> Includes interactive online learning environment and study tools with: + 2 custom practice exams + More than 100 electronic flashcards + Searchable key term glossary Your complete guide to preparing for Sourcefire IPS Exam 500-285 The SSFIPS, Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide is your one-stop resource for complete coverage of Exam 500-285. This Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the SSFIPS exam smarter and faster with Sybex thanks to superior content, including an assessment test that checks exam readiness,…mehr
> Includes interactive online learning environment and study tools with: + 2 custom practice exams + More than 100 electronic flashcards + Searchable key term glossary Your complete guide to preparing for Sourcefire IPS Exam 500-285 The SSFIPS, Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide is your one-stop resource for complete coverage of Exam 500-285. This Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the SSFIPS exam smarter and faster with Sybex thanks to superior content, including an assessment test that checks exam readiness, objective map, real-world scenarios, hands-on exercises, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, accessible across multiple devices. Get prepared for the SSFIPS Exam 500-285 with Sybex. Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for: * Applying Next-Generation Sourcefire Technology * Configuring Application Control, Firewall, and Routing and Switching Capabilities * Tuning Systems to Improve Performance and Network Intelligence * Leveraging Powerful Tools for More Efficient Event Analysis * Detecting File Type and Network-Based Malware Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit http: //sybextestbanks.wiley.com, type in your unique PIN, and instantly gain access to: * Interactive test bank with 2 practice exams. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam. 100 questions total! * More than 100 Electronic Flashcards to reinforce learning and last minute prep before the exam * Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully preparedHinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Todd Lammle, CCSI and SFCP (SourceFire Certified Professional), is the authority on Cisco networking. President of GlobalNet Training & Consulting, Inc., a network integration and training firm, Todd has worked with Fortune 500 companies for nearly 35 years. His Cisco book sales have reached almost 1,000,000 copies in print. John Gay is a Field Security Enablement Lead with Cisco Systems. Prior to Cisco's acquisition of Sourcefire, John served as Director of Instructional Delivery. He has worked in the security industry for over 15 years. Alex Tatistcheff, CISSP, GPEN, GCIH, GCIA, SFCE, is currently a Network Consulting Engineer for Cisco Security Solutions specializing in FireSIGHT. Prior to Cisco's acquisition of Sourcefire, he worked for over five years as a Senior Security Instructor.
Inhaltsangabe
Introduction xv Assessment Test xxv Chapter 1 Getting Started with FireSIGHT 1 Industry Terminology 2 Cisco Terminology 3 FirePOWER and FireSIGHT 3 Out with the Old... 4 Appliance Models 5 Hardware vs. Virtual Devices 6 Device Models 6 Defense Center Models 7 FireSIGHT Licensing 8 License Dependencies 9 Network Design 9 Inline IPS 10 Passive IPS 11 Router, Switch, and Firewall 11 Policies 12 The User Interface 13 Initial Appliance Setup 14 Setting the Management IP 15 Initial Login 15 Summary 17 Hands-on Lab 17 Review Questions 19 Chapter 2 Object Management 21 What Are Objects? 22 Getting Started 23 Network Objects 25 Individual Network Objects 25 Network Object Groups 25 Security Intelligence 26 Blacklist and Whitelist 26 Sourcefire Intelligence Feed 27 Custom Security Intelligence Objects 28 Port Objects 29 VLAN Tag 30 URL Objects and Site Matching 31 Application Filters 33 Variable Sets 35 File Lists 39 Security Zones 41 Geolocation 43 Summary 44 Hands-on Lab 45 Exam Essentials 49 Review Questions 51 Chapter 3 IPS Policy Management 53 IPS Policies 54 Default Policies 55 Policy Layers 56 Creating a Policy 57 Policy Editor 58 Summary 65 Hands-on Labs 65 Hands-on Lab 3.1: Creating an IPS Policy 66 Hands-on Lab 3.2: Viewing Connection Events 66 Exam Essentials 66 Review Questions 68 Chapter 4 Access Control Policy 71 Getting Started with Access Control Policies 72 Security Intelligence Lists 75 Blacklists, Whitelists, and Alerts 76 Security Intelligence Page Specifics 77 Configuring Security Intelligence 79 Access Control Rules 86 Access Control UI Elements 