The document discusses Cisco IPSv7.0 and covers several topics:
- An overview of the IPSv7.0 exam topics and preparation strategies.
- Introduction to intrusion prevention and detection, including deployment options for Cisco IPS sensors.
- Applying Cisco IPS security policies through configuration of virtual sensors and event actions.
- Managing IPS sensors through the CLI, IDM, and IME and maintaining sensors through software updates.
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsCisco DevNet
This talk discusses the problems of secure API development and how nation states break into Fortune 500 computers and what application developers can/need to do so that their applications don’t get broken in to and how products like Cisco's CCS Nimbus is protected from these problems. it also discusses the secure administration of systems like CCS as sysAdmins and their credentials are the #1 target for these types of attacks.
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsCisco DevNet
This talk discusses the problems of secure API development and how nation states break into Fortune 500 computers and what application developers can/need to do so that their applications don’t get broken in to and how products like Cisco's CCS Nimbus is protected from these problems. it also discusses the secure administration of systems like CCS as sysAdmins and their credentials are the #1 target for these types of attacks.
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabCisco Canada
The Network Service Orchestrator (NSO) is a multi-vendor network orchestrator developed by Tail-f, a recent Cisco acquisition in the area of network management and orchestration. This 4hs session will give an introduction to the NCS system and show hands-on the tool and its different interfaces: network-wide CLI, REST API, etc. Participants will also create one basic network services models using the YANG language.
Application layer Security in IoT: A SurveyAdeel Ahmed
Internet of Things (IoT) is the future as we are
advancing towards an era of intelligent ambiance where daily
life objects will be communicating to each other for the sake of
convenience in our lives. But the comfort as a result of technology
demands certain measures for the safety of these devices from
wrong hands. The issue of security remains hot as we step further
in this vast area of technological advancement since it can directly
influence one’s personal security. Different techniques have been
adopted to incorporate security in IoT communication stack
for the purpose of confidentiality, identification, data integrity,
authentication, authorization and non-repudiation which are
the fundamental security traits worth considering. This paper
discusses the different application layer protocols by comparing
them on the basis of these traits.
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Checkpoint Firewall Training designed comprehensive technical course with IT professionals. Get Best Checkpoint Firewall Online course at Global Trainings.
For more details contact us @: +91 40 6050 1418
CHECKPOINT FIREWALL ONLINE TRAINING COURSE CONTENT
INTRODUCTION ABOUT THE CHECKPOINT FIREWALL TRAINING
Introduction to the Checkpoint firewall
Modular nature of the Checkpoint firewall
Functionalities of the Management
The FW-1 & GUI modules
CHECKPOINT INSTALLATION TYPES
The Hardware platform
Checkpoint Rule base concepts – Checkpoint Firewall Training
The IP spoofing
INSTALLATION OF THE CHECKPOINT ON SPLAT
Initial configuration of the Splat
Web access to the Checkpoint-Checkpoint Firewall Training
Download & Installation of smart console
ACCESSING THE CHECKPOINT THROUGH SMARTDASHBOARD
Checkpoint objects description
Anti-spoofing configuration-Checkpoint Firewall Training
NAT Configuration
FILTER CONFIGURATION
The URL Filtering
The Antivirus inspection
Content Analysis
CHECKPOINT FIREWALL TRAINING USER AUTHENTICATION
The User Authentication
The Session Authentication
The Client Authentication
IPSEC VPN
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Deploying Next Generation Firewalling with ASA - CXCisco Canada
This presentation will explain the technology and capabilities behind Cisco’s new context aware firewall: Cisco ASA–CX. We will introduce a new approach to firewall policy creation based on contextual attributes such as: user identity, device type and application usage.
Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:
• The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
• New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
• StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
• User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.
Today connected devices are everywhere, where we expect a massive growth over the upcoming years. What are connected devices (IOT)? It connects people to machines, machines to machines and shares data both people and machines create. However, why should you care about security?
This presentation walks you through why connected devices (IOT) are being targeted, what typically goes wrong during development making these devices vulnerable to attacks and whats next...
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabCisco Canada
The Network Service Orchestrator (NSO) is a multi-vendor network orchestrator developed by Tail-f, a recent Cisco acquisition in the area of network management and orchestration. This 4hs session will give an introduction to the NCS system and show hands-on the tool and its different interfaces: network-wide CLI, REST API, etc. Participants will also create one basic network services models using the YANG language.
