<
Live Online
Networking

Implementing Cisco Threat Control Solutions (v1.5)

$3,595.00 USD$3,235.50 USD
i
  • MSRP: $3,595.00
  • Free Member: $3,235.50
  • Premium Member: $2,876.00

* Premium upgrade option is available at checkout.

Get discounts withPremium
Member discount will apply to your offsite enrollment
  • About
  • Curriculum

Implementing Cisco Threat Control Solutions (SITCS) v1.5 is a 5-day instructor led course that provides network professional with the knowledge to implement Cisco FirePOWER NGIPS (Next-Generation Intrusion Prevention System) and Cisco AMP (Advanced Malware Protection), as well as Web Security, Email Security and Cloud Web Security. You will gain hands-on experience configuring various advance Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall.

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • CCNA Security or valid CCSP or any CCIE certification can act as a prerequisite.

Course Objectives 

After completing this course the student should be able to:

  • Describe and implement Cisco Web Security Appliance
  • Describe and implement Cloud Web Security
  • Describe and implement Cisco Email Security Appliance
  • Describe and implement Advanced Malware Protection
  • Describe and implement Cisco FirePOWER Next-Generation IPS
  • Describe and implement Cisco ASA FirePOWER Services Module

Intended Audience

Network security engineers

About the Author

NterOne is a global training and consulting company focusing on live online IT training courses, self-paced e-learning, private onsite training, consulting, and software focused on the training industry.
Posted: 21 December, 2016

Module 1: Cisco Web Security Appliance

 Lesson 1: Describing the Cisco Web Security Appliance Solutions

  • Cisco Modular Network Architecture and Cisco WSA
  • Cisco WSA Overview
  • Cisco WSA Architecture
  • Cisco WSA Malware Detection and Protection
  • Cisco Web-Based Reputation Score
  • Cisco WSA Acceptable Use Policy Enforcement
  • Cisco WSA GUI Management
  • Cisco WSA Committing the Configuration Changes
  • Cisco WSA Policy Types Overview
  • Cisco WSA Access Policies
  • Cisco WSA Identity: To Whom Does This Policy Apply?
  • Cisco WSA Identity Example
  • Cisco WSA Policy Assignment Using Identity
  • Cisco WSA Identity and Authentication
  • Cisco WSA Policy Trace Tool
  • Challenge

Lesson 2: Integrating the Cisco Web Security Appliance

  • Explicit vs. Transparent Proxy Mode
  • Explicit Proxy Mode
  • PAC Files
  • PAC File Deployment Options
  • PAC File Hosting on Cisco WSA
  • Traffic Redirection In Transparent Mode
  • Connecting the Cisco WSA to a WCCP Router
  • Verifying WCCP
  • Challenge

Lesson 3: Configuring Cisco Web Security Appliance Identities and User Authentication Controls

  • Configure Identities to Group Client Transactions
  • Configure Policy Groups
  • The Need for User Authentication
  • Authentication Protocols and Schemes
  • Basic Authentication in Explicit Proxy and Transparent Proxy Mode
  • Configure Realms and Realm Sequences
  • Configure NTLM Realm for Active Directory
  • Join Cisco WSA to Active Directory
  • Configure Global Authentication Settings
  • Configure an Identity to Require Authentication (Basic or NTLMSSP)
  • Configure an Identity to Require Transparent User Identification
  • Configure LDAP Realm for LDAP Servers
  • Define How User Information Is Stored in LDAP
  • Bind Cisco WSA to the LDAP Directory
  • LDAP Group Authorization
  • Allowing Guest Access to Users Who Fail Authentication
  • Testing Authentication Settings
  • Authenticated Users in Reports
  • Challenge

Lesson 4: Configuring Cisco Web Security Appliance Acceptable Use Controls

  • Acceptable Use Controls
  • URL Categorizing Process
  • Application Visibility and Control Overview
  • Streaming Media Bandwidth Control Overview
  • Enable Acceptable Use Controls
  • Using the Policies Table
  • Configure URL Filtering
  • Enable Safe Search and Site Content Ratings
  • Configure Custom URL Categories
  • URL Category Reports
  • Configuring AVC
  • Configure Media Bandwidth Limits
  • AVC Reports
  • Challenge

