|
Book details / order |
SSFIPS SECURING CISCO NETWORKS WITH SOURCEFIRE INTRUSION PREVENTION SYSTEM STUDY GUIDE: EXAM 500-285 |
Securing cisco networks with sourcefire ips study guide, exam 500-285, provides 100% coverage of the firepower with advanced firesight administration exam objectives. with clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights and end of chapter reviews. learn key exam topics and powerful features of the cisco firepower services, including firesight management center, in-depth event analysis, ips tuning and configuration and snort rules language.
introduction
assessment test
chapter 1 getting started with firesight
industry terminology
cisco terminology
firepower and firesight
out with the old...
appliance models
hardware vs. virtual devices
device models
defense center models
firesight licensing
license dependencies
network design
inline ips
passive ips
router, switch and firewall
policies
the user interface
initial appliance setup
setting the management ip
initial login
summary
hands-on lab
review questions
chapter 2 object management
what are objects?
getting started
network objects
individual network objects
network object groups
security intelligence
blacklist and whitelist
sourcefire intelligence feed
custom security intelligence objects
port objects
vlan tag
url objects and site matching
application filters
variable sets
file lists
security zones
geolocation
summary
hands-on lab
exam essentials
review questions
chapter 3 ips policy management
ips policies
default policies
policy layers
creating a policy
policy editor
summary
hands-on labs
hands-on lab 3.1: creating an ips policy
hands-on lab 3.2: viewing connection events
exam essentials
review questions
chapter 4 access control policy
getting started with access control policies
security intelligence lists
blacklists, whitelists and alerts
security intelligence page specifics
configuring security intelligence
access control rules
access control ui elements
rule categories
a simple policy
saving and applying
summary
hands on lab
exam essentials
review questions
chapter 5 firesight technologies
firesight technologies
network discovery policy
discovery information
user information
host attributes
summary
hands-on labs
hands-on lab 5.1: configuring a discovery policy
hands-on lab 5.2: viewing connection events
hands-on lab 5.3: viewing the network map
hands-on lab 5.4: creating host attributes
exam essentials
review questions
chapter 6 intrusion event analysis
intrusion analysis principles
false positives
false negatives
possible outcomes
the goal of analysis
the dashboard and context explorer
intrusion events
an introduction to workflows
the time window
the analysis screen
the caveat
rule comment
summary
hands on lab
exam essentials
review questions
chapter 7 network based malware detection
amp architecture
sha 256
spero analysis
dynamic analysis
retrospective events
communications architecture
file dispositions
file disposition caching
file policy
advanced settings
file rules
file types and categories
file and malware event analysis
malware events
file events
captured files
network file trajectory
context explorer
summary
hands on lab
exam essentials
review questions
chapter 8 system settings
user preferences
event preferences
file preferences
default time windows
default workflows
system configuration
system policy
health
health monitor
health policy
health events
blacklist
health monitor alerts
summary
hands-on lab
hands-on lab 8.1: creating a new system policy
hands-on lab 8.2: viewing health information
exam essentials
review questions
chapter 9 account management
user account management
internal versus external user authentication
user privileges
predefined user roles
creating new user accounts
managing user role escalation
configuring external authentication
creating authentication objects
summary
hands-on lab
hands-on lab 9.1: configuring a user in the local database
hands-on lab 9.2: configuring permission escalation
exam essentials
review questions
chapter 10 device management
device management
configuring the device on the defense center
nat configuration
virtual private networks
point-to-point vpn
star vpn
mesh vpn
advanced options
summary
hands-on labs
hands-on lab 10.1: creating a device group
hands-on lab 10.2: renaming the device
hands-on lab 10.3: modifying the name of the inline interface set
exam essentials
review questions
chapter 11 correlation policy
correlation overview
correlation rules, responses and policies
correlation rules
rule options
responses
correlation policy
white lists
traffic profiles
summary
hands-on lab
exam essentials
review questions
chapter 12 advanced ips policy settings
advanced settings
preprocessor alerting
application layer preprocessors
scada preprocessors
transport/network layer preprocessors
specific threat detection
detection enhancement
intrusion rule thresholds
performance settings
external responses
summary
hands on lab
hands on lab 12.1: modifying the http configuration preprocessor
hands on lab 12.2: enabling inline normalization
hands on lab 12.3: demonstrating the validation of preprocessor settings on policy commit
exam essentials
review questions
chapter 13 creating snort rules
overview of snort rules
rule headers
the rule body
writing rules
using the system gui to build a rule
summary
exam essentials
review questions
chapter 14 firesight v5.4 facts and features
branding
simplified ips policy
network analysis policy
why network analysis?
access control policy
general settings
network analysis and intrusion policies
files and malware settings
transport / network layer preprocessor settings
detection enhancement settings
performance / latency settings
ssl inspection
ssl objects
new rule keywords
file_type
protected_content
platform enhancements
international enhancements
minor changes
summary
appendix answers to review questions
index
Author : Todd lammle, john gay, alex tatistcheff
Publication : Sybex
Isbn : 9788126558933
Store book number : 107
NRS 1440.00
|
|
|
|
|
|
|
|
|
|