SSFIPS - Securing Cisco Networks with Sourcefire FireSIGHT Intrusion Prevention System v2.0

COURSE OUTLINE:

Description

This lab-intensive course introduces you to the powerful features of the Cisco Sourcefire System, including FireSIGHT technology, in-depth event analysis, IPS tuning and configuration, and the Snort rules language.

You will learn how to use and configure next-generation Cisco IPS technology, including application control, firewall, and routing and switching capabilities. You will also learn to properly tune systems for better performance and greater network intelligence while taking full advantage of powerful tools for more efficient event analysis, including file type and network-based malware detection.

Audience

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers

Prerequisites

  • Technical understanding of TCP/IP networking and network architecture
  • Basic familiarity with the concepts of intrusion detection systems (IDS) and IPS

Learning Objectives

  • FireSIGHT system training infrastructure
  • Navigate the user interface and administrative features of the FireSIGHT system, including reporting functionality to properly assess threats
  • How to deploy and manage Cisco FireSIGHT devices
  • Various detection technologies used in the FireSIGHT system
  • Create and implement objects for use in Access Control policies
  • Advanced policy configuration and FireSIGHT system configuration options
  • Analyze events
  • Write and configure basic Snort rules

1. FireSIGHT System Overview and Classroom Setup

2. Hardware Overview and Architecture

3. Device Management

4. User Account Management

5. Object Management

6. Access Control Policy

7. FireSIGHT Technology

8. Network-Based Malware Detection

9. Managing SSL Traffic

10. IPS Policy Basics

11. Network Analysis Policy

12. Event Analysis

13. Reporting

14. Correlation Policy

15. Basic Rule Syntax and Usage