IBM Security Network Protection Administration and Configuration

COURSE OUTLINE:

Description

IBM Security Network Prevention is a next-generation intrusion prevention system. In this course, you will learn about the processes, procedures, and practices necessary to configure the Network Protection (XGS) appliance to protect your network. You will discover how to configure the appliance, configure management and protection policies, and block a variety of common attacks.

Audience

  • Network and security professionals who evaluate, implement, manage, or monitor the IBM Security Network Protection appliance

�

Prerequisites

��Basic knowledge of information security concepts
��Familiarity with networking concepts, such as switching, routing, and firewalls, and tools, such as network sniffers and FTP clients
��Solid knowledge of the TCP/IP protocol and IPv4 networking
��Use the IBM Security SiteProtector console to manage agents.
��Have attended IBM Security SiteProtector System: Basic Implementation and Administration (IS604G) or an equivalent course

�

Learning Objectives

��Characteristics and architecture of the IBM Security Network Protection appliance
��Connect the appliance to your network
��Configure initial settings on the appliance and register it with SiteProtector
��Use network objects and network access rules to configure the Network Access Policy
��Use IPS objects to configure the Intrusion Prevention Policy
��Different alert types and configure SNMP alerts generated by response objects and system alerts
��Use objects and policies to tune your security policy
��Capture network packets
��Configure local, remote, and passive user authentication
��Inspect outbound and inbound SSL traffic
��Use the SNORT syntax to incorporate rules in the appliance
��Use advanced threat protection and quarantine rules to block events
��Integrate the appliance with IBM Security QRadar SIEM
��Monitor events on the appliance

1.�Introduction To IBM Security Network Protection
2.�Setting Up The Appliance
3.�Managing The Appliance
4.�Configuring The Network Access Policy
5.�Configuring The Intrusion Prevention Policy
6.�Using Alerts And Events
7.�Tuning Network Access Policy Rules And Intrusion Prevention Behavior
8.�Capturing Network Traffic
9.�Controlling User Access
10.�Inspecting SSL-Encrypted Traffic
11.�Implementing SNORT Rules
12.�Configuring Advanced Threat Protection
13.�Integrating With Qradar SIEM
14.�Monitoring Event Data