Cisco Security Manager (CSM) is an enterprise-class management application designed to configure:

• Firewalls: ASA and router based
• VPNs: DMVPN, GET, IPsec, and SSL
• IPS security services: IOS IPS and appliance-based IPS

CSM can be used in networks of all sizes-from small networks to large networks consisting of thousands of devices-by using policy-based management techniques. Training on this core management system is a vital part of any Security Operations Center and any type of organization where device policies must be consistent.

Our enhanced and exclusive CSM labs go beyond the standard Cisco course material to address the top issues and features that you will face in a real-world production environment. You won't find these feature-rich add-ons in the standard Cisco course offerings:

• The latest software version on the CSM
• Live network devices running the latest code set, not "virtual devices"
• Using a Cisco IPS and Cisco MARS to explore signatures and cross-launch capabilities
• Role-based authorization using the Cisco ACS
• AnyConnect 3.0 included in our SSL VPN lab

A Global Knowledge Exclusive: Bonus Lab Credits

You'll receive five extra security e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

What You'll Learn

• CSM overview and real-world deployment scenarios
• Managing devices in CSM
• Policy inheritance and policy sharing features in CSM
• Creating and managing policies
• Using and managing objects in CSM
• Using Map view to link maps and create a drill-down action map
• Using Map view and the Cisco AnyConnect client to create site-to-site VPNs and remote access VPNs, including SSL VPNs
• Firewall services and objects that are used to manage firewall-related policies
• Configuring platform policies on firewall devices
• Configuring platform-specific services and policies on Cisco IPS sensors and Cisco IOS IPS devices, Cisco IOS routers, Catalyst 6500 Series switches, and Cisco 7600 Series routers
• Tight integration and cross-launch functionality of the Cisco MARS to CSM using an IPS event
• Best use of FlexConfig features
• Managing deployments and configuration changes using Workflow and Non-Workflow mode
• Viewing e-mails that management will review and take action on
• Monitoring, troubleshooting, and diagnostic tools available in CSM
• CSM 4.0 license changes
• BOTNET and Global Correlation configuration support for Cisco ASA and IPS devices
• Configuring SSL VPNs in CSM using AnyConnect 3.0 and CSD 3.5

Who Needs to Attend

• Anyone interested in managing policy consistency
• Customers managing multiple Cisco security devices
• Network security engineers working in the enterprise sector

Prerequisites

• CCNP Security certification
• CCNP-level understanding of networking and routing
• Understanding of different VPN technologies (such as DMVPN, GET VPN, and SSL VPN)
• At least six months of practical experience configuring Cisco Security products
• Familiarity with implementing network security policies and with the following networking components and concepts:
  • Security technologies: NAT, PAT, ASA, VPN, IPS, ACS, MARS (optional), IOS integrated router and switch security, and security management software
  • Security protocols: AAA, IPsec, IKE, and various tunneling protocols
  • Application protocols: HTTP, HTTPS, ICMP, SSH, SSL, NTP, FTP, TFTP, DNS, etc.

Follow-On Courses

There are no follow-ons for this course.

Course Outline

1. CSM Overview

• Using CSM
  • Installation Procedure
  • Working with the User Interface
  • New Features of 4.0
• Managing Devices
  • Preparing the Devices for CSM
  • Device View
  • Adding Devices to CSM Inventory
  • Working with Devices with Dynamically Assigned IP Addresses
  • Device Properties, Credentials, and Grouping
  • On-Demand, Out-of-Band Change Detection
• Managing Policies
  • Policies Overview
  • Managing Policies in Device View
  • Managing Shared Policies in Policy View
  • Interface Roles
  • Advanced Policy Features
  • Policy Locking
  • Discovering Policies
• Managing Objects
  • Objects Overview
  • Policy Object Manager Window
  • Overriding Global Objects for Individual Devices
  • Selecting Objects for Policies
• Using Map View
  • Maps Overview
  • Displaying Your Network on the Map
  • Managing Firewall Services
  • Managing VPNs
  • Managing Device Policies

