Submit Search
Upload
Ccna sv2 instructor_ppt_ch5
•
Download as PPTX, PDF
•
0 likes
•
96 views
S
SalmenHAJJI1
Follow
CCNA security chapitre 5
Read less
Read more
Internet
Report
Share
Report
Share
1 of 70
Download now
Recommended
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
Babaa Naya
Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
SalmenHAJJI1
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
SalmenHAJJI1
Recommended
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
Babaa Naya
Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2
SalmenHAJJI1
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
SalmenHAJJI1
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
SalmenHAJJI1
Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11
SalmenHAJJI1
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
Babaa Naya
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
Rassul Ismailov
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Yuichi Ito
CCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
MOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talk
Jeff Squyres
Cisco asa cx firwewall
Cisco asa cx firwewall
Anwesh Dixit
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Bill McGee
CV Steve Shawcross
CV Steve Shawcross
steve shaw-cross
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Alfredo Boiero Sanders
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
Priyanka Aash
Cisco ASA Firepower
Cisco ASA Firepower
Anwesh Dixit
CCNP Security-Secure
CCNP Security-Secure
mohannadalhanahnah
Infrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and Faults
Diego Kreutz
Cisco ASA con fire power services
Cisco ASA con fire power services
Felipe Lamus
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
Westermo Network Technologies
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
Cisco Canada
Icnd210 s04l02
Icnd210 s04l02
computerlenguyen
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
SalmenHAJJI1
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1
newbie2019
More Related Content
What's hot
Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11
SalmenHAJJI1
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
Babaa Naya
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
Rassul Ismailov
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Yuichi Ito
CCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
MOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talk
Jeff Squyres
Cisco asa cx firwewall
Cisco asa cx firwewall
Anwesh Dixit
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Bill McGee
CV Steve Shawcross
CV Steve Shawcross
steve shaw-cross
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Alfredo Boiero Sanders
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
Priyanka Aash
Cisco ASA Firepower
Cisco ASA Firepower
Anwesh Dixit
CCNP Security-Secure
CCNP Security-Secure
mohannadalhanahnah
Infrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and Faults
Diego Kreutz
Cisco ASA con fire power services
Cisco ASA con fire power services
Felipe Lamus
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
Westermo Network Technologies
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
Cisco Canada
Icnd210 s04l02
Icnd210 s04l02
computerlenguyen
What's hot
(20)
Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
CCNP Security-Firewall
CCNP Security-Firewall
MOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talk
Cisco asa cx firwewall
Cisco asa cx firwewall
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
CV Steve Shawcross
CV Steve Shawcross
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
Cisco ASA Firepower
Cisco ASA Firepower
CCNP Security-Secure
CCNP Security-Secure
Infrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and Faults
Cisco ASA con fire power services
Cisco ASA con fire power services
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
Icnd210 s04l02
Icnd210 s04l02
Similar to Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
SalmenHAJJI1
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1
newbie2019
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8
newbie2019
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9
SalmenHAJJI1
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum
It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11
newbie2019
Next Generation Security
Next Generation Security
Cisco Canada
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
mohamedabdelwahed68
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
Creating the Workplace of Tomorrow
Creating the Workplace of Tomorrow
Cisco Canada
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptx
RichardChecca1
From Air Gap to Air Control
From Air Gap to Air Control
EnergySec
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
Mail.ru Group
Chapter 4 Network Access
Chapter 4 Network Access
newbie2019
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd
It nv51 instructor_ppt_ch7
It nv51 instructor_ppt_ch7
newbie2019
Security and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA Cyber Security
Internet of everything
Internet of everything
Jayesh Pai
Similar to Ccna sv2 instructor_ppt_ch5
(20)
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11
Next Generation Security
Next Generation Security
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Creating the Workplace of Tomorrow
Creating the Workplace of Tomorrow
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptx
From Air Gap to Air Control
From Air Gap to Air Control
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
Chapter 4 Network Access
Chapter 4 Network Access
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
It nv51 instructor_ppt_ch7
It nv51 instructor_ppt_ch7
Security and Virtualization in the Data Center
Security and Virtualization in the Data Center
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
Internet of everything
Internet of everything
Recently uploaded
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
babeytanya
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
Fs
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
divyansh0kumar0
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
3sw2qly1
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
ys8omjxb
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
Milind Agarwal
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Fs
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
ishabajaj13
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
divyansh0kumar0
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
furqan222004
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
Fs
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
bigorange77
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
akbard9823
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
MartaLoveguard
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
vipmodelshub1
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Fs
Recently uploaded
(20)
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Ccna sv2 instructor_ppt_ch5
1.
