Name: SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 By T Lammle
SKU: 9781119155034
Availability: OutOfStock

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 Summary

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 by T Lammle

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language. Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms. * Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities * Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis * Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination * Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.

About T Lammle

Todd Lammle, CCSI and SFCP (SourceFire Certified Professional), is the authority on Cisco networking. President of GlobalNet Training & Consulting, Inc., a network integration and training firm, Todd has worked with Fortune 500 companies for nearly 35 years. His Cisco book sales have reached almost 1,000,000 copies in print. John Gay is a Field Security Enablement Lead with Cisco Systems. Prior to Cisco's acquisition of Sourcefire, John served as Director of Instructional Delivery. He has worked in the security industry for over 15 years. Alex Tatistcheff, CISSP, GPEN, GCIH, GCIA, SFCE, is currently a Network Consulting Engineer for Cisco Security Solutions specializing in FireSIGHT. Prior to Cisco's acquisition of Sourcefire, he worked for over five years as a Senior Security Instructor.

Introduction xv Assessment Test xxv Chapter 1 Getting Started with FireSIGHT 1 Industry Terminology 2 Cisco Terminology 3 FirePOWER and FireSIGHT 3 Out with the Old 4 Appliance Models 5 Hardware vs. Virtual Devices 6 Device Models 6 Defense Center Models 7 FireSIGHT Licensing 8 License Dependencies 9 Network Design 9 Inline IPS 10 Passive IPS 11 Router, Switch, and Firewall 11 Policies 12 The User Interface 13 Initial Appliance Setup 14 Setting the Management IP 15 Initial Login 15 Summary 17 Hands-on Lab 17 Review Questions 19 Chapter 2 Object Management 21 What Are Objects? 22 Getting Started 23 Network Objects 25 Individual Network Objects 25 Network Object Groups 25 Security Intelligence 26 Blacklist and Whitelist 26 Sourcefire Intelligence Feed 27 Custom Security Intelligence Objects 28 Port Objects 29 VLAN Tag 30 URL Objects and Site Matching 31 Application Filters 33 Variable Sets 35 File Lists 39 Security Zones 41 Geolocation 43 Summary 44 Hands-on Lab 45 Exam Essentials 49 Review Questions 51 Chapter 3 IPS Policy Management 53 IPS Policies 54 Default Policies 55 Policy Layers 56 Creating a Policy 57 Policy Editor 58 Summary 65 Hands-on Labs 65 Hands-on Lab 3.1: Creating an IPS Policy 66 Hands-on Lab 3.2: Viewing Connection Events 66 Exam Essentials 66 Review Questions 68 Chapter 4 Access Control Policy 71 Getting Started with Access Control Policies 72 Security Intelligence Lists 75 Blacklists, Whitelists, and Alerts 76 Security Intelligence Page Specifics 77 Configuring Security Intelligence 79 Access Control Rules 86 Access Control UI Elements 86 Rule Categories 88 A Simple Policy 97 Saving and Applying 98 Summary 100 Hands ]on Lab 100 Exam Essentials 104 Review Questions 105 Chapter 5 FireSIGHT Technologies 107 FireSIGHT Technologies 108 Network Discovery Policy 109 Discovery Information 114 User Information 120 Host Attributes 124 Summary 126 Hands-on Labs 126 Hands-on Lab 5.1: Configuring a Discovery Policy 127 Hands-on Lab 5.2: Viewing Connection Events 127 Hands-on Lab 5.3: Viewing the Network Map 127 Hands-on Lab 5.4: Creating Host Attributes 128 Exam Essentials 128 Review Questions 130 Chapter 6 Intrusion Event Analysis 133 Intrusion Analysis Principles 134 False Positives 134 False Negatives 135 Possible Outcomes 135 The Goal of Analysis 136 The Dashboard and Context Explorer 136 Intrusion Events 141 An Introduction to Workflows 141 The Time Window 142 The Analysis Screen 145 The Caveat 154 Rule Comment 168 Summary 175 Hands ]on Lab 175 Exam Essentials 177 Review Questions 178 Chapter 7 Network ]Based Malware Detection 181 AMP Architecture 182 SHA ]256 183 Spero Analysis 183 Dynamic Analysis 183 Retrospective Events 184 Communications Architecture 184 File Dispositions 185 File Disposition Caching 185 File Policy 185 Advanced Settings 186 File Rules 187 File Types and Categories 191 File and