Application layer Security in IoT: A SurveyAdeel Ahmed
Internet of Things (IoT) is the future as we are
advancing towards an era of intelligent ambiance where daily
life objects will be communicating to each other for the sake of
convenience in our lives. But the comfort as a result of technology
demands certain measures for the safety of these devices from
wrong hands. The issue of security remains hot as we step further
in this vast area of technological advancement since it can directly
influence one’s personal security. Different techniques have been
adopted to incorporate security in IoT communication stack
for the purpose of confidentiality, identification, data integrity,
authentication, authorization and non-repudiation which are
the fundamental security traits worth considering. This paper
discusses the different application layer protocols by comparing
them on the basis of these traits.
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Checkpoint Firewall Training designed comprehensive technical course with IT professionals. Get Best Checkpoint Firewall Online course at Global Trainings.
For more details contact us @: +91 40 6050 1418
CHECKPOINT FIREWALL ONLINE TRAINING COURSE CONTENT
INTRODUCTION ABOUT THE CHECKPOINT FIREWALL TRAINING
Introduction to the Checkpoint firewall
Modular nature of the Checkpoint firewall
Functionalities of the Management
The FW-1 & GUI modules
CHECKPOINT INSTALLATION TYPES
The Hardware platform
Checkpoint Rule base concepts – Checkpoint Firewall Training
The IP spoofing
INSTALLATION OF THE CHECKPOINT ON SPLAT
Initial configuration of the Splat
Web access to the Checkpoint-Checkpoint Firewall Training
Download & Installation of smart console
ACCESSING THE CHECKPOINT THROUGH SMARTDASHBOARD
Checkpoint objects description
Anti-spoofing configuration-Checkpoint Firewall Training
NAT Configuration
FILTER CONFIGURATION
The URL Filtering
The Antivirus inspection
Content Analysis
CHECKPOINT FIREWALL TRAINING USER AUTHENTICATION
The User Authentication
The Session Authentication
The Client Authentication
IPSEC VPN
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Deploying Next Generation Firewalling with ASA - CXCisco Canada
This presentation will explain the technology and capabilities behind Cisco’s new context aware firewall: Cisco ASA–CX. We will introduce a new approach to firewall policy creation based on contextual attributes such as: user identity, device type and application usage.
Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:
• The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
• New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
• StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
• User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.
Today connected devices are everywhere, where we expect a massive growth over the upcoming years. What are connected devices (IOT)? It connects people to machines, machines to machines and shares data both people and machines create. However, why should you care about security?
This presentation walks you through why connected devices (IOT) are being targeted, what typically goes wrong during development making these devices vulnerable to attacks and whats next...
Understanding and Troubleshooting ASA NATCisco Russia
Презентация с вебинара, организованного в рамках сообщества Cisco Support Community.
Приглашаем Вас на другие мероприятия Cisco Support Community, а также к участию в жизни нашего сообщества технической поддержки Cisco:
http://cs.co/CSCRu
PCI DSS Simplified: What You Need to KnowAlienVault
Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements.
Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to:
Achieve, demonstrate and maintain PCI DSS compliance
Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform
Implement effective incident response with emerging threat intelligence
Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.
The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks.
http://www.pass4surebraindumps.com/640-554.html
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
Pervasive Security Across Your Extended NetworkCisco Security
There are many ways attackers can access your network. Keep yours safe before, during, and after an attack with best-in-class Cisco Security designed to protect your business data. Learn more at http://cs.co/9009BJ8o3
While vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization's attack surface: known vulnerabilities in applications that are built in-house.
For any organization managed security services play an important role in enhancing the security posture, alerting against top vulnerabilities along with rapid and anywhere deployment.
The presentation on Security Testing / IoT Testing in Real World was done during #ATAGTR2017, one of the largest global testing conference. All copyright belongs to the author.
