maintaining Specific IPS Hardware

• ASA AIP SSM and AIP SSC Modules
• ISR IPS AIM and IPS NME Modules
• IDSM-2 Module

Labs

Our IPS labs go above and beyond the standard Cisco IPS labs. Our most significant enhancement is the focus on signatures-the heart of IPS sensor technology. In fact, signatures are triggered in the very first lab that you will run in our class.

Lab 1: Enhanced - Perform Cisco IPS Sensor Initial Setup

Lab 2: Enhanced - Manage a Cisco IPS Sensor

Lab 3: Enhanced - Configure and Modify Basic Cisco IPS Signatures and Responses

Lab 4: Enhanced - Configure Cisco IPS Anomaly-Based Operation

Lab 5: Enhanced - Configure Cisco IPS Custom Signatures

Lab 6: Enhanced - Manage False Positives and Negatives

Lab 7: Enhanced - Improve Alarm and Response Quality

Lab 8: Enhanced - Use the Cisco IME

Lab 9: Enhanced - Use Cisco IPS and Security Intelligence Web Resources

Lab 10: Enhanced - Configure Policy Virtualization