Details

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide


SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285
1. Aufl.

von: Todd Lammle, Alex Tatistcheff, John Gay

44,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 12.10.2015
ISBN/EAN: 9781119155058
Sprache: englisch
Anzahl Seiten: 432

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>Cisco has announced big changes to its certification program.</b></p> <p><b>As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.</b></p> <p><i>The good news is if you’re working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program.  Likewise, if you’re thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020. </i></p> <p><b><br /><br />Up the ante on your </b><b>FirePOWER with Advanced FireSIGHT Administration </b><b>exam prep</b></p> <p><i>Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, </i>provides 100% coverage of the <b>FirePOWER with Advanced FireSIGHT Administration</b> exam objectives. With clear and concise information regarding crucial <b>next-generation network </b>security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews.  Learn key exam topics and powerful features of the Cisco <b>FirePOWER Services</b>, including <b>FireSIGHT</b> <b>Management Center</b>, in-depth event analysis, IPS tuning and configuration, and snort rules language.</p> <p>Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.</p> <ul> <li>Use and configure <b>next-generation</b> <b>Cisco FirePOWER</b> services, including application control, firewall, and routing and switching capabilities</li> <li>Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis</li> <li>Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination</li> <li>Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary</li> </ul> <p><i>Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285</i> provides you with the information you need to prepare for the <b>FirePOWER with Advanced FireSIGHT Administration</b> examination.</p>
Introduction xv <p>Assessment Test xxv</p> <p><b>Chapter 1 Getting Started with FireSIGHT 1</b></p> <p>Industry Terminology 2</p> <p>Cisco Terminology 3</p> <p>FirePOWER and FireSIGHT 3</p> <p>Out with the Old… 4</p> <p>Appliance Models 5</p> <p>Hardware vs. Virtual Devices 6</p> <p>Device Models 6</p> <p>Defense Center Models 7</p> <p>FireSIGHT Licensing 8</p> <p>License Dependencies 9</p> <p>Network Design 9</p> <p>Inline IPS 10</p> <p>Passive IPS 11</p> <p>Router, Switch, and Firewall 11</p> <p>Policies 12</p> <p>The User Interface 13</p> <p>Initial Appliance Setup 14</p> <p>Setting the Management IP 15</p> <p>Initial Login 15</p> <p>Summary 17</p> <p>Hands-on Lab 17</p> <p>Review Questions 19</p> <p><b>Chapter 2 Object Management 21</b></p> <p>What Are Objects? 22</p> <p>Getting Started 23</p> <p>Network Objects 25</p> <p>Individual Network Objects 25</p> <p>Network Object Groups 25</p> <p>Security Intelligence 26</p> <p>Blacklist and Whitelist 26</p> <p>Sourcefire Intelligence Feed 27</p> <p>Custom Security Intelligence Objects 28</p> <p>Port Objects 29</p> <p>VLAN Tag 30</p> <p>URL Objects and Site Matching 31</p> <p>Application Filters 33</p> <p>Variable Sets 35</p> <p>File Lists 39</p> <p>Security Zones 41</p> <p>Geolocation 43</p> <p>Summary 44</p> <p>Hands-on Lab 45</p> <p>Exam Essentials 49</p> <p>Review Questions 51</p> <p><b>Chapter 3 IPS Policy Management 53</b></p> <p>IPS Policies 54</p> <p>Default Policies 55</p> <p>Policy Layers 56</p> <p>Creating a Policy 57</p> <p>Policy Editor 58</p> <p>Summary 65</p> <p>Hands-on Labs 65</p> <p>Hands-on Lab 3.1: Creating an IPS Policy 66</p> <p>Hands-on Lab 3.2: Viewing Connection Events 66</p> <p>Exam Essentials 66</p> <p>Review Questions 68</p> <p><b>Chapter 4 Access Control Policy 71</b></p> <p>Getting Started with Access Control Policies 72</p> <p>Security Intelligence Lists 75</p> <p>Blacklists, Whitelists, and Alerts 76</p> <p>Security Intelligence Page Specifics 77</p> <p>Configuring Security Intelligence 79</p> <p>Access Control Rules 86</p> <p>Access Control UI Elements 86</p> <p>Rule Categories 88</p> <p>A Simple Policy 97</p> <p>Saving and Applying 98</p> <p>Summary 100</p> <p>Hands?]on Lab 100</p> <p>Exam Essentials 104</p> <p>Review Questions 105</p> <p><b>Chapter 5 