Content

Implementing Cisco Intrusion Prevention System v6.0

This exercise bundle supports the Implementing Intrusion Prevention Systems (IPS) course that teaches the skills needed to design, install, configure, and maintain a Cisco Intrusion Prevention solution. In this set of exercises, the students use the Command Line Interface (CLI) and the IPS Device Manager (IDM) to configure, maintain and monitor the Cisco IPS sensor. They perform extensive testing to verify the signature configuration on a topology illustrated by the figure.


Content

This set of lab exercises contains the following exercises:

Objectives

Upon finishing this set of exercises, you will be able to:
Use the CLI to configure the network settings, create a login banner, restart the sensor, back up and restore the configuration, and display events and statistics.

  • Use the IDM to configure SSH communications, view events and reboot the sensor.
  • Use the IDM to configure allowed hosts, create user accounts, and enable the sensing interfaces.
  • Use the IDM to create an interface pair, assign the interface pair to the virtual sensor, and configure the bypass mode.
  • Use the IDM to modify the status and event action parameters of built-in signatures, display and clear the denied attackers list, examine alerts, download and view IP logs.
  • Use the IDM to tune signatures, restore signature default settings, and create a Meta event.
  • Test the AIC HTTP engine signatures.
  • Use the Signature Wizards for creating custom signatures with and without specifying the signature engine.
  • Use the IDM to modify the event risk rating, configure event action overrides, event variables and an event action filter.
  • Configure blocking by adding the blocking device to the sensor’s known hosts list, assigning a blocking action to a signature and provisioning other blocking parameters.
  • Recover the sensor’s software image by using the recover command, by selecting the recovery image during bootup, and by ROMMON and TFTP.
  • Use the IDM to install a signature update.
  • Use the CLI to perform general troubleshooting and display and capture live traffic with the packet command.
  • Use the IDM to view sensor statistics, system information and run a diagnostics report.

Importance

The lab bundle is a prerequisite for all students involved in planning, designing, deploying and operating firewall systems that include Cisco intrusion prevention solutions.

Target Audience

Cisco customers who implement and maintain Cisco IPS systems

  • Cisco Channel Partners who sell, implement and maintain Cisco IPS systems
  • Cisco Systems engineers who support the sales of the Cisco IPS systems

    Prerequisite Knowledge

    Students should have experience with the Cisco IOS or IPS command line and should meet the following prerequisites:

  • CCNA certification or equivalent knowledge.
  • Strong user level experience with Windows operating systems.
  • Familiarity with the networking and security terms and concepts (the concepts are learned in a prerequisite training or by reading industry publications).

    • Right sidebar

    Associated Products

    IPS

    Remote Lab Bundle

     

    Details

    IPS

    E-Course

     

    Details
    •  

    Get More Info

    More To Discover