Author and presenter : Aditya Upadhya
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
CCNP Security-IPS
1. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 1
IPSV7.0
Agenda:
• CCNP Security IPSv7 Exam Topics Review
• Introduction to Intrusion Prevention & Detection
• Installing and Maintaining Cisco IPS Sensors
• Applying Cisco IPS Security Policies
• Deploying Anomaly-based Operation
• Managing & Analyzing Events
• Deploying Virtualization, High Availability, and High
Performance Solutions
• Configuring and Maintaining Specific Cisco IPS Hardware
2. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 2
IPSv7.0 Exam Topics Review:
• Approximately 90 minute exam
• 60-70 questions
• Register with Pearson Vue
–http://www.vue.com/cisco
• Exam cost is $200.00 US
• Question Types
–Multiple-choice single answer
–Multiple-choice multiple answer
–Drag-and-drop
–Fill-in-the-blank
–Testlet / Simlet / Simulations
• Rule out the nonsense
• Look for the best answer when multiple exist
• Look for subtle keys
• Narrow it down
• Relate to how the device works
• Don’t waste too much time
3. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 3
Preparing for the IPS Exam:
• Recommended reading
–CCNP Security IPS 642-627 Official Cert Guide
–CCSP books are still good for reference
–Cisco IPS 7.0 Configuration Guide
• Cisco learning network
www.cisco.com/go/learnnetspace
• Practical experience
–Real equipment
–IDM in demo mode
IPSv7.0 Exam Topics:
• Pre-Production Design
• Choose Cisco IPS technologies to implement High Level Design
• Choose Cisco products to implement High Level Design
• Choose Cisco IPS features to implement High Level Design
• Integrate Cisco network security solutions with other security technologies
• Create and test initial Cisco IPS configurations for new devices/services
• Complex Support Operations
• Optimize Cisco IPS security infrastructure device performance
• Create complex network security rules, to meet the security policy requirements
• Configure and verify the IPS features to identify threats and dynamically block
them from entering the network
• Maintain, update and tune IPS signatures
• Use CSM and MARS for IPS management, deployment, and advanced event
correlation.
• Optimize security functions, rules, and configuration
• Advanced Troubleshooting
• Advanced Cisco IPS security software configuration fault finding and repairing
• Advanced Cisco IPS sensor and module hardware fault finding and repairing
4. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 4
Introduction to Intrusion Prevention and
Detection:
The Evolution of Internet A Shift to Financial Gain
Top-Ten Cyber Security Menaces:
•Sophisticated website attacks
•Increasing botnet sophistication and effectiveness
•Growing cyber espionage
•Emerging mobile phone threats
•Insider attacks
•Advanced identity theft
•Increasingly malicious spyware
•Web application security exploits
•Sophisticated social engineering
•Supply-chain attacks infecting consumer devices
5. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 5
Cisco Intrusion Prevention Services:
•Intelligent Detection
• Vulnerability and Exploit specific Signatures
• Traffic and Protocol Anomaly Detection
• Knowledge base Anomaly Detection
• Reputation Filters
•Precision Response
• Risk Management-based Policy
• Global Correlation adding reputation
• On-box Correlation through Meta Event Generator
• “Trustworthiness” Linkages with the Endpoint
•Flexible Deployment
• Passive and/or Inline with Flexible Response (IDS/IPS)
• Sensor Virtualization
• Physical and logical (VLAN) interface support
• Software and Hardware bypass
Cisco Security Intelligence Operations:
6. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 6
Cisco IPS Intelligent Detection Capabilities: Vulnerability
and Exploit-Based Signatures:
Cisco IPS Product Portfolio: Integrated Security Across the
Network:
7. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 7
Cisco IPS 4200 Series Sensors Comparison:
8. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 8
AIP-SSM Module:
Catalyst 6500 IDSM2:
9. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 9
Cisco IPS Architecture:
10. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 10
Packet Flow in IPS v7.0:
• IPS Reputation Filters block access to IP’s on stolen ‘zombie’
networks or networks controlled entirely by malicious organizations.
• Global Correlation Inspection raises the Risk Rating of events when
the attacker has a negative reputation allowing those events to be
blocked more confidently and more often than an event without
negative reputation.
• IPS Version 7.0 software permits a device to do promiscuous mode
and inline mode simultaneously, which allows some segments to be
monitored for IDS only while other segments use IPS protection.
