Overview
This five-day course is designed to provide network security engineers with the knowledge and skills needed to deploy Cisco Intrusion Prevention System (IPS)-based security solutions. Successful delegates will be able to reduce the risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS.
Pre-Requisites
Attendees should meet the following prerequisites:
- CCNA Certification, ICND1 and ICND2 or CCNABC Required
- CCNA Security Certification IINS Required.
- Working knowledge of Microsoft Windows OS is an advantage.
Content
Introduction to Intrusion Prevention and Detection, Cisco IPS Software, and Supporting Devices
- Evaluating Intrusion Prevention and Intrusion Detection Systems
- Choosing Cisco IPS Software, Hardware, and Supporting Applications
- Evaluating Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-Evasive Countermeasures
- Choosing a Network IPS and IDS Deployment Architecture
Installing and Maintaining Cisco IPS Sensors
- Integrating the Cisco IPS Sensor into a Network
- Performing the Cisco IPS Sensor Initial Setup
- Managing Cisco IPS Devices
Applying Cisco IPS Security Policies
- Configuring Basic Traffic Analysis
- Implementing Cisco IPS Signatures and Responses
- Configuring Cisco IPS Signature Engines and the Signature Database
- Deploying Anomaly-Based Operation
Adapting Traffic Analysis and Response to the Environment
- Customizing Traffic Analysis
- Managing False Positives and False Negatives
- Improving Alarm and Response Quality
Managing and Analyzing Events
- Installing and Integrating Cisco IPS Manager Express with Cisco IPS Sensors
- Managing and Investigating Events Using Cisco IPS Manager Express
- Using Cisco IME Reporting and Notifications
- Integrating Cisco IPS with Cisco Security Manager and Cisco Security MARS
- Using the Cisco IntelliShield Database and Services
Deploying Virtualization, High Availability, and High Performance Solutions
- Using Cisco IPS Virtual Sensors
- Deploying Cisco IPS for High Availability and High Performance
Configuring and Maintaining Specific Cisco IPS Hardware
- Configuring and Maintaining the Cisco ASA AIP SSM and AIP SSC Modules
- Configuring and Maintaining the Cisco ISR IPS AIM and IPS NME Modules
- Configuring and Maintaining the Cisco IDSM-2 Module
Labs
- Lab 2-1: Performing the Cisco IPS Sensor Initial Setup
- Lab 2-2: Managing a Cisco IPS Sensor
- Lab 3-1: Configuring and Modifying Basic Cisco IPS Signatures and Responses
- Lab 3-2: Configuring Cisco IPS Anomaly-Based Operation
- Lab 4-1: Configuring Custom Cisco IPS Signatures
- Lab 4-2: Managing False Positives and False Negatives
- Lab 4-3: Improving Alarm and Response Quality
- Lab 5-1: Using the Cisco IME
- Lab 5-2: Using Cisco IPS and Security Intelligence Web Resources
- Lab 6-1: Configuring Policy Virtualization
Objectives
After you complete this course you will be able to:
- Evaluate products and deployment architectures for the Cisco IPS product line
- Perform an initial implementation of a Cisco IPS sensor
- Implement an initial security policy using a Cisco IPS sensor according to local policies and environmental requirements
- Deploy customized policies to adapt Cisco IPS traffic analysis and response to the target environment
- Implement a basic Cisco IPS data management and analysis solution
- Implement complex Cisco IPS policy virtualization, high availability, and high performance solutions according to policy and environmental requirements
- Perform the initial setup of, and maintain specific Cisco IPS hardware
Target Audience
This course is designed for Network Security Engineers who implement and maintain Cisco IPS solutions as well as individuals looking to obtain the CCNP Security Career Certification.
Certification
Recommended preparation for exam(s):
- 642-627 - Implementing Cisco Intrusion Prevention System
IPS is one of four courses required for the Cisco Certified Network Professional for Security Career Certification
Follow on Courses
The following courses are recommended for further study :
- FIREWALL - Deploying Cisco ASA FirewallSolutions
- VPN - Deploying Cisco ASA VPN Solutions
- SECURE -Securing Cisco Routers and Switches
Further Information
Recertification:
Cisco professional level certifications (CCNP, CCNP SP Operations, CCNP Wireless, CCDP, CCNP Security, CCNP Voice, and CCIP) are valid for three years. To recertify, pass any 642 exam that is part of the professional level curriculum or pass any CCIE/CCDE written exam before the certification expiration date.
Achieving or recertifying any of the certifications above automatically extends your active Associate and Professional level certification(s) up to the point of expiration of the last certification achieved. For more information, access the Cisco About Recertification page