Malware Event Analysis 193 Malware Events 194 File Events 196 Captured Files 197 Network File Trajectory 199 Context Explorer 203 Summary 204 Hands ]on Lab 204 Exam Essentials 205 Review Questions 206 Chapter 8 System Settings 209 User Preferences 210 Event Preferences 211 File Preferences 211 Default Time Windows 211 Default Workflows 212 System Configuration 212 System Policy 215 Health 217 Health Monitor 217 Health Policy 218 Health Events 218 Blacklist 220 Health Monitor Alerts 221 Summary 222 Hands-on Lab 222 Hands-on Lab 8.1: Creating a New System Policy 223 Hands-on Lab 8.2: Viewing Health Information 223 Exam Essentials 223 Review Questions 225 Chapter 9 Account Management 227 User Account Management 228 Internal versus External User Authentication 229 User Privileges 229 Predefined User Roles 230 Creating New User Accounts 231 Managing User Role Escalation 237 Configuring External Authentication 239 Creating Authentication Objects 240 Summary 246 Hands-on Lab 247 Hands-on Lab 9.1: Configuring a User in the Local Database 247 Hands-on Lab 9.2: Configuring Permission Escalation 247 Exam Essentials 248 Review Questions 249 Chapter 10 Device Management 251 Device Management 252 Configuring the Device on the Defense Center 254 NAT Configuration 266 Virtual Private Networks 267 Point-to-Point VPN 267 Star VPN 269 Mesh VPN 270 Advanced Options 270 Summary 271 Hands-on Labs 271 Hands-on Lab 10.1: Creating a Device Group 272 Hands-on Lab 10.2: Renaming the Device 272 Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272 Exam Essentials 273 Review Questions 274 Chapter 11 Correlation Policy 277 Correlation Overview 278 Correlation Rules, Responses, and Policies 279 Correlation Rules 279 Rule Options 284 Responses 286 Correlation Policy 291 White Lists 295 Traffic Profiles 301 Summary 308 Hands-on Lab 308 Exam Essentials 309 Review Questions 311 Chapter 12 Advanced IPS Policy Settings 313 Advanced Settings 314 Preprocessor Alerting 316 Application Layer Preprocessors 316 SCADA Preprocessors 320 Transport/Network Layer Preprocessors 320 Specific Threat Detection 325 Detection Enhancement 326 Intrusion Rule Thresholds 327 Performance Settings 327 External Responses 330 Summary 330 Hands ]on Lab 331 Hands ]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331 Hands ]on Lab 12.2: Enabling Inline Normalization 332 Hands ]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332 Exam Essentials 333 Review Questions 334 Chapter 13 Creating Snort Rules 337 Overview of Snort Rules 338 Rule Headers 339 The Rule Body 342 Writing Rules 352 Using the System GUI to Build a Rule 353 Summary 355 Exam Essentials 356 Review Questions 357 Chapter 14 FireSIGHT v5.4 Facts and Features 359 Branding 360 Simplified IPS Policy 361 Network Analysis Policy 362 Why Network Analysis? 365 Access Control Policy 365 General Settings 366 Network Analysis and Intrusion Policies 366 Files and Malware Settings 368 Transport/Network Layer Preprocessor Settings 368 Detection Enhancement Settings 368 Performance/Latency Settings 369 SSL Inspection 369 SSL Objects 370 New Rule Keywords 376 File-type 376 Protected-content 377 Platform Enhancements 377 International Enhancements 378 Minor Changes 378 Summary 378 Appendix Answers to Review Questions 379 Index 393

Additional information

Sku

CIN1119155037G

ISBN 13

9781119155034

ISBN 10

1119155037

Title

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 by T Lammle

Author

T Lammle

Condition

Used - Good

Binding type

Paperback

Publisher

John Wiley & Sons Inc

Year published

20151204

Number of pages

432

Prizes

N/A

Cover note

Book picture is for illustrative purposes only, actual binding, cover or edition may vary.

Note

This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in good condition, but if you are not entirely satisfied please get in touch with us

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 T Lammle

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 by T Lammle

Summary

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 Summary

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285 by T Lammle

About T Lammle

Table of Contents

Additional information

Customer Reviews - SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide - Exam 500-285