You are previewing CCSP IPS Quick Reference.
O'Reilly logo
CCSP IPS Quick Reference

Book Description

As a final exam preparation tool, the CCSP IPS Quick Reference provides a concise review of all objectives on the new CCSP IPS exam (642-533). This digital Short Cut provides you with detailed, graphical-based information, highlighting only the key topics in cram-style format.

With this document as your guide, you will review topics on implementing the Cisco IPS product. These fact-filled Quick Reference Sheets allow you to get all-important information at a glance, helping you to focus your study on areas of weakness and to enhance memory retention of essential exam concepts.

Table of Contents

  1. Copyright
  2. About the Author
  3. About the Technical Editor
  4. 1. Introducing Intrusion Detection and Prevention
    1. Understanding Intrusion Prevention and Detection
    2. Intrusion Prevention Versus Intrusion Detection
    3. IPS/IDS Terminology
      1. Vulnerability
      2. Exploit
      3. False Alarms
        1. False Positive
        2. False Negative
      4. True Alarms
        1. True Positive
        2. True Negative
    4. Promiscuous Versus Inline Mode
    5. Approaches to Intrusion Prevention
      1. Signature-Based
      2. Anomaly-Based
      3. Policy-Based
      4. Protocol Analysis-Based
    6. Exploring Evasive Techniques
      1. String Match
      2. Fragmentation
      3. Session
      4. Insertion
      5. Evasion
      6. TTL-Based
      7. Encryption-Based
      8. Resource Exhaustion
    7. Cisco Solutions and Products
      1. Cisco Sensor Family
    8. Sensor Software Solutions
      1. IPS Sensor Software Architecture
      2. Management Options
    9. Network IPS
    10. Host IPS
    11. Deploying Sensors
  5. 2. Installation of a Typical Sensor
    1. The Command-Line Interface (CLI)
    2. Initializing the Sensor
      1. Common CLI Configuration Tasks
    3. Using the Intrusion Prevention System Device Manager
    4. Configuring Basic Sensor Settings
      1. Configuring Allowed Hosts
      2. Setting the Time
      3. Configuring Certificates
      4. User Accounts
      5. Interface Roles
      6. Configuring Interfaces
      7. Software and Hardware Bypass Mode
      8. Viewing Events
  6. 3. Cisco Intrusion Detection and Prevention Signatures
    1. Configuring Signatures and Alerts
    2. Signature Engines
      1. Common Parameters
      2. ATOMIC
      3. FLOOD
      4. SERVICE
      5. STRING
      6. SWEEP
      7. TROJAN
      8. TRAFFIC
      9. AIC
      10. STATE
      11. META
      12. NORMALIZER
    3. Customizing Signatures
      1. Noise Reduction
      2. False-Positive Reduction
      3. False-Negative Reduction
      4. Syncing to Protected Devices
      5. Focusing IPS Sensors to Policy
      6. Performance Optimization Guidelines
  7. 4. Advanced Configurations
    1. Advanced Tuning
      1. Sensor Configurations
      2. IP Logging
      3. Reassembly Options
      4. Target Value Rating
      5. Event Variables
      6. Event Action Overrides
      7. Event Action Filters
      8. Risk Rating System
      9. General Settings for Event Action Rules
    2. Monitoring Alarms
      1. IEV
      2. Cisco Security Management Suite
      3. External Product Interface
      4. Cisco ICS
    3. Virtual Sensor Configuration
    4. Configuring Advanced Features
      1. Anomaly Detection
      2. Anomaly Detection Components
      3. Passive Operating System Fingerprinting (POSFP)
    5. Blocking
      1. Blocking Devices
      2. Blocking Device Requirements
      3. Guidelines
      4. ARC Block Actions
      5. Blocking Process
      6. Configuration Tasks
      7. Master Blocking
  8. 5. Additional Intrusion Detection and Prevention Devices
    1. IDSM-2
      1. Overview
      2. Time Configuration
      3. Installing
      4. Monitoring
    2. ASA AIP-SSM
      1. Overview
      2. Initializing the Module
  9. 6. Monitoring and Maintenance
    1. Maintaining the Sensor
      1. Licensing
      2. Upgrade and Recovery
      3. Service Packs and Signature Updates
      4. Password Recovery
      5. Restoring
      6. Backup and Restore
    2. Managing Sensors
      1. The CLI
      2. Sensor Monitoring