Overview of Intrusion Detection Systems (IDS):
11. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 11
IDS Option 1: Single Interface:
Spanning traffic to the IPS 4200
IDS option 2: VLAN Groups:
12. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 12
Overview of Intrusion Prevention Systems (IPS):
IPS Option 1 : Interface Pairing:
Interface Pairing
• Bump in the Wire (intelligent wire)
• Two physical Interfaces
• Switch Ports configured as Access Ports or Trunk
13. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 13
IPS Option 2 : VLAN on-a-Stick:
VLAN-on-a-Stick
• VLAN Mapping
• One Physical Interface configured as Trunk
IPS Option 3 : VLAN Groups:
14. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 14
IPS in ASA Appliance:
• ASA redirects traffic to IPS Service Module
• Module can be used as IDS (promiscous) or IPS (inline)
• Virtual Sensor and Failure Policy can be defined
Areas of Network IPS or IDS Deployment:
15. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 15
Key Terms & Acronyms:
Vulnerability: A vulnerability is a weakness that compromises
the security or functionality of a particular system in your
network.
Exploit: An exploit is a mechanism designed to take advantage
of vulnerabilities that exist in your systems.
Signature: A signature is a set of instructions the sensor uses
to identify an unwanted traffic type.
False Alarms: False alarms are IDS/IPS events that you do not
want occurring in your implementation. The two types of false
alarms are false positives and false negatives. Both are
undesirable.
True Alarms: The two types of true alarms in IDS/IPS
terminology are true positive and true negative. Both are
desirable.
16. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 16
Security Controls:
• False Positive
– A false positive means that an alert has been triggered, but it was for
traffic that does not constitute an actual attack.
• False Negative
–A false negative occurs when attack traffic does not trigger an alert on
the IDS/IPS device. This is often viewed as the worst type of
false alarm.
• True Positive
–A true positive means that the IDS/IPS device recognized and
responded to an attack.
• True Negative
–This means that non offending or benign traffic did not trigger an alarm.
Approaches to Intrusion Prevention:
• Signature Based
• Anomaly Based
• Policy Based
• Protocol Analysis Based
• Reputation Based
17. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 17
Version 7.0 of the Cisco IPS Sensor Software adds many new
features, including the following:
■ Virtualization support: Allows different policies for different segments
that are being monitored by a single sensor.
■ New signature engines: Additions that cover Server Message Block and
Transparent Network Substrate traffic.
■ Passive operating system fingerprinting: A set of features that enables
Cisco IPS to identify the operating system of the
victim of an attack.
■ Improved risk and threat rating system: The risk rating helps with
alerts and is now based on many different components
to improve the sensor’s performance and operation.
■ Global correlation: Allows the sensor to take stronger preventive action
against traffic originating from hosts with a negative
reputation score.
■ Reputation filtering: Blocks all network traffic originating from hosts with
the worst reputations.
■ Enhanced health and performance monitoring: Allows the IPS
administrator to better monitor the performance of the
sensors.
■ IPv6 detection and prevention: The ability to analyze both IPv4 and
IPv6 network traffic.
■ Cisco Intrusion Prevention System Manager Express (IME): A new
and improved GUI for management and monitoring
of multiple IPS devices.
■ Anomaly detection: Designed to detect worm-infested hosts.
18. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 18
Cisco Sensor Family
The Cisco sensor family includes the following devices:
■ Cisco IDS 4240 sensor
■ Cisco IPS 4255 sensor
■ Cisco IPS 4260 sensor
■ Cisco IPS 4270 sensor
■ Cisco Catalyst 6500 series IDSM-2
■ Cisco ASA AIP-SSM-10
■ Cisco ASA AIP-SSM-20
■ Cisco ASA AIP-SSM-40
■ Cisco AIM IPS module for ISR routers
■ Cisco NME IPS module for ISR routers
Management Options:
For a single device (element management), options include
the following:
■ Command-line interface (CLI)
■ Cisco IPS Device Manager (IDM)
■ Cisco IPS Manager Express (IME)
For multiple-device management, options include the
following:
■ Cisco IPS Manager Express (IME), for one to ten sensors
■ Cisco Security Manager (CSM), for one or many sensors
■ Cisco Security Monitoring, Analysis, and Response System
(MARS)
19. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 19
Deploying Sensors:
Consider these technical factors when selecting sensors for
deployment in an organization:
■ The network media in use.
■ The performance of the sensor.
■ The overall network design.
■ The IPS design: Will the sensor analyze and protect many systems, or
just a few?
■ Virtualization: Will multiple virtual sensors be created in the sensor?
The CLI can be used to
■ Initialize the sensor
■ Configure
■ Administer
■ Troubleshoot
■ Monitor
Initializing the Sensor:
The setup command at the CLI walks you through initialization. You
can do the following:
■ Assign a hostname to the sensor. This is case sensitive. It defaults to
sensor.