 Lesson 5: Configuring Cisco Web Security Appliance Anti-Malware Controls

  • Dynamic Vectoring and Streaming Engine Overview
  • Contrast Webroot with Sophos or McAfee Malware Scanning
  • Adaptive Scanning Overview
  • Web Reputation Filtering Overview
  • Enable Web Reputation Filtering, Adaptive Scanning and Malware Scanning
  • Configure Inbound Web Reputation Filtering and Malware Scanning
  • Configure Outbound Malware Scanning
  • Malware Reports
  • Challenge

 Lesson 6: Configuring Cisco Web Security Appliance Decryption

  • HTTPS Proxy Operations Overview
  • Enable HTTPS Proxy
  • Invalid Destination Web Server Certificate Handling
  • Configure Decryption Policies
  • Challenge

 Lesson 7: Configuring Cisco Web Security Appliance Data Security Controls

  • Cisco WSA Data Security Overview
  • Data Security Policies
  • Control Uploaded Content
  • External Data Loss Prevention
  • Add an ICAP Server
  • Challenge

Module 2: Cisco Cloud Web Security

Lesson 1: Describing the Cisco Cloud Web Security Solutions

  • Cisco Modular Network Architecture and Cisco Cloud Web Security (CWS)
  • Cisco Cloud Web Security Overview
  • Cisco Cloud Web Security Traffic Flow Overview
  • Cisco Cloud Web Security URL Filtering, AVC, and Reporting Features Overview
  • Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview
  • Cisco ScanCenter Overview
  • Challenge

Lesson 2: Configuring Cisco Cloud Web Security Connectors

  • Cisco Cloud Web Security Traffic Redirection Overview
  • Cisco Cloud Web Security Authentication Key
  • Authentication Key Generation from the Cisco ScanCenter
  • Verifying Traffic Redirection to CWS Using Special URL
  • Cisco ASA Cloud Web Security Overview
  • Cisco ASA Cloud Web Security Basic Configuration Using ASDM
  • Cisco ASA Cloud Web Security Basic Configuration Using the CLI
  • Cisco ASA Cloud Web Security Configuration with the Whitelist and Identity Options Using the CLI
  • Verifying Cisco ASA Cloud Web Security Operations Using the Cisco ASDM
  • Verifying Cisco ASA Cloud Web Security Operations Using the CLI
  • Cisco AnyConnect Web Security Module Overview
  • Cisco AnyConnect Web Security Module for Standalone Use Overview
  • Configure Cisco AnyConnect Web Security Module for Standalone Use
  • Configure Cisco ASA to Download the Web Security Module to the Client Machine
  • Verifying Cisco AnyConnect Web Security Module Operations
  • Cisco ISR G2 Cloud Web Security Overview
  • Cisco ISR G2 Cloud Web Security Configuration
  • Cisco ISR G2 Cloud Web Security Verification
  • Cisco WSA Cloud Web Security Overview
  • Challenge

 Lesson 3: Describing the Web Filtering Policy in Cisco ScanCenter

  • ScanCenter Web Filtering Policy Overview
  • ScanCenter Web Filtering Policy Configuration HTTPS Inspection Configuration Overview
  • ScanCenter Web Filtering Verification
  • ScanCenter Web Filtering Reporting
  • Challenge

Module 3: Cisco Email Security Appliance

Lesson 1: Describing the Cisco Email Security Solutions

  • Cisco Modular Network Architecture and Cisco ESA
  • Cisco Hybrid Email Security Solution Overview
  • SMTP Terminologies
  • SMTP Flow
  • SMTP Conversation
  • Cisco ESA Services Overview
  • Cisco ESA GUI Management
  • Cisco ESA Committing the Configuration Changes
  • Cisco ESA Licensing
  • Incoming Mail Processing Overview
  • Outgoing Mail Processing Overview
  • Cisco ESA LDAP Integration Overview
  • Cisco Registered Envelope Service (CRES) Overview
  • Challenge