FireSIGHT Technologies 107</b></p> <p>FireSIGHT Technologies 108</p> <p>Network Discovery Policy 109</p> <p>Discovery Information 114</p> <p>User Information 120</p> <p>Host Attributes 124</p> <p>Summary 126</p> <p>Hands-on Labs 126</p> <p>Hands-on Lab 5.1: Configuring a Discovery Policy 127</p> <p>Hands-on Lab 5.2: Viewing Connection Events 127</p> <p>Hands-on Lab 5.3: Viewing the Network Map 127</p> <p>Hands-on Lab 5.4: Creating Host Attributes 128</p> <p>Exam Essentials 128</p> <p>Review Questions 130</p> <p><b>Chapter 6 Intrusion Event Analysis 133</b></p> <p>Intrusion Analysis Principles 134</p> <p>False Positives 134</p> <p>False Negatives 135</p> <p>Possible Outcomes 135</p> <p>The Goal of Analysis 136</p> <p>The Dashboard and Context Explorer 136</p> <p>Intrusion Events 141</p> <p>An Introduction to Workflows 141</p> <p>The Time Window 142</p> <p>The Analysis Screen 145</p> <p>The Caveat 154</p> <p>Rule Comment 168</p> <p>Summary 175</p> <p>Hands?]on Lab 175</p> <p>Exam Essentials 177</p> <p>Review Questions 178</p> <p><b>Chapter 7 Network?]Based Malware Detection 181</b></p> <p>AMP Architecture 182</p> <p>SHA?]256 183</p> <p>Spero Analysis 183</p> <p>Dynamic Analysis 183</p> <p>Retrospective Events 184</p> <p>Communications Architecture 184</p> <p>File Dispositions 185</p> <p>File Disposition Caching 185</p> <p>File Policy 185</p> <p>Advanced Settings 186</p> <p>File Rules 187</p> <p>File Types and Categories 191</p> <p>File and Malware Event Analysis 193</p> <p>Malware Events 194</p> <p>File Events 196</p> <p>Captured Files 197</p> <p>Network File Trajectory 199</p> <p>Context Explorer 203</p> <p>Summary 204</p> <p>Hands?]on Lab 204</p> <p>Exam Essentials 205</p> <p>Review Questions 206</p> <p><b>Chapter 8 System Settings 209</b></p> <p>User Preferences 210</p> <p>Event Preferences 211</p> <p>File Preferences 211</p> <p>Default Time Windows 211</p> <p>Default Workflows 212</p> <p>System Configuration 212</p> <p>System Policy 215</p> <p>Health 217</p> <p>Health Monitor 217</p> <p>Health Policy 218</p> <p>Health Events 218</p> <p>Blacklist 220</p> <p>Health Monitor Alerts 221</p> <p>Summary 222</p> <p>Hands-on Lab 222</p> <p>Hands-on Lab 8.1: Creating a New System Policy 223</p> <p>Hands-on Lab 8.2: Viewing Health Information 223</p> <p>Exam Essentials 223</p> <p>Review Questions 225</p> <p><b>Chapter 9 Account Management 227</b></p> <p>User Account Management 228</p> <p>Internal versus External User Authentication 229</p> <p>User Privileges 229</p> <p>Predefined User Roles 230</p> <p>Creating New User Accounts 231</p> <p>Managing User Role Escalation 237</p> <p>Configuring External Authentication 239</p> <p>Creating Authentication Objects 240</p> <p>Summary 246</p> <p>Hands-on Lab 247</p> <p>Hands-on Lab 9.1: Configuring a User in the Local Database 247</p> <p>Hands-on Lab 9.2: Configuring Permission Escalation 247</p> <p>Exam Essentials 248</p> <p>Review Questions 249</p> <p><b>Chapter 10 Device Management 251</b></p> <p>Device Management 252</p> <p>Configuring the Device on the Defense Center 254</p> <p>NAT Configuration 266</p> <p>Virtual Private Networks 267</p> <p>Point-to-Point VPN 267</p> <p>Star VPN 269</p> <p>Mesh VPN 270</p> <p>Advanced Options 270</p> <p>Summary 271</p> <p>Hands-on Labs 271</p> <p>Hands-on Lab 10.1: Creating a Device Group 272</p> <p>Hands-on Lab 10.2: Renaming the Device 272</p> <p>Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272</p> <p>Exam Essentials 273</p> <p>Review Questions 274</p> <p><b>Chapter 11 Correlation Policy 277</b></p> <p>Correlation Overview 278</p> <p>Correlation Rules, Responses, and Policies 279</p> <p>Correlation Rules 279</p> <p>Rule Options 284</p> <p>Responses 286</p> <p>Correlation Policy 291</p> <p>White Lists 295</p> <p>Traffic Profiles 301</p> <p>Summary 308</p> <p>Hands-on Lab 308</p> <p>Exam Essentials 309</p> <p>Review Questions 311</p> <p><b>Chapter 12 Advanced IPS Policy Settings 313</b></p> <p>Advanced Settings 314</p> <p>Preprocessor Alerting 316</p> <p>Application Layer Preprocessors 316</p> <p>SCADA Preprocessors 320</p> <p>Transport/Network Layer Preprocessors 320</p> <p>Specific Threat Detection 325</p> <p>Detection Enhancement 326</p> <p>Intrusion Rule Thresholds 327</p> <p>Performance Settings 327</p> <p>External Responses 330</p> <p>Summary 330</p> <p>Hands?]on Lab 331</p> <p>Hands?]