Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS)

Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS)

Course Information

Technology : Prepforce Specials (Security)

Duration : 5 Days Course

Review : 1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4.00 out of 5)
Loading...
  • Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS)

    Upcoming Dates

    Course Details

    Overview

    Securing Cisco Networks with Cisco Sourcefire Intrusion Prevention System (IPS)1 is an instructor-led course offered by Cisco Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the powerful features of the Cisco and Sourcefire systems, including Cisco FireSIGHT technology (formerly Sourcefire FireSIGHT technology), in-depth event analysis, IPS tuning and configuration, and the SNORT rules language.

    You will learn how to use and configure next-generation Cisco and Sourcefire technology, including application control, firewall, and routing and switching capabilities. You will also learn to properly tune systems for better performance and greater network intelligence while taking full advantage of powerful tools for more efficient event analysis, including file type and network-based malware detection.

    This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully deploy and manage the Cisco and Sourcefire system.

    Objectives

    Upon completing this course, the learner will be able to meet these overall objectives:

    •  Describe the Cisco and Sourcefire systems infrastructure
    • Navigate the user interface and administrative features of the Cisco and Sourcefire systems, including reporting functionality to properly assess threats
    • Describe how to deploy and manage Cisco and Sourcefire devices
    • Describe the role FireSIGHT technology plays in the Cisco and Sourcefire systems
    • Describe, create, and implement objects for use in Access Control policies
    • Describe advanced policy configuration and Sourcefire system configuration options
    • Analyze events
    • Write and configure several basic rules

    Outline

    Day 1

    • Lesson 1: Firepower System Overview and Classroom Setup
    • Lesson 2: Hardware Overview and Architecture
    • Lesson 3: Device Management

     

    Day 2

    • Lesson 4: Firepower Discovery Technology
    • Lesson 5: Object Management
    • Lesson 6: Access Control Policy

     

    Day 3

    • Lesson 7: Implementing Security Intelligence
    • Lesson 8: File Control and Advanced Malware Protection
    • Lesson 9: Implementing NGIPS
    • Lesson 10: Preprocessor Tuning

     

    Day 4

    • Lesson 11: Event Analysis
    • Lesson 12: System Administration
    • Lesson 13: Correlation Policies

     

    Day 5

    • Lesson 14: Remote Access AnyConnect VPN
    • Lesson 15: Site-to-Site VPN
    • Lesson 16: High Availability

     

    Labs:

    Lab 1: Connecting to the Lab Environment

    • Task 1.1: Connect to the lab
    • Task 1.2: Test Lab Equipment’s
    • Connectivity

     

    Lab 2: Navigate using the Firepower Management Center (FMC) GUI

    • Task 2.1: Connect to the Firepower Management Center (FMC) GUI changing password and time settings
    • Task 2.2: Getting familiar with the Firepower Management Center (FMC) GUI
    • Task 2.3: Creating a user account and enable evaluation license in the Firepower Management Center (FMC) GUI

     

    Lab 3: Manage the virtual Firepower Threat Defense (vFTD) device individually and through the Firepower Management Console (FMC) GUI

    • Task 3.1: Connect to the virtual Firepower Threat Defense (vFTD) device named vFTD1 to manage it using its local GUI
    • Task 3.2: Connect the virtual Firepower Threat Defense (vFTD1) to the Firepower Management Center (FMC) GUI for remote management
    • Task 3.3: Add a Health Policy in the Firepower Management Center (FMC) GUI for the virtual Firepower Threat Defense (vFTD1)
    • Task 3.4: Add a Platform Settings Policy in the Firepower Management Center (FMC) GUI for the virtual Firepower Threat Defense (vFTD1)
    • Task 3.5: Configure interfaces, static routing and add a NAT Policy in the Firepower Management Center (FMC) GUI for the virtual Firepower Threat Defense (vFTD1)

     

    Lab 4: Implementing Network Discovery

    • Task 4.1: Create and test a Network Discovery Policy
    • Task 4.2: Configure User Discovery Policy using Active Directory create Host Attributes

     

    Lab 5: Implementing Object Management to Prepare for Access Control Policy

    • Task 5.1: Navigating the Objects Section
    • Task 5.2: Creating Objects and Object Groups for Networks, Ports and URLs

     

    Lab 6: Implementing Access Control Policies

    • Task 6.1: Control Internet Connections to Specific Applications using an Access Control Policy
    • Task 6.2: Controlling In-Between Zones traffic with Layer 7 Filtering
    • Task 6.3: Add a Deny Access Message and IPS Policy to Access Control Policy

     

    Lab 7: Implementing Security Intelligence

    • Task 7.1: Configuring and Deploying Security Intelligence Feeds
    • Task 7.2: Block a Connection Manually using Whitelisting and Blacklisting

     

    Lab 8: Implementing file control and Advanced Malware Protection Policies

    • Task 8.1: Create a File Policy to Lookup for Malware and Control access to various File Types

     

    Lab 9: Implementing NGIPS

    • Task 9.1: Create an Intrusion Prevention policy using Firepower Recommendations

     

    Lab 10: Implementing Pre-processor Rules

    • Task 10.1: Create a Pre-processor Rule to Insect Traffic

     

    Lab 11: Detailed Analysis

     

    Lab 12: System Administration

    • Task 12.1: Schedule a Policy Deployment, Automate Firepower Recommendation Updates, and Backup the FMC
    • Task 12.2: Create External Authentication Object

     

    Lab 13: Correlation Policies

    • Task 13.1: Create a Correlation Policy Based on Connection Events

     

    Lab 14: Remote Access AnyConnect VPN

    • Task 14.1: Establish a Remote Access AnyConnect VPN

     

    Lab 15: Site to Site VPN

    • Task 15.1: Establish a Site to Site VPN

     

    Lab 16: Implementing High Availability

    • Task 16.1: Create a High Availability Pair

    Target Audience

    This course is designed for technical professionals who need to know how to deploy and/or manage a Cisco and Sourcefire systems in a network environment. The primary audience for this course includes:

    • Security administrators
    • Security consultants
    • Network administrators
    • System engineers
    • Technical support personnel
    • Channel partners and resellers

    Pre-Requisites

    The recommended knowledge and skills that a learner should have for the best learning outcome include:

    • Technical understanding of TCP/IP networking and network architecture
    • Basic familiarity with the concepts of Intrusion Detection Systems (IDS) and IPS
    Download PDF

    Course Schedule