Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS)

Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS)

Course Information

Technology : Prepforce Specials (Security)

Duration : 5 Days Course

Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS)

Upcoming Dates

Course Details

Overview

Securing Cisco Networks with Cisco Sourcefire Intrusion Prevention System (IPS)1 is an instructor-led course offered by Cisco Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the powerful features of the Cisco and Sourcefire systems, including Cisco FireSIGHT technology (formerly Sourcefire FireSIGHT technology), in-depth event analysis, IPS tuning and configuration, and the SNORT rules language.

You will learn how to use and configure next-generation Cisco and Sourcefire technology, including application control, firewall, and routing and switching capabilities. You will also learn to properly tune systems for better performance and greater network intelligence while taking full advantage of powerful tools for more efficient event analysis, including file type and network-based malware detection.

This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully deploy and manage the Cisco and Sourcefire system.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  •  Describe the Cisco and Sourcefire systems infrastructure
  • Navigate the user interface and administrative features of the Cisco and Sourcefire systems, including reporting functionality to properly assess threats
  • Describe how to deploy and manage Cisco and Sourcefire devices
  • Describe the role FireSIGHT technology plays in the Cisco and Sourcefire systems
  • Describe, create, and implement objects for use in Access Control policies
  • Describe advanced policy configuration and Sourcefire system configuration options
  • Analyze events
  • Write and configure several basic rules

Outline

Day 1

  • Lesson 1: Firepower System Overview and Classroom Setup
  • Lesson 2: Hardware Overview and Architecture
  • Lesson 3: Device Management

 

Day 2

  • Lesson 4: Firepower Discovery Technology
  • Lesson 5: Object Management
  • Lesson 6: Access Control Policy

 

Day 3

  • Lesson 7: Implementing Security Intelligence
  • Lesson 8: File Control and Advanced Malware Protection
  • Lesson 9: Implementing NGIPS
  • Lesson 10: Preprocessor Tuning

 

Day 4

  • Lesson 11: Event Analysis
  • Lesson 12: System Administration
  • Lesson 13: Correlation Policies

 

Day 5

  • Lesson 14: Remote Access AnyConnect VPN
  • Lesson 15: Site-to-Site VPN
  • Lesson 16: High Availability

 

Labs:

Lab 1: Connecting to the Lab Environment

  • Task 1.1: Connect to the lab
  • Task 1.2: Test Lab Equipment’s
  • Connectivity

 

Lab 2: Navigate using the Firepower Management Center (FMC) GUI

  • Task 2.1: Connect to the Firepower Management Center (FMC) GUI changing password and time settings
  • Task 2.2: Getting familiar with the Firepower Management Center (FMC) GUI
  • Task 2.3: Creating a user account and enable evaluation license in the Firepower Management Center (FMC) GUI

 

Lab 3: Manage the virtual Firepower Threat Defense (vFTD) device individually and through the Firepower Management Console (FMC) GUI

  • Task 3.1: Connect to the virtual Firepower Threat Defense (vFTD) device named vFTD1 to manage it using its local GUI
  • Task 3.2: Connect the virtual Firepower Threat Defense (vFTD1) to the Firepower Management Center (FMC) GUI for remote management
  • Task 3.3: Add a Health Policy in the Firepower Management Center (FMC) GUI for the virtual Firepower Threat Defense (vFTD1)
  • Task 3.4: Add a Platform Settings Policy in the Firepower Management Center (FMC) GUI for the virtual Firepower Threat Defense (vFTD1)
  • Task 3.5: Configure interfaces, static routing and add a NAT Policy in the Firepower Management Center (FMC) GUI for the virtual Firepower Threat Defense (vFTD1)

 

Lab 4: Implementing Network Discovery

  • Task 4.1: Create and test a Network Discovery Policy
  • Task 4.2: Configure User Discovery Policy using Active Directory create Host Attributes

 

Lab 5: Implementing Object Management to Prepare for Access Control Policy

  • Task 5.1: Navigating the Objects Section
  • Task 5.2: Creating Objects and Object Groups for Networks, Ports and URLs

 

Lab 6: Implementing Access Control Policies

  • Task 6.1: Control Internet Connections to Specific Applications using an Access Control Policy
  • Task 6.2: Controlling In-Between Zones traffic with Layer 7 Filtering
  • Task 6.3: Add a Deny Access Message and IPS Policy to Access Control Policy

 

Lab 7: Implementing Security Intelligence

  • Task 7.1: Configuring and Deploying Security Intelligence Feeds
  • Task 7.2: Block a Connection Manually using Whitelisting and Blacklisting

 

Lab 8: Implementing file control and Advanced Malware Protection Policies

  • Task 8.1: Create a File Policy to Lookup for Malware and Control access to various File Types

 

Lab 9: Implementing NGIPS

  • Task 9.1: Create an Intrusion Prevention policy using Firepower Recommendations

 

Lab 10: Implementing Pre-processor Rules

  • Task 10.1: Create a Pre-processor Rule to Insect Traffic

 

Lab 11: Detailed Analysis

 

Lab 12: System Administration

  • Task 12.1: Schedule a Policy Deployment, Automate Firepower Recommendation Updates, and Backup the FMC
  • Task 12.2: Create External Authentication Object

 

Lab 13: Correlation Policies

  • Task 13.1: Create a Correlation Policy Based on Connection Events

 

Lab 14: Remote Access AnyConnect VPN

  • Task 14.1: Establish a Remote Access AnyConnect VPN

 

Lab 15: Site to Site VPN

  • Task 15.1: Establish a Site to Site VPN

 

Lab 16: Implementing High Availability

  • Task 16.1: Create a High Availability Pair

Target Audience

This course is designed for technical professionals who need to know how to deploy and/or manage a Cisco and Sourcefire systems in a network environment. The primary audience for this course includes:

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers

Pre-Requisites

The recommended knowledge and skills that a learner should have for the best learning outcome include:

  • Technical understanding of TCP/IP networking and network architecture
  • Basic familiarity with the concepts of Intrusion Detection Systems (IDS) and IPS
Download PDF

Course Schedule

X

Contact Us

We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

Subscribe

I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.