2. Firewall Policy Management

• Managing Firewall Services
  • Managing Rules Tables
  • Access Rules and Their Functions
  • Access Control Settings
  • Inspection Rules
  • AAA Rules
  • Web Filter Rules
  • Transparent and Zone-Based Firewall Rules
  • Interface and Global Rules
  • Botnet Traffic Filtering
• Managing Firewall Devices
  • Platform Policies
  • NAT Policies
  • Bridging Policies
  • Device Administration Policies
  • Logging Policies
  • Multicast Policies
  • Routing Policies
  • Security Policies
  • Service Policy Rules
  • Security Contexts
• Event Monitoring and Rule Correlation for Firewalls
  • Supported Devices and Events in Event Viewer
  • EventServer Overview
  • Cisco ASA Device Bootstrapping
  • Event-to-Policy Correlation
  • Event Collection and Event Viewer Settings

3. VPN Policy Configuration

• Managing VPNs
  • Overview of Site-to-Site VPNs
  • Working with VPN Topologies
  • Working with Site-to-Site VPN Policies
  • Configuring Advanced VPN Platforms
• Managing Remote Access IPsec VPNs
  • Overview of Remote-Access VPNs
  • Working with Policies in Remote-Access VPNs
  • Configuring VPN Options
• Configuring Client-Based SSL VPNs
  • SSL VPN Management Features and Platform Support
  • Overview of Remote-Access SSL VPNs
  • Bootstrapping Cisco ASA for Full Tunnel SSL VPN
  • Configuring Full Tunnel SSL VPN
• Configuring Clientless SSL VPNs
  • Clientless SSL VPN Overview
  • Clientless SSL VPN Configuration
  • Working with Application Plug-Ins
  • SSL VPN Portal Customization
• Configuring Advanced VPN Configurations
  • Managing Cisco Security Desktop Policy
  • Configuring Dynamic Access Policies (DAP)
  • Creating Group Policies
  • Creating Remote Connection Profiles
  • Working with VPN AAA
• Deploying Advanced VPN Technologies
  • Hub-and-Spoke Prerequisites
  • DMVPN Overview
    • Configuring
    • Managing
  • GET VPN Overview
    • Configuring
    • Managing
  • GRE over IPsec
  • VPN Dial Backup
  • VRF-Aware IPsec
  • VPN High Availability

4. Cisco IPS Solutions Management

• Managing Cisco IPS Services
  • Overview of Network Sensing
  • Configuring Interfaces
  • Configuring and Working with IPS Signatures
  • Configuring Anomaly Detection
  • Configuring Event Actions
  • Configuring Global Correlation
• Managing Cisco IPS Devices
  • Managing Modules and Appliances
  • Configuring Policies
  • Managing Updates
• Managing Cisco IPS Events
  • CSM IPS Event Management
  • Mapping IPS Events to Policies

5. Cisco IOS Device Provisioning

• Managing Routers
  • Overview of Policy Management
  • Working with Platform Policies
  • NAT Policies
  • Interface Policies
  • Configuring Device Administration Policies
  • Identity Policies
  • Logging and QoS Policies
  • Routing Policies
  • Advanced Routing Configuration Options
  • Zone-Based Firewall
• Using the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router Device Manager
  • Managing Policies

6. Management, Deployment, and Administration of FlexConfigs in CSM

• Managing FlexConfigs
  • FlexConfig Overview
  • Creating FlexConfig Policy Objects
  • Working with FlexConfig
• Managing Activities and Workflow Deployments
  • Working with Activities
  • Managing Deployment
• Implementing Integration Between CSM and Cisco Secure ACS
  • Roles in CSM
  • RBAC with Cisco Secure ACS
  • Configuring Cisco Secure ACS and CSM for RBAC Integration
• Backing Up and Restoring CSM Databases
• Using Monitoring, Troubleshooting, and Diagnostic Tools
  • Using the Tools Menu
  • Understanding CiscoWorks MCP
  • Understanding Cisco Packet Tracer
  • Cisco Security MARS Integration

Labs

Lab 0: Remote Lab Familiarization

Lab 1: Enhanced - Bootstrapping Network Devices

The purpose of this lab is to bootstrap all your network devices with a base configuration for communication with CSM. Log into each individual network device and configure the required settings to allow access by CSM. At the end of the lab, test device access.