■ Assign an IP address to the command and control interface. The default is
10.1.9.201/24.
■ Assign a default gateway. The default is 10.1.9.1.
■ Enable or disable the Telnet server. Telnet is disabled by default.
■ Specify the web server port. The default is 443.
■ Create network access control lists (ACL) that can access the sensor for
management.
■ Configure the date and time.
■ Configure the sensor interfaces.
■ Configure virtual sensors. This enables the configuration of promiscuous
and inline interface pairs.
■ Configure threat prevention. An event action override denies high-risk
network traffic with a risk rating of 90 to 100. This
option lets you disable this feature.
20. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 20
Initial Setup of IPS Appliance:
• CLI wizard performs basic configuration to allow network
connectivity for the GUI.
Threat and Risk Rating:
21. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 21
Calculating Threat and Risk:
• RR = [(ASR x TVR x SFR) / 10,000] + ARR – PD + WLR
Example:
–ASR = 75 , SFR = 90 , PD = 0 (inline mode) , TVR = 100 , ARR =
10 , and WLR = 0
–RR = [ (75 x 100 x 90) / 10,000] + 10 – 0 + 0 = 78
• TR = RR – Threat Rating Adjustment
– Configuration > Policies > Event Action Rules > rules0 pane and
click on General tab
Real-Time Risk-based Policy: Risk Rating and IPS
Policy
• A quantitative measure of each threat before IPS
mitigation.
22. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 22
Threat Rating: Post-policy Evaluation of Incident
Urgency
23. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 23
Where do I configure actions ?
Actions are configured in 3 different places :
– The signature itself where you define the default response if this
signature is triggered
– The Event overwrite will allow the system to add actions depending
of the risk rating
– The Event action filters where the system will be able to remove
actions depending of several parameters like the sig ID, the addresses
of the attacker or victims…
Master engine : Event Actions
24. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 24
Installing and Maintaining Cisco IPS
Sensors:
IPS Deployment Options:
■ Promiscuous mode: In this mode, packets do not flow through
the sensor. Instead, packets are copied to the interface from a
network device. This is also known as IDS mode.
■ Inline Interface Pairing mode: Traffic passes through the sensor,
from one interface to another. Two monitoring interfaces must be
configured as a pair. The sensor functions as a Layer 2 bridge for
this traffic.
■ Inline VLAN Pairing mode: Here, the monitoring interface acts as
an 802.1Q trunk port. The sensor bridges between pairs of VLANs
on the trunk.
■ VLAN Group mode: Each physical interface can be divided into
VLAN group subinterfaces. This enables you to use a sensor with
only a few interfaces as if it had many interfaces.
Cisco IPS Sensor Promiscuous Mode Deployment:
25. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 25
Cisco IPS Sensor Inline Interface Mode Deployment:
Cisco IPS Sensor Inline VLAN Pair Mode Deployment:
26. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 26
Cisco IPS Sensor Inline VLAN Group Mode Deployment:
Cisco IPS Sensor Selective Inline Analysis Mode
Deployment:
27. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 27
Applying Cisco IPS Security Policies:
IPS 4200 Appliance Management Interface:
• IPS 4200 Sensor managed through out-of-band interface
• IPS Management uses SSH or HTTPS ( SDEE )
Assigning Virtual Sensor:
Both IDS and IPS require assignment of Virtual Sensor
....even if only one Virtual Sensor ( e.g. vs0 ) is used !
28. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 28
IPv6 and Cisco IPS:
• IPv6 is default for Windows 2008,
Vista and Windows 7!
• Can analyze native IPv6 Traffic
• Can detect IPv6 tunneled traffic
• IPS Tuning can be done on IPv4
and IPv6 traffic simultaneously
Usage of Dual-Stack on all Engines Service HTTP:
29. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 29
Usage of Dual-Stack on all Engines String TCP with
Custom Signature
Deploying Anomaly-Based Operation:
Signature:
•A Signature is used to detect a potential threat.
•Cisco Signatures are vulnerability focused, not exploit focused
• We need different types of Signatures. To match these
signatures efficiently against the type of traffic, we are using
different Engines.
• There are several signatures status :
• Retired vs. Active
• Disable vs. Enable
30. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 30
Types of Signatures:
• Three types of Signatures
–Default – Included in the sensor software.