Lesson 2: Describing the Cisco Email Security Appliance Basic Setup Components

  • Cisco ESA Listener Overview
  • Cisco ESA Listener Type: Private and Public
  • Cisco ESA One Interface/One Listener Deployment Example
  • Cisco ESA Two Interfaces/Two Listeners Deployment Example
  • Cisco ESA Listener Major Components: HAT and RAT
  • Cisco ESA One Listener Deployment Scenario
  • One Listener Deployment Scenario: Interfaces and Listener
  • One Listener Deployment Scenario: LDAP Accept Query
  • One Listener Deployment Scenario: HAT
  • One Listener Deployment Scenario: HAT > Sender Group
  • One Listener Deployment Scenario: HAT > Sender Group SBRS
  • One Listener Deployment Scenario: HAT > BLACKLIST Sender Group
  • One Listener Deployment Scenario: HAT > RELAYLIST Sender Group
  • One Listener Deployment Scenario: HAT > Add Sender Group
  • One Listener Deployment Scenario: HAT > Mail Flow Policy
  • One Listener Deployment Scenario: HAT > Mail Flow Policy > Anti-Spam and Anti-Virus
  • One Listener Deployment Scenario: HAT > Mail Flow Policies Summary
  • One Listener Deployment Scenario: RAT
  • One Listener Deployment Scenario: SMTP Routes
  • One Listener Deployment Scenario: Email Relaying on Internal Mail Server
  • Challenge

 Lesson 3: Configuring Cisco Email Security Appliance Basic Incoming and Outgoing Mail Policies

  • Cisco ESA Incoming and Outgoing Mail Policies Overview
  • Cisco ESA Mail Policies Matching
  • Anti-Spam Overview
  • Anti-Spam Configuration
  • Spam Quarantine Configuration
  • Policy, Virus, Outbreak Quarantines Configuration
  • Anti-Virus Overview
  • Anti-Virus Configuration
  • Content Filters Overview
  • Content Filters Configuration
  • Outbreak Filters Overview
  • Outbreak Filters Configuration
  • Data Loss Prevention Overview
  • Data Loss Prevention Configuration
  • Reporting Overview
  • Message Tracking
  • Trace
  • Challenge

Module 4: Advanced Malware Protection for Endpoints

 Lesson 1: AMP for Endpoints Overview and Architecture

  • Modern Malware
  • Why Defenses Fail
  • Introduction to AMP for Endpoints
  • AMP for Endpoints Architecture
  • AMP Connector Architecture
  • Installation Components
  • How AMP Connector Components Interact
  • The Role of the AMP Cloud
  • Transaction Processing
  • Additional Transaction Processing
  • Real-time Data Mining
  • Private Cloud Architecture
  • Private Cloud Modes
  • Cloud Proxy Mode Communications
  • Air Gap Mode
  • Challenge

Lesson 2: Customizing Detection and AMP Policy

  • Detection, Application Control, DFC Options, and IOCs
  • Endpoint Policy
  • Policy Modes
  • Simple Custom Detections
  • Creating A Simple Custom Detection
  • Application Blocking
  • Advanced Custom Signatures
  • Whitelisting
  • Android Custom Detections
  • DFC IP Blacklists and Whitelists
  • DFC IP Blacklists
  • DFC IP Whitelists
  • Configuring Exclusions
  • Custom Exclusion Sets
  • Challenge

 Lesson 3: IOCs and IOC Scanning

  • Indications of Compromise (IOCs)
  • IOC Scanning
  • Customizing IOCs
  • Challenge

 Lesson 4: Deploying AMP Connectors

  • Groups
  • Creating Groups
  • Deploying Windows Connectors
  • Direct Download Deployment
  • Creating the Installer (Public Cloud)
  • Email Deployment
  • Microsoft Windows Installation and Interface
  • Connectivity Considerations
  • Command-Line Installation
  • Challenge