Lab 2: Enhanced - Device Import

After accessing the CSM interface for the first time, create location groups where the devices will reside. Add network devices to CSM by adding static devices, adding devices from the network, and importing devices from a pre-built configuration file. Explore the credential requirements for device import.

Lab 3: Enhanced - Creating Policy Objects

Review an access list policy on an ASA and edit the ACL via the CSM interface. At the same time, build policy objects directly from the ACL workspace window and from the Policy Object Manager. Also, review the default CSM interface roles and modify them using the override feature.

Lab 4: Enhanced - Discovering Map View

Configure several layers of network maps and examine the drill-down capabilities within the CSM. Import images into the Map view, including a VISIO-created map, and assign them as wallpaper to the map. Lay your imported devices on top of the layered maps to create an accurate, logical view of your network, and then show the device discovery features directly from Map view.

Lab 5: Enhanced - Managing Firewall Policies: Sharing

Create new entries in an Access Control Entry (ACE) and share the ACL policy among different devices in a common region. Then, investigate policies using Policy view.

Lab 6: Enhanced - Managing Firewall Policies: Inheritance

Create several policies to create an inheritance using a BOGON list and a management policy. Navigate between Policy view and Device view in order to create policy entries. Finally, investigate using local policies in conjunction with inherited mandatory policies.

Lab 7: Exclusive - NAT Translations

Work with configuring address translations within CSM for the ASA in this lab. Learn how not to NAT by entering the nat 0 on the firewall. Implement a temporary PAT configuration and configure a static NAT as appropriate for the lab topology. At each step, test and verify the results of the configuration, both on the host systems and on the ASA. During this lab, learn how to configure and monitor address translation, and see the difference between the ASA's translation table and its connection table.

Lab 8: Enhanced - Event Monitoring: Firewall

Configure the event monitoring technology within the CSM, and explore how the CSM server can serve as a syslog server allowing filtering capability.

Lab 9: Exclusive - Configuring Client-Based SSL VPNs

Using the new release of AnyConnect 3.0, configure a client-based VPN deployment using Cisco Secure Desktop, and test the configuration from the client side.

Lab 10: Enhanced - Configuring Clientless SSL VPNs

Configure clientless VPNs and investigate plug-in and smart tunnel configurations.

Lab 11: Enhanced - IPsec VPNs

Use VPN Manager to create site-to-site VPN tunnels. Modify IKE proposals and explore feature-rich configuration options such as automatic pre-shared key regeneration. After all is configured and deployed, test the tunnels for connectivity.

Lab 12: Enhanced - IOS IPS

Configure IOS IPS and investigate signatures using a software-driven IPS.

Lab 13: Exclusive - CSM, IPS, and MARS

Configure a Cisco IPS and its signatures from within CSM, paying special attention to signatures, signature actions, and signature event counts. Then configure the Cisco MARS in CSM and configure CSM in Cisco MARS. Once the devices are bootstrapped for communication, create an event on the network that the IPS will report to the MARS appliance. During investigation, review the incident in MARS and review the cross-launch feature from MARS to the CSM server.

Lab 14: Enhanced - Event Monitoring: IPS

Configure the CSM Event Viewer for parsing IPS SDEE events and generate various alerts for investigation.

Lab 15: Enhanced - Zone-Based Firewalls

Configure the Zone-Based Firewall (ZBF) feature on the IOS-FW using CSM. Create three policies, including traffic flow policies and a content-filtering rule.

Lab 16: Enhanced - FlexConfigs

Configure, assign, and use FlexConfigs using the scripting capability within CSM.

Lab 17: Enhanced - Local and Remote User Authentication

After confirming authentication, review authorization configuration on the ACS and investigate the locking feature for policy control. This popular lab is fairly intense, because you'll be configuring a lot of moving parts for the integration to take place.

Lab 18: Enhanced - Device Management

Configure workflow mode, non-workflow mode, and CiscoWorks Common Services for SMTP in this lab. Create a new activity and have the activity approved by an administrator. View the e-mails sent and admin response required for approval. Also, perform a backup of the CSM database, including exporting the devices you added earlier.