• Classroom
Course Description

In this Global Knowledge—enhanced course, you will gain the skills required to deploy Cisco’s network—based Intrusion Prevention System (IPS). You will get an introduction to Cisco IPS platforms and managers, including:

4200 Series Sensors
Catalyst 6000 Series Intrusion Detection Module 2 (IDSM—2)
Advanced Inspection and Prevention Security Services Module (AIP—SSM)
IPS Device Manager (IDM) GUI
IPS Manager Express (IME)

Learning Objectives

How Cisco IPS protects network devices from attacks
Basic intrusion prevention terminology
Intrusion prevention technologies and evasive techniques
Cisco IPS Sensor platforms and their features
Install and configure basic settings on a Cisco IPS 4200 Series Sensor
Use the IDM to configure built—in signatures to meet the requirements of a given security policy
Create and implement customized intrusion prevention signatures
Create alarm filters to reduce alarms and possible false positives
Configure the sensor with the command line and IDM
Configure IPS protective reactions such as TCP reset and deny attacker inline
Configure a Cisco IPS Sensor to perform blocking on IOS routers and Adaptive Security Appliances (ASAs) or PIX firewalls
Perform maintenance operations such as signature updates
Configure and monitor anomaly detection, passive OS fingerprinting, and virtual sensors
Initialize and install remaining Cisco IPS family of products
Utilize global correlation to adjust sensor actions based on the reputation of the source IP address
Use the CLI and Cisco IDM to obtain system information
Internal specifications of different signature engines

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.