Загрузил staskort123

889347

реклама
Cisco Secure Intrusion
Detection System 4.1
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-1
Lesson 1
Course Introduction
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-2
Course Objectives
Upon completion of this course, you will be able to
perform the following tasks:
• Describe the basic intrusion detection terminology.
• Explain the different intrusion detection technologies and
evasive techniques.
• Design a Cisco IDS protection solution for small, medium,
and enterprise customers.
• Identify the Cisco IDS Sensor platforms and describe
their features.
• Describe the Cisco IDS signatures and determine the
immediate threat posed to the network.
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-3
Course Objectives (Cont.)
• Describe the Cisco IDS signature engines and engine
parameters.
• Tune Cisco IDS signatures to work optimally in unique
network environments.
• Create and implement customized intrusion detection
signatures.
• Create alarm exceptions to reduce alarms and possible
false positives.
• Configure a Cisco IDS Sensor to perform device
management of supported blocking devices.
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-4
Course Objectives (Cont.)
• Perform maintenance operations such as signature and
service pack upgrades.
• Describe the Cisco IDS architecture.
• Manage a large scale deployment of Cisco IDS Sensors
with management and monitoring software.
• Install and configure Cisco IDS Sensors including the
following:
– A network appliance
– A Network Module for Cisco 2600, 3600, and 3700
routers
– An Intrusion Detection System Module 2
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-5
Course Agenda
Day 1
•
•
•
•
•
•
Lesson 1—Course Introduction
Lesson 2—Security Fundamentals
Lesson 3—Intrusion Detection Overview
Lunch
Lesson 4—Cisco Intrusion Detection System Architecture
Lesson 5—Getting Started with the IDS Command Line Interface
Day 2
• Lesson 6—Sensor Management and Monitoring
• Lesson 7—Using the Intrusion Detection System Device Manager to
Configure the Sensor
• Lunch
• Lesson 8—Cisco Intrusion Detection System Alarms and Signatures
• Lesson 9—Signature Configuration
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-6
Course Agenda (Cont.)
Day 3
•
•
•
•
•
Lesson 10—Sensor Tuning
Lesson 11—Blocking Configuration
Lunch
Lesson 12—Cisco Intrusion Detection System Maintenance
Lesson 13—Enterprise Intrusion Detection System Management
Day 4
•
•
•
•
•
Lesson 14—Enterprise IDS Monitoring and Reporting
Lesson 15—Cisco Intrusion Detection System Network Module
Lunch
Lesson 16—Intrusion Detection System Module Configuration
Lesson 17—Capturing Network Traffic for Intrusion Detection Systems
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-7
Participant Responsibilities
Student responsibilities
• Complete prerequisites
• Participate in lab exercises
• Ask questions
• Provide feedback
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-8
General Administration
Class-related
Facilities-related
• Sign-in sheet
• Participant materials
• Length and times
• Site emergency
procedures
• Break and lunch room
locations
• Attire
© 2004, Cisco Systems, Inc. All rights reserved.
• Restrooms
• Telephones/faxes
CSIDS 4.1—1-9
Graphic Symbols
IOS Router
PIX Firewall
VPN 3000
IDS Sensor
Network
Access Server
Policy Manager
CA
Server
PC
Hub
Modem
© 2004, Cisco Systems, Inc. All rights reserved.
Ethernet Link
Catalyst 6500
w/ IDS Module 2
Laptop
VPN Tunnel
IOS Router
w/IDS Network
Module
Server
Web, FTP, etc.
Network
Cloud
CSIDS 4.1—1-10
Participant Introductions
• Your name
• Your company
• Prerequisite skills
• Brief history
• Objective
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-11
Cisco Security Career Certifications
Expand Your Professional Options
and Advance Your Career
Cisco Certified Security Professional (CCSP) Certification
Professional-level recognition in designing
and implementing Cisco security solutions
Expert
CCIE
Professional
CCSP
Associate
Required
Exam
Recommended Training through
Cisco Learning Partners
642-501
Securing Cisco IOS Networks
642-511
Cisco Secure Virtual Private Networks
642-531
Cisco Secure Intrusion Detection System
642-521
Cisco Secure PIX Firewall Advanced
642-541
Cisco SAFE Implementation
CCNA
Network Security
www.cisco.com/go/securitytraining
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-12
Cisco Security Career Certifications
(Cont.)
Enhance Your Cisco Certifications
and Validate Your Areas of Expertise
Cisco Firewall, VPN, and IDS Specialists
Cisco Firewall Specialist
Required
Exam
642-501
Recommended Training through
Cisco Learning Partners
Pre-requisite: Valid CCNA certification
Securing Cisco IOS Networks
Cisco Secure PIX Firewall Advanced
642-521
Cisco VPN Specialist
Required
Exam
Recommended Training through
Cisco Learning Partners
Pre-requisite: Valid CCNA certification
Cisco IDS Specialist
642-501
Securing Cisco IOS Networks
642-511
Cisco Secure Virtual Private Networks
Required
Exam
642-501
642-531
Recommended Training through
Cisco Learning Partners
Pre-requisite: Valid CCNA certification
Securing Cisco IOS Networks
Cisco Secure Intrusion Detection System
www.cisco.com/go/securitytraining
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-13
Lab Topology Overview
© 2004, Cisco Systems, Inc. All rights reserved.
CSIDS 4.1—1-14
Lab Visual Objective
Web
FTP
.50
172.26.26.0
.150
.1
.1
172.30.P.0
sensorP
RBB
172.30.Q.0
.2
Router
.2
sensorQ
.2
.4
Router
nmsensorP nmsensorQ
.4
.2
10.0.P.0
.10
Web
FTP
SMTP
POP
10.0.Q.0
.100
RTS
© 2004, Cisco Systems, Inc. All rights reserved.
.10
.100
RTS
Student PC
Student PC
10.0.P.12
10.0.Q.12
Web
FTP
SMTP
POP
CSIDS 4.1—1-15
Скачать