CCNA Security v2.0 Chapter
5: Implementing Intrusion Prevention
2.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 2 5.0 Introduction 5.1 IPS Technologies 5.2 IPS Signatures 5.3 Implement IPS 5.4 Summary
3.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 3 Upon completion of this section, you should be able to: • Explain zero-day attacks. • Understand how to monitor, detect and stop attacks. • Describe the advantages and disadvantages of IDS and IPS.
4.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 4
5.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 5
6.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 6 Advantages of an IDS: • Works passively • Requires traffic to be mirrored in order to reach it • Network traffic does not pass through the IDS unless it is mirrored
7.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 7 IPS: • Implemented in an inline mode • Monitors Layer 3 and Layer 4 traffic • Can stop single packet attacks from reaching target • Responds immediately, not allowing any malicious traffic to pass
8.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 8
9.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 9 Advantages IDS: • No impact on network • No network impact if there is a sensor failure • No network impact if there is a sensor overload Advantages IPS: • Stops trigger packets • Can use stream normalization techniques Disadvantages IDS: • Response action cannot stop trigger • Correct tuning required for response actions • More vulnerable to network security evasion techniques Disadvantages IPS: • Sensor issues might affect network traffic • Sensor overloading impacts the network • Some impact on network
10.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 10
11.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 11
12.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 12
13.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 13 Cisco IPS AIM and Network Module Enhanced (IPS NME) Cisco ASA AIP-SSM Cisco IPS 4300 Series Sensors Cisco Catalyst 6500 Series IDSM-2
14.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 14 Factors affecting the IPS sensor selection and deployment: • Amount of network traffic • Network topology • Security budget • Available security staff to manage IPS
15.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 15
16.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 16 Inline Mode Promiscuous Mode
17.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 17
18.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 18 Traffic Sniffing Using a Switch Traffic Sniffing Using a Hub
19.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 19
20.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 20 Cisco SPAN Commands: • Monitor session command – used to associate a source port and a destination port with a SPAN session. • Show monitor command – used to verify the SPAN session.
21.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 21 Upon completion of the section, you should be able to: • Understand IPS signature characteristics • Explain IPS signature alarms • Manage and monitor IPS • Understand the global correlation of Cisco IPS devices
22.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 22
23.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 23 A signature is a set of rules that an IDS and an IPS use to detect typical intrusion activity. Signatures have three distinct attributes: • Type • Trigger (alarm) • Action
24.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 24 Signatures are categorized as either: • Atomic – this simplest type of signature consists of a single packet, activity, or event that is examined to determine if it matches a configured signature. If yes, an alarm is triggered and a signature action is performed. • Composite – this type of signature identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time.
25.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 25 • As new threats are identified, new signatures must be created and uploaded to an IPS. • A signature file contains a package of network signatures.
26.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 26 Cisco IOS defines five micro-engines: • Atomic – Signatures that examine simple packets. • Service – Signatures that examine the many services that are attacked. • String - Signatures that use regular expression-based patterns to detect intrusions. • Multi-string – Supports flexible pattern matching and Trend Labs signatures. • Other – Internal engine that handles miscellaneous signatures.
27.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 27
28.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 28
29.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 29
30.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 30
31.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 31
32.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 32
33.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 33 Benefits: • It uses underlying routing infrastructure to provide an additional layer of security. • It is inline and is supported on a broad range of routing platforms. • It provides threat protection at all entry points to the network when used in combination with Cisco IDS, Cisco IOS Firewall, VPN, and NAC solutions • The size of the signature database used by the devices can be adapted to the amount of available memory in the router.
34.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 34 Understanding Alarm Types:
35.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 35
36.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 36 Summary of Action Categories:
37.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 37 Generating an Alert:
38.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 38 Logging the Activity:
39.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 39 Dropping or Preventing the Activity:
40.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 40 Resetting the Connection and Blocking the Activity:
41.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 41
42.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 42 IPS Planning and Monitoring Considerations: • Management method • Event correlation • Security staff • Incident response plan
43.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 43
44.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 44
45.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 45
46.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 46
47.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 47 Goals of global correlation: • Dealing intelligently with alerts to improve effectiveness • Improving protection against known malicious sites • Sharing telemetry data with the SensorBase Network to improve visibility of alerts and sensor actions on a global scale • Simplifying configuration settings • Automatic handling of security information uploads and downloads
48.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 48
49.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 49 Network participation gathers the following data: • Signature ID • Attacker IP address • Attacker port • Maximum segment size • Victim IP address • Victim port • Signature version • TCP options string • Reputation score • Risk rating
50.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 50
51.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 51
52.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 52 Upon completion of this section, you should be able to: • Understand how to configure Cisco IOS IPS with CLI • Explain how to verify and monitor IPS
53.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 53
54.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 54 Step 1. Download the IOS IPS files. Step 2. Create an IOS IPS configuration directory in Flash. Step 3. Configure an IOS IPS crypto key. Step 4. Enable IOS IPS. Step 5. Load the IOS IPS signature package to the router.
