Год выпуска: 2012
Производитель: CBT Nuggets
Сайт производителя: http://www.cbtnuggets.com
Автор: Michael J. Shannon
Продолжительность: 9 часов
Тип раздаваемого материала: Видеоурок
Описание: If you defend your Cisco network with the vigilance of a proud parent, make sure you’ve got the know-how and skills needed to effectively deploy Cisco IPS-based security solutions for your organization or customers.
With Cisco super-trainer Michael Shannon, you’ll learn how use Cisco’s powerful IPS features to mitigate a wide variety of potential risks to your IT infrastructure and applications. Michael will also lead you through a number of live demonstrations, detailing operations support for both the standalone and modular IPS sensors.
Protect your network and prove your security savoir-faire with Cisco’s CCNP Security or IPS Specialist certifications. Michael Shannon’s Intrusion Prevention System v7.0 series will prepare you for both.
Introduction to IPS
Explore IDS/IPS terminology and features of the Cisco IPS. You'll also learn about the architecture, software, and hardware. You'll explore the eight traffic analysis methods and finish up with a look at Cisco IPS anti-evasion techniques.
IPS Network Integration
Become familiar with the different options for deploying and integrating your sensor solution into your network. Topics include promiscuous mode, inline pairs, VLAN pair mode, VLAN groups, and best practices for each option.
Initial Setup and Management
Get your feet wet with some implementation by looking at the CLI on a 4240 and AIP-SSM, then jumping into the IPS Device Manager (IDM) for basic setup, configuration, and sensor management through the GUI.
Basic Traffic Analysis
See the IPS sensor in action with a real-world configuration of the default virtual sensor engine. You'll also learn about traffic normalization settings, IPv6 support, software bypass, and an introduction to IPS signatures.
Engines, Basic Tuning, and Responses (Part 1)
In part one of two nuggets dedicated to signature engines and responses, you'll survey all of the engine types and explore basic signature tuning, including event counting and summarization. You'll enable the FTP and HTTP AIC engines as well, and will learn how to set up a Windows system in a virtual machine as your target host for ongoing penetration testing through the IPS sensor.
Engines, Basic Tuning, and Responses (Part 2)
In this continuation of Part 1, you will further explore detective and aggressive actions, the components and purpose of risk rating, remote blocking, and IP logging. Included are several awesome real-world configurations.
IPS Anomaly Detection
Here you will learn all about the powerful Anomaly Detection feature for your Cisco IDS/IPS implementation. Topics include concepts, functionality, components, configuration, monitoring, and troubleshooting of the Anomaly Detection service.
Custom Traffic Analysis (Part 1)
This is the first of two nuggets that explores expert-level advanced traffic analysis and tuning on the 4240 sensor. This action-packed module includes event counting, dynamic summarization, event action overrides, event filters, target value rating (TVR) configuration, and POSFP.
Custom Traffic Analysis (Part 2)
In part two you will continue the advanced analysis by generating custom signatures both manually and wizard-driven. You will also learn techniques to manage false positives and false negatives on an ongoing basis.
IPS Manager Express
You're really gonna love this exploration of the IME including its features, display options, configuration, real-time and historical monitoring as well as powerful reporting features for up to 10 devices at once.
Global Correlation, Reputation-Based Filtering, SIO, and Intellishield
Well, the title of this nugget says it all! We are going to learn about the Global Correlation and Reputation-Based Filtering features with the Sensorbase network, Cisco Security Intelligence Operations (SIO), Intellishield services, and some awesome test tips to finish it off.
Optimizing Sensor Performance
Let's make sure that our sensors are banging on all cylinders! We will explore sensor throughput requirements, recognition and detection of performance issues with CLI, IDM, and IME metric indicators. We will also discuss SPAN issues for promiscuous mode operations, load-sharing, and traffic-reduction methods.
Sensor High-Availability Options
This nugget is really a companion piece to the optimization module. Here you will learn about the high-availability choices for the IPS sensor - which often go hand-in-hand with performance. This nugget covers a definition of sensor high-availability; switched-based HA; router-based HA; and AIP-SSM HA using the Adaptive Security Appliance active-standby and active-active solutions. 00:26:35
AIP SSM and AIP SSC Modules
It's "Module" time! Prepare for a fascinating look at the ins and outs of the AIP-SSM and AIP-SSC5 modules of the 5500 series security appliances.
ISR IPS AIM and IPS NME Modules
In this little gem of a nugget you will learn all about the IPS Advanced Integration Module (AIM) and IPS Network Module Enhanced (NME) modules that are deployed in the Cisco Integrated Services Routers.
Cisco IDSM-2 Essentials
This final nugget takes a brief tour of the specifications and features of the Intrusion detection System Services Module-2 (IDSM-2) that is installed in the Catalyst 6500-series switch platforms.
Формат видео: MP4
Видео: MP4, 800x600, 15fps, 137 KBps
Аудио: AAC, 44100, 32 KBps, 1channel