86 Rule Categories 88 A Simple Policy 97 Saving and Applying 98 Summary 100 Hands?]on Lab 100 Exam Essentials 104 Review Questions 105 Chapter 5 FireSIGHT Technologies 107 FireSIGHT Technologies 108 Network Discovery Policy 109 Discovery Information 114 User Information 120 Host Attributes 124 Summary 126 Hands-on Labs 126 Hands-on Lab 5.1: Configuring a Discovery Policy 127 Hands-on Lab 5.2: Viewing Connection Events 127 Hands-on Lab 5.3: Viewing the Network Map 127 Hands-on Lab 5.4: Creating Host Attributes 128 Exam Essentials 128 Review Questions 130 Chapter 6 Intrusion Event Analysis 133 Intrusion Analysis Principles 134 False Positives 134 False Negatives 135 Possible Outcomes 135 The Goal of Analysis 136 The Dashboard and Context Explorer 136 Intrusion Events 141 An Introduction to Workflows 141 The Time Window 142 The Analysis Screen 145 The Caveat 154 Rule Comment 168 Summary 175 Hands?]on Lab 175 Exam Essentials 177 Review Questions 178 Chapter 7 Network?]Based Malware Detection 181 AMP Architecture 182 SHA?]256 183 Spero Analysis 183 Dynamic Analysis 183 Retrospective Events 184 Communications Architecture 184 File Dispositions 185 File Disposition Caching 185 File Policy 185 Advanced Settings 186 File Rules 187 File Types and Categories 191 File and Malware Event Analysis 193 Malware Events 194 File Events 196 Captured Files 197 Network File Trajectory 199 Context Explorer 203 Summary 204 Hands?]on Lab 204 Exam Essentials 205 Review Questions 206 Chapter 8 System Settings 209 User Preferences 210 Event Preferences 211 File Preferences 211 Default Time Windows 211 Default Workflows 212 System Configuration 212 System Policy 215 Health 217 Health Monitor 217 Health Policy 218 Health Events 218 Blacklist 220 Health Monitor Alerts 221 Summary 222 Hands-on Lab 222 Hands-on Lab 8.1: Creating a New System Policy 223 Hands-on Lab 8.2: Viewing Health Information 223 Exam Essentials 223 Review Questions 225 Chapter 9 Account Management 227 User Account Management 228 Internal versus External User Authentication 229 User Privileges 229 Predefined User Roles 230 Creating New User Accounts 231 Managing User Role Escalation 237 Configuring External Authentication 239 Creating Authentication Objects 240 Summary 246 Hands-on Lab 247 Hands-on Lab 9.1: Configuring a User in the Local Database 247 Hands-on Lab 9.2: Configuring Permission Escalation 247 Exam Essentials 248 Review Questions 249 Chapter 10 Device Management 251 Device Management 252 Configuring the Device on the Defense Center 254 NAT Configuration 266 Virtual Private Networks 267 Point-to-Point VPN 267 Star VPN 269 Mesh VPN 270 Advanced Options 270 Summary 271 Hands-on Labs 271 Hands-on Lab 10.1: Creating a Device Group 272 Hands-on Lab 10.2: Renaming the Device 272 Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272 Exam Essentials 273 Review Questions 274 Chapter 11 Correlation Policy 277 Correlation Overview 278 Correlation Rules, Responses, and Policies 279 Correlation Rules 279 Rule Options 284 Responses 286 Correlation Policy 291 White Lists 295 Traffic Profiles 301 Summary 308 Hands-on Lab 308 Exam Essentials 309 Review Questions 311 Chapter 12 Advanced IPS Policy Settings 313 Advanced Settings 314 Preprocessor Alerting 316 Application Layer Preprocessors 316 SCADA Preprocessors 320 Transport/Network Layer Preprocessors 320 Specific Threat Detection 325 Detection Enhancement 326 Intrusion Rule Thresholds 327 Performance Settings 327 External Responses 330 Summary 330 Hands?]on Lab 331 Hands?]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331 Hands?]on Lab 12.2: Enabling Inline Normalization 332 Hands?]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332 Exam Essentials 333 Review Questions 334 Chapter 13 Creating Snort Rules 337 Overview of Snort Rules 338 Rule Headers 339 The Rule Body 342 Writing Rules 352 Using the System GUI to Build a Rule 353 Summary 355 Exam Essentials 356 Review Questions 357 Chapter 14 FireSIGHT v5.4 Facts and Features 359 Branding 360 Simplified IPS Policy 361 Network Analysis Policy 362 Why Network Analysis? 365 Access Control Policy 365 General Settings 366 Network Analysis and Intrusion Policies 366 Files and Malware Settings 368 Transport/Network Layer Preprocessor Settings 368 Detection Enhancement Settings 368 Performance/Latency Settings 369 SSL Inspection 369 SSL Objects 370 New Rule Keywords 376 File_type 376 Protected_content 377 Platform Enhancements 377 International Enhancements 378 Minor Changes 378 Summary 378 Appendix Answers to Review Questions 379 Index 393