 Lesson 5: AMP Analysis Tools

  • Event View Filters
  • Events List
  • Event Detail: File Detection
  • Event Detail: Connector Info
  • Event Detail: Comments
  • File Analysis
  • The File Analysis Page
  • File Analysis Results
  • File Repository
  • Trajectory
  • File Trajectory Page
  • Device Trajectory
  • Device Trajectory Filters and Search
  • Prevalence
  • Vulnerable Software
  • Reporting
  • Creating a Report
  • Challenge

Module 5: Cisco FirePOWER Next-Generation IPS

 Lesson 1: Describing the Cisco FireSIGHT System

  • Cisco FireSIGHT System Overview
  • Cisco FirePOWER NGIPS and NGFW
  • Cisco FireSIGHT System Detection and Architecture
  • Cisco FireSIGHT System Components
  • Cisco FireSIGHT System Device Configuration
  • Traffic Flows
  • Challenge

Lesson 2: Configuring and Managing Cisco FirePOWER Devices

  • Introduction to Device Management
  • Interfaces Tab
  • Virtual Device Configuration
  • Static Route Configuration
  • Object Management
  • Challenge

Lesson 3: Implementing an Access Control Policy

  • Access Control Policy Overview
  • Access Control Policy Configuration
  • Default Action
  • Targets Tab
  • Security Intelligence
  • HTTP Responses
  • Advanced Tab
  • Access Control Policy Rules
  • Rule Constraints Overview
  • Save and Apply the Access Control Policy
  • Challenge

Lesson 4: Understanding Discovery Technology

  • Introduction to Host Discovery
  • Network Discovery Policy
  • Discovery Overview
  • Challenge

Lesson 5: Configuring File-Type and Network Malware Detection

  • Introduction to Network-Based Malware Detection
  • Network-Based Malware Detection Overview
  • File Dispositions
  • Important Network-Based Malware Detection Concepts
  • Retrospective Event Overview
  • Cisco FireSIGHT File-Type Detection Architecture
  • Cisco FireSIGHT Malware Detection Architecture
  • File Disposition Caching
  • File Lists
  • File Policy
  • Challenge

Lesson 6: Managing SSL Traffic with Cisco FireSIGHT

  • SSL Traffic Management Overview
  • SSL Inspection Architecture
  • Cisco FireSIGHT SSL Inspection
  • SSL Policy
  • Challenge

Lesson 7: Describing IPS Policy and Configuration Concepts

  • Introduction to IPS Policy
  • Policy Layering Model
  • Rule Management
  • Cisco FireSIGHT Rule Recommendations
  • IPS Policy Layering
  • Challenge

 Lesson 8: Describing the Network Analysis Policy

  • Network Analysis Policy Introduction
  • Network Analysis Policy Customization
  • Preprocessors
  • Network Analysis Policy Configuration
  • Network Analysis Policy Creation
  • Preprocessor Configuration
  • Challenge

 Lesson 9: Creating Reports

  • Reporting System Overview
  • Report Templates
  • Report Sections
  • Advanced Settings
  • Challenge

 Lesson 10: Describing Correlation Rules and Policies

  • Correlation Policies Overview
  • Correlation Policy Responses
  • Remediations Configuration
  • Remediation Module Configuration
  • Correlation Policy Rules
  • Correlation Policies Overview
  • Correlation Events
  • Whitelists Overview
  • Whitelist Events and Violations
  • Traffic Profiles Overview
  • Traffic Profiles in Correlation Policies
  • Challenge

 Lesson 11: Understanding Basic Rule Syntax and Usage

  • Basic Snort Rule Structure
  • Snort Rule Headers
  • Snort Rule Bodies
  • Challenge

Module 6: Cisco ASA FirePOWER Services Module

 Lesson 1: Installing Cisco ASA 5500-X Series FirePOWER Services (SFR) Module

  • Cisco ASA FirePOWER Services (SFR) Module Overview
  • Cisco FireSIGHT Management Center Overview
  • Cisco ASA FirePOWER Services Software Module Management Interface
  • Cisco ASA FirePOWER Services Module Package Installation
  • Cisco ASA FirePOWER Services Module Verification
  • Redirect Traffic to Cisco ASA FirePOWER Services Module
  • Challenge

Lab Outline

Guided Lab 1: Configure Cisco Web Security Appliance Explicit Proxy and User Authentication Web-related connectivity.

