IPS v6.0 - Implementing Cisco Intrusion Prevention System IPS v6.0

Implementing Cisco Intrusion Prevention Systems (IPS) v6.0 provides the knowledge and skills needed to design, install, configure, and maintain a Cisco IPS sensor for small, medium, and enterprise networks. The course also describes the procedures for managing intrusion prevention system (IPS) alarms.

Upon completing this course, the learner will be able to meet these overall objectives:

• Explain how the Cisco IPS protects network devices from attacks
• Install and configure the basic settings on a Cisco IPS 4200 Series Sensor
• Use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy
• Configure some of the more advanced features of the Cisco IPS product line
• Initialize and install into your environment the rest of the Cisco IPS family of products
• Use the CLI and the Cisco IDM to obtain system information, and configure the Cisco IPS sensor to allow an SNMP NMS to monitor the Cisco IPS sensor

The primary audience for this course is as follows:

• Network designers
• Network security administrators

The secondary audience for this course is as follows:

• Network administrators
• Network engineers
• Systems engineers

Course Introduction

• Overview
• Course Goal and Objectives
• Course Flow
• Additional References
• Your Training Curriculum

Module 1: Intrusion Prevention Overview

• Lesson 1: Explaining Intrusion Prevention
• Lesson 2: Examining Cisco IPS Products
• Lesson 3: Examining Cisco IPS Sensor Software Solutions
• Lesson 4: Examining Evasive Techniques

Module 2: Installation of a Cisco IPS 4200 Series Sensor

• Lesson 1: Installing a Cisco IPS Sensor Using the CLI
• Lesson 2: Using the Cisco IDM
• Lesson 3: Configuring Basic Sensor Settings

Module 3: Cisco IPS Signatures

• Lesson 1: Configuring Cisco IPS Signatures and Alerts
• Lesson 2: Examining the Signature Engines
• Lesson 3: Customizing Signatures

Module 4: Advanced Cisco IPS Configuration

• Lesson 1: Performing Advanced Tuning of Cisco IPS Sensors
• Lesson 2: Monitoring and Managing Alarms
• Lesson 3: Configuring a Virtual Sensor
• Lesson 4: Configuring Advanced Features
• Lesson 5: Configuring Blocking

Module 5: Additional Cisco IPS Devices

• Lesson 1: Installing the Cisco Catalyst 6500 Series IDSM-2
• Lesson 2: Initializing the Cisco ASA AIP-SSM

Module 6: Cisco IPS Sensor Maintenance

• Lesson 1: Maintaining Cisco IPS Sensors
• Lesson 2: Managing Cisco IPS Sensors

• Lab 2-1: Install and Configure a Cisco IPS Sensor from the CLI
• Lab 2-2: Use the Cisco IDM to Perform a Basic Sensor Configuration
• Lab 3-1: Working with Signatures and Alerts
• Lab 3-2: Customizing Signatures
• Lab 4-1: Tune a Cisco IPS Sensor Using the Cisco IDM
• Lab 4-2: Monitor and Manage Alarms
• Lab 4-3: Configure a Virtual Sensor (Optional)
• Lab 4-4: Configure Anomaly Detection and POSFP
• Lab 6-1: Maintain Sensors and Verify System Configuration

The knowledge and skills that a learner must have before attending this course are as follows:

• Familiarity with networking and security terms and concepts, including completion of the Securing Cisco Network Devices (SND) course
• Strong user-level experience with Microsoft Windows operating systems