– <ID Range is 1,000 – 59,000>
–Tuned – Built in signatures that the user/administrator modifies.
–Custom – New signatures that the user/administrator modifies.
– <Customer ID Range is 60,000-65000>
What Is an Engine ?
•A signature engine is a component of the Cisco IPS that is
designed to support many signatures in a certain category.
•An engine is composed of a parser and an inspector
•Each engine has a set of parameters that have allowable
ranges or sets of values.
31. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 31
The Different Engine Families:
•Atomic engine – looking at attacks in a single packet
•Flooding – Specialised in attacks that involve flooding of
hosts with packets
•String – Looking for Patterns across several packets
•Sweep – Specialised in attacks that involve scanning of
hosts and ports
•Anomaly detection – Baselining the traffic first and looking
for threshholds
•Services Engines – Specialised engines looking at
services like DNS, HTTP, FTP,…
•And many others....
• ATOMIC signature engines are
■ ATOMIC ARP
■ ATOMIC IP
■ ATOMIC IP ADVANCED
■ ATOMIC IPv6
• The FIXED engines are
■ STRING ICMP
■ STRING TCP
■ STRING UDP
• FLOOD signature engines are
■ FLOOD NET
■ FLOOD HOST
32. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 32
• SERVICE signature engines are
■ SERVICE DNS
■ SERVICE FTP
■ SERVICE FTP V2
■ SERVICE GENERIC
■ SERVICE GENERIC ADVANCED
■ SERVICE H225
■ SERVICE HTTP and etc…
• The STRING engines are
■ STRING ICMP
■ STRING ICMP XL
■ STRING TCP
■ STRING TCP XL
■ STRING UDP
■ STRING UDP XL
■ MULTI STRING
What is the difference between STRING and FIXED engines?
FIXED differs from STRING signatures in that FIXED signatures
watch all TCP/UDP ports, whereas STRING watch only defined ports.
• The SWEEP engines are
■ SWEEP
■ SWEEP OTHER TCP
• TROJAN engines are:
■ TROJAN BO2K examines UDP and TCP traffic for Back Orifice.
■ TROJAN TFN2K examines UDP, TCP, or ICMP traffic for irregular
traffic patterns and corrupted headers.
■ TROJAN UDP examines UDP traffic for Trojan attacks.
33. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 33
Normalizer Module:
Normalizer Engine Signatures:
• The normalizer signatures are designed for inline mode only
• These signatures perform several tasks, including:
–Watch for packets with illegal combinations of flags
–Watch for bad checksums
–Watch for TCP segment overrides
–Watch for fragmented traffic
–Much more
• The normalizer denies or fixes abnormal packets
34. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 34
TCP Normalization – How:
Layer 4 protection
• Strict tracking of TCP state
• Strict tracking of sequence numbers (including support for
PAWS checks)
• Best effort tracking of previous data seen for un-acked
inspected content (prevents/detects overwrites in the TCP
sequence space)
• Checksums and invalid TCP flags
• Ability to modify TTLs to monotonically decrease or remain
steady over the life of the flow
• URG pointer normalization
Real-Time Anomaly Detection for Day Zero Threats:
• Anomaly Detection algorithms to detect and stop Day-Zero
threats
• Real-time learning of normal network behavior
• Automatic detection and policy-based protection from
anomalous threats to the network
• Result: Protection against attacks for which there is no
signature
35. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 35
Protocol-Anomaly Detection:
36. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 36
37. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 37
Managing and Analyzing Events:
Cisco IPS Manager Express (IME) All-inOne IPS
Management Application for up to 10 IPS Sensors
38. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 38
CSM 4.3 – IPS Configuration:
• Centrally manage multiple physical and virtual Sensors
• Tune policies
• Create custom Signatures
• Track Policy Change
• Update Signatures and Software for IPS Sensors
39. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 39
CSM 4.3 – Event logging and filtering:
• Log and monitor all IPS Events
• Granular Filtering and searching through events
• Customizable view
• Event to Policy mapping
40. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 40
CSM 4.3 – Reporting:
• Tactical Reporting
• Export to PDF or CSV
• Schedule Reports
• Customizable Graph and Data
41. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 41
CSM 4.3 – Health Monitoring:
• Monitor IPS Systems for throughput, CPU, memory,
number of events, status of hardware,...
