Learn the Cisco Self-Defending Network Solution: MARS and IPS.
This comprehensive, extensively hands-on, 5-day Authorized Cisco course is designed to provide the Security Student, Technical CSO, Security Field Engineer, or Cisco Security Services Engineer, practical design, implementation and complete analysis of the practices and components that construct the two main components of the Cisco ‘Self-Defending Network” Solution. This course adds an extra day to provide an overview of IPS 6 to the student. Experiencing the collective efforts of Cisco MARS and Cisco IPS 6.1 within a live network with additional IOS devices, both Routers and Switches, Cisco ASA5500s, and several Host Operating systems are commissioned into a ‘live’ enterprise network, each student will become intrinsically aware of how the ‘complete’ solution is used to shield today’s networks against the ever-changing landscape of threats and attacks. You will also learn to think like a hacker and be introduced to the many methods used to compromise networks. As an Interface Exclusive, live attacks will be executed against your network, demonstrating how to track, report, and to proactively defend against them.
“The Cisco Self-Defending Network protects an organization by identifying, preventing, and adapting to threats from both internal and external sources.”
Business networks of all sizes now face increasingly sophisticated attacks that can impede productivity, obstruct access to applications and resources, and cause significant communications disruption. And because of compliance regulations and consumer privacy laws, business priorities now include minimizing legal liability, protecting brand reputation, and safeguarding intellectual property.
Cisco Security Monitoring, Analysis, and Response System (MARS) is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. With MARS solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance in accordance with your security policy, PCI and/or SOX audits, as well as the pervasive nature of today’s threat landscape.
An integral part of the Cisco Self-Defending Network and Cisco Threat Control solutions, the Cisco Intrusion Prevention System (IPS) provides end-to-end protection for your network. This inline, network-based defense can identify, classify, and stop known and unknown threats, including worms, network viruses, application threats, system intrusion attempts, and application misuse.
Cisco IPS Sensors and Cisco IPS Sensor Software deliver high-performance, intelligent detection with precision response, from the network edge to the data center. This technology provides metrics in both multimedia and transactional environments, so you can anticipate true IPS performance tailored to your business. The sensors can be deployed widely and incrementally on servers and endpoints, as dedicated appliances, and as service modules on routers, switches, and firewalls. They collaborate and adapt in real time to emerging threats.
Why take your Cisco Security Training at Interface? That’s Simple. First, Interface is the only Cisco Partner in the US that refuses to use remote labs – all gear is live. Each student has a 2800 ISR Edge Router with IOS-Based IPS, a 2800 out-of-band router and switch, an ASA 5510 Appliance with an AIP-SSM IPS Module, IPS appliance, several switches, including 2960, 3560 and 6509s, and best of all, you have your own dedicated MARS appliance to experiment with first-hand. Second, the Instructor, Mike Storm is a CCIE Security, 10-year Cisco Security Specialist, NSA, PCI, CISSP and one of only two recognized ‘MARS Expert Practitioners’ in the US. His 18 years of Industry Consulting experience in Security Assessment, pen-testing and attack mitigation also adds tremendous value to the data you will learn. In security, there is no “second-chance”. Third, the Interface ‘Exclusive Labs’, greatly enhanced and anchored in your reality, set us apart from even the largest Cisco Training Partners in the world. Live attacks, accurate responses, minimization of false positives, true mitigation and a detailed focus on the signatures, engines, Event Actions, Tuning, Threat Risks and Relevancy, NetFlow traffic anomalies and the correct way to develop a security posture that you can trust. A big portion of the course is also dedicated to understanding the desirable management options for your solution; CSA MC, CSM, MARS custom report engine, IPE and ICS, to name a few. If you have ever had to defend against a ‘day-zero’ or a class 3 hacker, and must do so reliably, then this is the course for you.