55.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 55
56.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 56
57.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 57
58.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 58
59.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 59
60.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 60
61.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 61 Retiring an Individual Signature: Retiring a Signature Category:
62.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 62
63.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 63
64.
Cisco Public© 2013
Cisco and/or its affiliates. All rights reserved. 64
65.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 65 Show commands to verify the IOS IPS configuration: • show ip ips • show ip ips all • show ip ips configuration • show ip ips interfaces • show ip ips signatures • show ip ips statistics Clear commands to disable IPS: • clear ip ips configuration • clear ip ips statistics
66.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 66
67.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 67
68.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 68 Chapter Objectives: • Describe IPS technologies and how they are implemented. • Explain IPS Signatures. • Describe the IPS implementation process.
69.
Thank you.
70.
© 2013 Cisco
and/or its affiliates. All rights reserved. Cisco Public 70 • Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) • These resources cover a variety of topics including navigation, assessments, and assignments. • A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2
Editor's Notes
5.1.1.1 Zero Day Attacks
5.1.1.2 Monitor for Attacks
5.1.1.3 Detect and Stop Attacks
5.1.1.4 Similarities Between IDS and IPS
5.1.1.5 Advantages and Disadvantages of IDS and IPS
5.1.2.1 Host-Based and Network-Based IPS
5.1.2.2 Network-Based IPS Sensors
5.1.2.3 Cisco’s Modular and Appliance-Based IPS Solutions, Figures 1 - 4 5.1.2.4 Cisco’s Modular and Appliance-Based IPS Solutions (Cont.)
5.1.2.5 Choose an IPS Solution
5.1.2.6 IPS Advantages and Disadvantages
5.1.2.7 Modes of Deployment
5.1.3.1 Port Mirroring
5.1.3.2 Cisco SPAN
5.1.3.3 Configuring Cisco SPAN Using Intrusion Detection
5.2.1.1 Signature Attributes
5.2.1.2 Signature Types
5.2.1.3 Signature File
5.2.1.4 Signature Micro-Engines
5.2.1.5 Acquire the Signature File 5.2.1.6 Activity – Identify IPS Signature Type
5.2.2.1 Signature Alarm
5.2.2.2 Pattern-Based Detection
5.2.2.3 Anomaly-Based Detection
5.2.2.4 Policy-Based and Honey Pot-Based Detection
5.2.2.5 Benefits of the Cisco IOS IPS Solution
5.2.2.6 Alarm Triggering Mechanisms 5.2.2.7 Activity – IPS Signature Alarms
5.2.3.1 Signature Actions
5.2.3.2 Manage Generated Alerts
5.2.3.3 Log Activities for Later Analysis
5.2.3.4 Deny the Activity
5.2.3.5 Reset, Block, and Allow Traffic 5.2.3.6 Activity – Identify the IPS Signature Action
5.2.4.1 Monitor Activity
5.2.4.2 Monitoring Considerations
5.2.4.3 Secure Device Event Exchange
5.2.4.4 IPS Configuration Best Practices
5.2.5.1 Cisco Global Correlation
5.2.5.2 Cisco SensorBase Network
5.2.5.3 Cisco Security Intelligence Operation
5.2.5.4 Reputations, Blacklists, and Traffic Filters 5.2.5.5 Reputations, Blacklists, and Traffic Filters (Cont.)
5.2.5.4 Reputations, Blacklists, and Traffic Filters 5.2.5.5 Reputations, Blacklists, and Traffic Filters (Cont.)
5.3.1.1 Implement IOS IPS
5.3.1.2 Download the IOS IPS Files 5.3.1.3 IPS Crypto Key 5.3.1.4 Enable IOS IPS 5.3.1.5 Load the IPS Signature Package in RAM
Page 5.3.1.3
Page 5.3.1.4
Page 5.3.1.4 (cont.)
5.3.1.5 Load the IPS Signature Package in RAM
5.3.1.5 Load the IPS Signature Package in RAM (Cont.) 5.3.1.6 Activity – Implementing IPS
5.3.2.1 Retire and Unretire Signatures
5.3.2.2 Change Signature Actions
5.3.3.1 Verify IOS IPS
5.3.3.2 Report IPS Alerts
5.3.3.3 Enable SDEE
5.4.1.1 Packet Tracer – Configure an IOS IPS Using CLI 5.4.1.2 Lab – Configure an IOS IPS Using CLI
https://www.netacad.com
Download now