• Get Alert when status is changing
IPS Sensor Management:
42. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 42
Deploying Virtualization, High Availability,
and High Performance Solutions
Flexible Deployment: Sensor Virtualization:
43. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 43
How to place a Sensor into such an Environment ?
44. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 44
Introducing Cisco Nexus 1000V for VMware ESX
Simplifying Virtual Machine & Network policy
management:
• Policy Based VM Connectivity
–Mobility of Network & Security Properties
• Virtual Center integration for server administrators
• Cisco NX-OS environment for Network administrators
• Ensures visibility & policy enforcement during VMotion
• Compatible with any switching platform
SPAN Technologies Overview:
• Local SPAN Mirrors traffic from one or more interfaces or VLANs
on the switch to one or more other interfaces (or a service
module) on the same switch.
• Remote SPAN (RSPAN) Mirrors traffic from one or more
interfaces or VLANs on the switch to a special RSPAN VLAN,
which carries the traffic across a Layer 2 switched network to one
or more other switches. The other switches mirror the traffic from
the RSPAN VLAN to one or more of their local interfaces (or
service modules).
• Encapsulated Remote SPAN (ERSPAN) Mirrors traffic from one
or more interfaces or VLANs on the switch into an IP GRE
tunnel, which carries the traffic across an arbitrary Layer 3
network to another device. If the destination is another ERSPAN-
capable switch, it decapsulates the monitored packets and
mirrors them to one or more of its local interfaces (or service
modules).
45. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 45
How to place a Sensor into such an Environment ?
Server Virtualization IDS and ERSPAN:
Ethernet Network Policy
•Take a Copy of Traffic from Servers and Switch to Appliance
•IPS appliances analyze Server traffic and log activity
Nexus 1000v Makes this possible
• ERSPAN Set Port-Profile w/ Switch port SPAN session IP SPAN traffic
to 6500
• SPAN to connected 4200-IPS
• Permit protocol type header “0x88BE” for ERSPAN GRE
46. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 46
ERSPAN:
Sample Config for ERSPAN on N1K:
47. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 47
IPS in virtualized DC:
• Use cases
– Protect Serverfarms through IPS
– Monitoring / Alarming through IPS in IDS Mode
• Products
–Cisco IPS 4260 / 4270 Appliance as:
IPS: via external Service Chassis
IDS: via SPAN Technology
–Cisco ASA IPS SSM for ASA 5585-X as IPS-only
–Cisco IDSM2 Switchmodule as
IPS: via external Service Chassis
IDS: via Switch internal SPAN Session
IDSM2 only availabe for Cat6K, no N7K module
High Availability and Scaling:
•Fail-open (Fail-Safe) techniques: Hardware or software
that functions to detect problems and pass packets through
the device without inspection when required
•Fail-secure (Fail-Closed) techniques: Hardware or
software techniques that will stop forwarding any packets if
IPS fails
•Failover: One or more paths through the network to allow
packets, in the event of a device failure, to either go
through a backup IPS sensor or through a plain wire
•Load Balancing: Using devices or software features to
split a traffic load up across multiple devices. This can
achieve both higher data rates and redundant paths in case
of failure
48. These slides taken from Cisco live 2012 & 3/20/2014
Eng. Mohannad Alhanahnah 48
Configuring and Maintaining Specific
Cisco IPS Hardware
Cisco IPS Sensor Initial Setup and Management:
•Using basic Cisco IPS CLI features.
•Configure and verify basic Cisco IPS sensor parameters.
•Configuring and Verify the Cisco IDM features and properties.
•Troubleshoot the initial configuration of the sensor.
•Troubleshoot basic Cisco IPS hardware problems.
•Restoring the Cisco IPS to it’s default configuration.
•Managing Cisco Licenses and Software
•Software Upgrade and Recovery
•Updates and Installation of IPS Signatures
•Managing Access & Password Recovery on the Cisco IPS Sensor.
•Using the CLI & IDM to perform sensor management and monitoring.
Applying Cisco IPS Security Policies:
•Deploying and managing Cisco IPS Sensor basic traffic
analysis.
•Virtual sensor setup
•Traffic Normalization
•IPv6 Support
•Bypass mode
•Deploying and Managing basic aspects of Cisco IPS signatures
and responses.
•Signatures (types, features, properties, and actions).
•IP Logging and Filters
•Evaluating the Cisco IPS signature engines and built-in
signature database.
•Deploying and managing Cisco IPS anomaly-based detection
features.