Course Outline: *Interface Exclusive
MARS Specific:
Cisco Security MARS solution and its role in Cisco Threat Defense System management
Deploy Cisco Security MARS as an STM system in your network
Cisco Security MARS Configuration
Configure the network reporting devices to work with the Cisco Security MARS appliance
Configure Cisco reporting devices to work with the Cisco Security MARS appliance
Configure reporting devices from other vendors to work with the Cisco Security MARS appliance
*Distributed Threat Mitigation with Cisco IPS
Configure user-defined log parser templates on the Cisco Security Mars appliance
Cisco Security MARS Incident Investigation
Examine case management features that can capture, combine, and preserve user-selected Cisco Security MARS data within a specialized report called a case
Explore the process of incident investigation and attack mitigation in a Cisco Security MARS appliance
Configure the Cisco Security MARS appliance to send a notification
Cisco Security MARS Rules and Management
Configure a rule (or rules) that detect interesting patterns of network activity and other anomalous network behavior
Use the management features in the Cisco Security MARS appliance to add, edit, and delete event, IP addressing, service, and user information
Perform system maintenance tasks on the Cisco Security MARS appliance
Features and functions of the Cisco Security MARS Global Controller
Deploy Cisco Security MARS as an STM system in your network
Cisco Security MARS Configuration
Configure the network reporting devices to work with the Cisco Security MARS appliance
Configure Cisco reporting devices to work with the Cisco Security MARS appliance
Configure reporting devices from other vendors to work with the Cisco Security MARS appliance
*Distributed Threat Mitigation with Cisco IPS
Configure user-defined log parser templates on the Cisco Security Mars appliance
Cisco Security MARS Incident Investigation
Examine case management features that can capture, combine, and preserve user-selected Cisco Security MARS data within a specialized report called a case
Explore the process of incident investigation and attack mitigation in a Cisco Security MARS appliance
Configure the Cisco Security MARS appliance to send a notification
Cisco Security MARS Rules and Management
Configure a rule (or rules) that detect interesting patterns of network activity and other anomalous network behavior
Use the management features in the Cisco Security MARS appliance to add, edit, and delete event, IP addressing, service, and user information
Perform system maintenance tasks on the Cisco Security MARS appliance
Features and functions of the Cisco Security MARS Global Controller
IPS Specific: (1 day overview)
Intrusion Prevention Sciences and Mitigating Intruder Evasive Techniques
Installing an IPS Sensor Using the CLI
Using the Cisco IDM and IPE
Configuring Basic Sensor Settings
Configuring Cisco IPS Signatures and Alarms
Signature Engines and Customizing Signatures
Advanced Tuning of Cisco IPS Sensors
Monitoring and Managing Alarms
Event Action Rules, Risk Ratings, Risk Relevancy Ratings and Target Value Ratings
Configuring IPS Actions; Inline Deny, Session Logging, Alerting, SNMP, Blocking
Cisco IPS Sensor Maintenance
Maintaining and Managing Cisco IPS Sensors
*Scanning, Footprinting, Enumeration, Unauthorized Access, Escalation, Session Hijack, Man-in-the-middle, Data Forgery and fabrication, SQL Injections, Shell shovels, Trust Exploitation and much more.*
Installing an IPS Sensor Using the CLI
Using the Cisco IDM and IPE
Configuring Basic Sensor Settings
Configuring Cisco IPS Signatures and Alarms
Signature Engines and Customizing Signatures
Advanced Tuning of Cisco IPS Sensors
Monitoring and Managing Alarms
Event Action Rules, Risk Ratings, Risk Relevancy Ratings and Target Value Ratings
Configuring IPS Actions; Inline Deny, Session Logging, Alerting, SNMP, Blocking
Cisco IPS Sensor Maintenance
Maintaining and Managing Cisco IPS Sensors
*Scanning, Footprinting, Enumeration, Unauthorized Access, Escalation, Session Hijack, Man-in-the-middle, Data Forgery and fabrication, SQL Injections, Shell shovels, Trust Exploitation and much more.*
Prerequisites:
To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:
To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:
- Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1) and Interconnecting Cisco Networking Devices Part 2 (ICND2) or Attendance of the Interface CCNA220 course.
- Working knowledge of the Windows operating system
- Working knowledge of Cisco IOS networking and concepts
- Please bring a laptop to class if possible
*Live! Hardware:
· You will gain invaluable experience operating on a wide range of Cisco hardware; from Cisco ISRs, several models of Catalyst switches, 2960 to 6500, ASA5500s with AIP-SSM, IPS 4200 sensors, Cisco Secure MARS Appliances and multiple host systems running CSA, and CSM. All of the gear mentioned is in the room with you for you to build yourself, and each pod of 2-3 students has a full complement of the stated gear. There is ‘no such thing’ as using a remote lab at Interface.
Additional Course Logistics:
Course runs from 8:30am to 6:00pm daily, Monday – Friday
(Arrive early on Monday for Class Registration)
(Arrive early on Monday for Class Registration)
Expect to clear your schedule for the week and focus on the class. It is not uncommon for students to stay even past 6:00pm to get additional lab time.
You will be provided the following courseware:
Authorized Cisco MARS 3.0
Tools DVDs
Course Completion Certificate for Cisco MARS
Each student will be outfitted with a complete set of attack tools and management software to execute and track the attacks and the mitigation.
Tools DVDs
Course Completion Certificate for Cisco MARS
Each student will be outfitted with a complete set of attack tools and management software to execute and track the attacks and the mitigation.
You will be operating in a ‘live’ dynamic, hands-on networking environment with tons of live Cisco gear and all of the tools you need to be successful; come prepared to have a great experience and challenge yourself to learn.
Call 1-800-264-9029