Implementing Cisco Intrusion Prevention System (IPS)

Request a Quote for this class

About this Course

The Implementing Cisco Intrusion Prevention System (IPS) v7.0 course is a five-day course aims at providing network security engineers with the knowledge and skills that are needed to deploy Cisco Intrusion Prevention System (IPS)-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS.

Audience Profile

  • Network Security Engineers (NSEs)
  • Anyone with their CCNA Security Certification and working towards CCNP Security Certification

At Course Completion

After completing the course, students will be able to:  

  • Evaluate products and deployment architectures for the Cisco IPS product line
  • Perform an initial implementation of a Cisco IPS sensor
  • Implement an initial security policy using a Cisco IPS sensor according to local policies and environmental requirements
  • Deploy customized policies to adapt Cisco IPS traffic analysis and response to the target environment
  • Implement a basic Cisco IPS data management and analysis solution
  • Implement complex Cisco IPS policy virtualization, high-availability, and high-performance solutions according to policy and environmental requirements
  • Perform the initial setup of and maintenance of specific Cisco IPS hardware

Prerequisites

  • Cisco Certified Network Associate (CCNA) certification
  • Cisco Certified Network Associate Security (CCNA Security)
  • Working knowledge of the Microsoft Windows operating system

Course Outline

Module 1: Introduction to Intrusion Prevention and Detection, Cisco IPS Software and Supporting Devices

  • Lesson 1: Evaluating Intrusion Prevention and Intrusion Detection Systems
  • Lesson 2: Choosing Cisco IPS Software, Hardware, and Supporting Applications
  • Lesson 3: Evaluating Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-Evasive Countermeasures
  • Lesson 4: Choosing a Network IPS and IDS Deployment Architecture

Module 2: Installing and Maintaining Cisco IPS Sensors

  • Lesson 1: Integrating the Cisco IPS Sensor into a Network
  • Lesson 2: Performing the Cisco IPS Sensor Initial Setup
  • Lesson 3: Managing Cisco IPS Devices

Module 3: Applying Cisco IPS Security Policies

  • Lesson 1: Configuring Basic Traffic Analysis
  • Lesson 2: Implementing Cisco IPS Signatures and Responses
  • Lesson 3: Configuring Cisco IPS Signature Engines and the Signature Database
  • Lesson 4: Deploying Anomaly-Based Operation

Module 4: Adapting Traffic Analysis and Response to the Environment 

  • Lesson 1: Customizing Traffic Analysis
  • Lesson 2: Managing False Positives and False Negatives
  • Lesson 3: Improving Alarm and Response Quality

Module 5: Managing and Analyzing Events 

  • Lesson 1: Installing and Integrating Cisco IPS Manager Express with Cisco IPS Sensors
  • Lesson 2: Managing and Investigating Events Using Cisco IPS Manager Express
  • Lesson 3: Using Cisco IME Reporting and Notifications
  • Lesson 4: Integrating Cisco IPS with Cisco Security Manager and Cisco Security MARS
  • Lesson 5: Using the Cisco IntelliShield Database and Services

Module 6: Deploying Virtualization, High Availability, and High Performance Solutions 

  • Lesson 1: Using Cisco IPS Virtual Sensors
  • Lesson 2: Deploying Cisco IPS for High Availability and High Performance

Module 7: Configuring and Maintaining Specific Cisco IPS Hardware

  • Lesson 1: Configuring and Maintaining the Cisco ASA AIP-SSM and AIP-SSC-5 Modules
  • Lesson 2: Configuring and Maintaining the Cisco ISR IPS AIM and IPS NME Modules
  • Lesson 3: Configuring and Maintaining the Cisco IDSM-2

Labs:

  • Lab 2-1: Performing the Cisco IPS Sensor Initial Setup
  • Lab 2-2: Managing a Cisco IPS Sensor
  • Lab 3-1: Configuring and Modifying Basic Cisco IPS Signatures and Responses
  • Lab 3-2: Configuring Cisco IPS Anomaly-Based Operation
  • Lab 4-1: Configuring Custom Cisco IPS Signatures
  • Lab 4-2: Managing False Positives and False Negatives
  • Lab 4-3: Improving Alarm and Response Quality
  • Lab 5-1: Using Cisco IME
  • Lab 5-2: Using Cisco IPS and Security Intelligence Web Resources
  • Lab 6-1: Configuring Policy Virtualization