<
Live Online
Networking

Securing Cisco Networks with Sourcefire Intrusion Prevention System v2.0

$4,000.00 USD$3,600.00 USD
i
  • MSRP: $4,000.00
  • Free Member: $3,600.00
  • Premium Member: $3,200.00

* Premium upgrade option is available at checkout.

Member discount will apply to your offsite enrollment
  • About
  • Curriculum

Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS) v2.0 is a 5-day lab-intensive course introduces you to the powerful features of the Cisco Sourcefire System, including FireSIGHT technology, in-depth event analysis, IPS tuning and configuration, and the Snort rules language. You will learn how to use and configure next-generation Cisco IPS technology, including application control, firewall, and routing and switching capabilities. You will also learn to properly tune systems for better performance and greater network intelligence while taking full advantage of powerful tools for more efficient event analysis, including file type and network-based malware detection.

Prerequisites

  • Technical understanding of TCP/IP networking and network architecture
  • Basic familiarity with the concepts of intrusion detection systems (IDS) and IPS

Course Objectives

  • FireSIGHT system training infrastructure
  • Navigate the user interface and administrative features of the FireSIGHT system, including reporting functionality to properly assess threats
  • How to deploy and manage Cisco FireSIGHT devices
  • Various detection technologies used in the FireSIGHT system
  • Create and implement objects for use in Access Control policies
  • Advanced policy configuration and FireSIGHT system configuration options
  • Analyze events
  • Write and configure basic Snort rules

Intended Audience

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers

About the Author

NterOne is a global training and consulting company focusing on live online IT training courses, self-paced e-learning, private onsite training, consulting, and software focused on the training industry.
Posted: 20 December, 2016

Lesson 1. FireSIGHT System Overview and Classroom Setup

Lesson 2. Hardware Overview and Architecture

Lesson 3. Device Management

Lesson 4. User Account Management

Lesson 5. Object Management

Lesson 6. Access Control Policy

Lesson 7. FireSIGHT Technology

Lesson 8. Network-Based Malware Detection

Lesson 9. Managing SSL Traffic

Lesson 10. IPS Policy Basics

Lesson 11. Network Analysis Policy

Lesson 12. Event Analysis

Lesson 13. Reporting

Lesson 14. Correlation Policy

Lesson 15. Basic Rule Syntax and Usage

Labs

Lab Introduction

Lab 1: Verifying Product Licenses

Lab 2: Testing the Environment with Attack PCAPs

Lab 3: Viewing Events

Lab 4: Configuring Inline Interface Set

Lab 5: Creating User Accounts and Configuring UI Timeout Value

Lab 6: Testing Exempt vs. Non-Exempt Users

Lab 7: Escalating Permissions

Lab 8: Working with an External User Account

Lab 9: Testing the LDAP Authentication Object

Lab 10: Creating Objects

Lab 11: Creating Basic Access Control Policy

Lab 12: Creating an Access Control Policy for Application Awareness

Lab 13: URL Filtering

Lab 14: Including an IPS Policy in Access Control Rules

Lab 15: Tuning the Network Discovery Detection Policy

Lab 16: Viewing FireSIGHT Data

Lab 17: User Discovery

Lab 18: Host Attributes

Lab 19: Creating a File Policy

Lab 20: Creating an Intrusion Policy

Lab 21: Enable Include FireSIGHT Recommendations

Lab 22: Implement FireSIGHT Recommendations

Lab 23: Applying Your Policy and Variable Set and Test

Lab 24: Tuning Your HTTP Inspect Preprocessor

Lab 25: Testing the Network Analysis Policy Settings

Lab 26: Analyzing Events

Lab 27: Tuning an Event

Lab 28: Context Explorer

Lab 29: Comparing Trends

Lab 30: Creating a Correlation Policy Based on Connection Data

Lab 31: Whitelists

Lab 32: Working with Connection Data and Traffic Profiles

Lab 33: Writing Custom Rules