Task 1: Verify Basic Cisco WSA Settings

Task 2: Implement the Cisco WSA in Explicit Proxy Mode

Task 3: Implement User Authentication with Active Directory using Basic Authentication

Task 4: Implement User Authentication using Transparent User Identification

Guided Lab 2: Configure Cisco Web Security Appliance Acceptable Use Controls

Task 1: Implement the Cisco WSA in Transparent Proxy Mode

Task 2: Configure the Access Policy

Task 3: Enable Decryption and Configure the Decryption Policy

Task 4: Configure URL Filtering for the Access Policy

Task 5: Configure Application Visibility Control for the Access Policy

Guided Lab 3: Configure Cisco Email Security Appliance Basic Policies

Task 1: Verify the Initial Email Exchange Without the Cisco ESA

Task 2: Deploy the Cisco ESA Mail Proxy

Task 3: Integrate the Cisco ESA with LDAP and Enable LDAP Accept Query

Task 4: Configure Incoming Content Filters and Mail Policies

Task 5: Configure Outbound Data Loss Prevention

Guided Lab 4: Accessing the AMP Public Cloud Console

Task 1: Accessing the AMP Public Cloud Console

Task 2: Workstation Preparation

Guided Lab 5: Customizing Detection and AMP Policy

Task 1: Simple Custom Detections

Task 2: Advanced Custom Signatures

Task 3: Application Blocking

Task 4: Whitelisting

Task 5: DFC IP Blacklist

Task 6: Creating a Policy

Guided Lab 6: IOCs and IOC Scanning

Task 1: Create and Upload a Custom IOC

Guided Lab 7: Deploying AMP Connectors

Task 1: Create Groups

Task 2: Deploy the Connector

Task 3: Connector Command Line Installation

Guided Lab 8: AMP Analysis Tools

Task 1: Install the AMP Connector

Task 2: Test Your Policy

Task 3: Work With AMP Events

Task 4: Detection / Quarantine Events

Task 5: File Trajectory

Task 6: Device Trajectory

Task 7: Vulnerable Applications

Task 8: IOCs and IOC Scanning: Clean Scan

Task 9: IOCs and IOC Scanning: Dirty Scan

Task 10: File Analysis

Guided Lab 9: Configure Inline Interfaces and Create Objects

Task 1: Test Inline Interfaces

Task 2: Create Objects

Guided Lab 10: Create Access Control Policy Rules

Task 1: Create a Basic Access Control Policy

Task 2: Create an Access Control Policy For Application Awareness

Task 3: Implement URL Filtering

Task 4: Include an IPS Policy in Access Control Policy Rules

Guided Lab 11: Configure Network Discovery Detection

Task 1: Tune the Network Discovery Detection Policy

Task 2: View FireSIGHT Data

Task 3: Assign Host Attributes

Guided Lab 12: Create a File Policy

Task 1: Create a File Policy

Guided Lab 13: Create an Intrusion Policy

Task 1: Create an Intrusion Policy

Task 2: Enable Include FireSIGHT Recommendations

Task 3: Implement FireSIGHT Recommendations

Task 4: Apply Your Policy and Variable Set and Test

Guided Lab 14: Create a Network Analysis Policy

Task 1: Tune Your HTTP Inspect Preprocessor

Task 2: Test the Network Analysis Policy Settings

Guided Lab 15: Compare Trends

Task 1: Compare Trends

Guided Lab 16: Create Correlation Policies

Task 1: Create a Correlation Policy Based on Connection Data

Task 2: Configure a Whitelist

This is a certification course.
By completing this course, you are eligible for certification opportunities. This course provides the instruction and educational material needed to prepare for a third-party certification exam.
This is a course package.
Course packages provide a comprehensive learning plan at a discounted price, and may lead to certification opportunities.