Course Details
Overview
The Advanced FirPOWER training is an instructor-led, lab-based, hands-on course. This course is part of a portfolio of security courses designed to help businesses support and maintain their Cisco Firepower systems. This lab-intensive course introduces you to the basic next-generation intrusion prevention system and firewall security concepts. The course then leads you through theCisco Firepower system. Among other powerful features, you will become familiar with:
- In-depth event analysis
- NGIPS tuning and configuration
- Snort rules language
You will also become familiar with the latest platform features: file and malware inspection, security intelligence, domain awareness, and more. The course begins by introducing the system architecture, the latest major features, and the role of policies in implementing the solution. You learn how to manage deployed devices and perform basic Cisco Firepower discovery. You will be able to describe how to use and configure Cisco NGIPS technology, including application control, security intelligence, firewall, and network-based malware and file controls.
You will learn how to take advantage of powerful tools so you can carry out more efficient event analysis, including the detection of file type and network-based malware. And you will learn how to properly tune systems for better performance and greater network intelligence. The course finishes with system and user administration tasks. This course combines lecture materials and hands-on labs that will give you practice in deploying and managing the Cisco Firepower system.
Objectives
Prepforce Specials
This course workshop is part of our custom created special courses because of one or more following reasons.
- Most of the time, the courses are requested by Cisco BU.
- The courses designed are part of the Cisco derivative work approved contents.
- The course was designed to follow an exam where Cisco approved contents are not available.
- The course follows a specific project, which is been requested by a customer.
Outline
Lesson 1: FireSIGHT System Overview and Classroom Setup
- Cisco FireSIGHT System Overview
- Virtual Network
Lesson 2: Hardware Overview and Architecture
- FireSIGHT System Components
- firePOWER Device Features and Capabilities
- Configuring FireSIGHT System Devices
- Traffic Flow Through the FireSIGHT System
Lesson 3: Device Management
- Device Management
- OSFP Configuration Options
- Policy-Based NAT
- Gateway VPN
- Clustered High-Avalability State Sharing Overview
Lesson 4: User Account Management
- User Account Management
Lesson 5: Object Management
- Object Management
Lesson 6: Access Control Policy
- Access Control Policy
- Adding Rule Constraints
Lesson 7: FireSIGHT Tecnhology
- FireSIGHT Technology Overview
- Discovery Overview
- Connection Events
- User Discovery Data Collection Sources
- User Discovery Technology
Lesson 8: Network-Based Malware Detection
- Network-Based Malware Detection Architecture and Configuration
- File-type Detection Architecture
- Malware Detection and Blocking
- File-Disposition Caching
- Working with file storage
- Working with File Lists
- File Policy Considerations
- Using the file Policy
- File-type and Malware Events and the Network Trajectory
- Viewing Threat Scores and Dynamic Analsys Reports
Lesson 9: managing SSL Traffic
- SSL Network Traffic Challenges
Lesson 10: IPS Policy Basics
- IPS Policies and Configuration Concepts.
Lesson 11: Network analysis Policy
- Network Analysis Policy Introduction
- Understanding Preprocessors
- Network Analysis Policy Configuration
- Network Analysis Policy Configuration Cont.
- Configuring Preprocessors
Lesson 12: Event analysis
- Intrusion analysis Workflow
- Selecting Events to Analyze
- Analyze Events in Context
- Is This Event a Security Threat?
- Is this information useful?
- Tuning Options
- Rule documentation
- Assisting in Incident Response
Lesson 13: Reporting
- Reporting Overview
- Report Templates
Lesson 14: Correlation Policies
- Correlation Rules and Policies
- Whitelist
- Traffic Profiles
Lesson 15: Basic Rule Syntax and Usage
- Snort Rules Overview
- Rule Headers
- Rule Body
- Writing Rules
Appendix A: Sourcefire System Customization
- Custom Workflows and Searches
- Correlation Rules
- Custom Dashboard Widgets
- Reporting
- Whitelist
- Traffic Profiles
Appendix B: Case Studies in Rule Writing and Packet Analysis
Pre-Requisites
- Technical understanding of TCP/IP networking and network architecture
- Basic familiarity with the concepts of intrusion detection systems (IDS) and IPS