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331</p> <p>Hands?]on Lab 12.2: Enabling Inline Normalization 332</p> <p>Hands?]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332</p> <p>Exam Essentials 333</p> <p>Review Questions 334</p> <p><b>Chapter 13 Creating Snort Rules 337</b></p> <p>Overview of Snort Rules 338</p> <p>Rule Headers 339</p> <p>The Rule Body 342</p> <p>Writing Rules 352</p> <p>Using the System GUI to Build a Rule 353</p> <p>Summary 355</p> <p>Exam Essentials 356</p> <p>Review Questions 357</p> <p><b>Chapter 14 FireSIGHT v5.4 Facts and Features 359</b></p> <p>Branding 360</p> <p>Simplified IPS Policy 361</p> <p>Network Analysis Policy 362</p> <p>Why Network Analysis? 365</p> <p>Access Control Policy 365</p> <p>General Settings 366</p> <p>Network Analysis and Intrusion Policies 366</p> <p>Files and Malware Settings 368</p> <p>Transport/Network Layer Preprocessor Settings 368</p> <p>Detection Enhancement Settings 368</p> <p>Performance/Latency Settings 369</p> <p>SSL Inspection 369</p> <p>SSL Objects 370</p> <p>New Rule Keywords 376</p> <p>File_type 376</p> <p>Protected_content 377</p> <p>Platform Enhancements 377</p> <p>International Enhancements 378</p> <p>Minor Changes 378</p> <p>Summary 378</p> <p>Appendix Answers to Review Questions 379</p> <p>Index 393</p>
<p><b>Todd Lammle, CCSI and SFCP (SourceFire Certified Professional), </b>is<i> the</i> authority on Cisco networking. President of GlobalNet Training & Consulting, Inc., a network integration and training firm, Todd has worked with Fortune 500 companies for nearly 35 years. His Cisco book sales have reached almost 1,000,000 copies in print. <b>John Gay</b> is a Field Security Enablement Lead with Cisco Systems. Prior to Cisco's acquisition of Sourcefire, John served as Director of Instructional Delivery. He has worked in the security industry for over 15 years. <b>Alex Tatistcheff, CISSP, GPEN, GCIH, GCIA, SFCE, </b>is currently a Network Consulting Engineer for Cisco Security Solutions specializing in FireSIGHT. Prior to Cisco's acquisition of Sourcefire, he worked for over five years as a Senior Security Instructor.
<p>Covers 100% of exam objectives, including object management, access control policy, event analysis, IPS policy interface, FIRESIGHT technologies, network-based malware detection, and much more…<br/> Includes interactive online learning environment and study tools with: <p><b>+ 2 custom practice exams<br/> + More than 100 electronic flashcards<br/> + Searchable key term glossary</b> <p><b>Your complete guide to preparing for Sourcefire IPS Exam 500-285</b> <p>The <i>SSFIPS , Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide</i> is your one-stop resource for complete coverage of Exam 500-285. This Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the SSFIPS exam smarter and faster with Sybex thanks to superior content, including an assessment test that checks exam readiness, objective map, real-world scenarios, hands-on exercises, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, accessible across multiple devices. Get prepared for the SSFIPS Exam 500-285 with Sybex. <p><b>Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:</b> <ul> <li>Applying Next-Generation Sourcefire Technology</li> <li>Configuring Application Control, Firewall, and Routing and Switching Capabilities</li> <li>Tuning Systems to Improve Performance and Network Intelligence</li> <li>Leveraging Powerful Tools for More Efficient Event Analysis</li> <li>Detecting File Type and Network-Based Malware</li> </ul> <p><b>Interactive learning environment</b> <p>Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit <b>http://sybextestbanks.wiley.com</b>, type in your unique PIN, and instantly gain access to: <ul> <li>Interactive test bank with 2 practice exams. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam. 100 questions total! <li>More than 100 Electronic Flashcards to reinforce learning and last minute prep before the exam <li>Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared </ul>

Diese Produkte könnten Sie auch interessieren:

Google Earth For Dummies
Google Earth For Dummies
von: David A. Crowder
PDF ebook
19,99 €