Ssfips Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide: Exam 500-285 (Paperback)

· 제목 : Ssfips Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide: Exam 500-285 (Paperback) 
· 분류 : 외국도서 > 컴퓨터 > 자격증 > 자격증 일반
· ISBN : 9781119155034
· 쪽수 : 432쪽

Introduction xv

Assessment Test xxv

Chapter 1 Getting Started with FireSIGHT 1

Industry Terminology 2

Cisco Terminology 3

FirePOWER and FireSIGHT 3

Out with the Old… 4

Appliance Models 5

Hardware vs. Virtual Devices 6

Device Models 6

Defense Center Models 7

FireSIGHT Licensing 8

License Dependencies 9

Network Design 9

Inline IPS 10

Passive IPS 11

Router, Switch, and Firewall 11

Policies 12

The User Interface 13

Initial Appliance Setup 14

Setting the Management IP 15

Initial Login 15

Summary 17

Hands-on Lab 17

Review Questions 19

Chapter 2 Object Management 21

What Are Objects? 22

Getting Started 23

Network Objects 25

Individual Network Objects 25

Network Object Groups 25

Security Intelligence 26

Blacklist and Whitelist 26

Sourcefire Intelligence Feed 27

Custom Security Intelligence Objects 28

Port Objects 29

VLAN Tag 30

URL Objects and Site Matching 31

Application Filters 33

Variable Sets 35

File Lists 39

Security Zones 41

Geolocation 43

Summary 44

Hands-on Lab 45

Exam Essentials 49

Review Questions 51

Chapter 3 IPS Policy Management 53

IPS Policies 54

Default Policies 55

Policy Layers 56

Creating a Policy 57

Policy Editor 58

Summary 65

Hands-on Labs 65

Hands-on Lab 3.1: Creating an IPS Policy 66

Hands-on Lab 3.2: Viewing Connection Events 66

Exam Essentials 66

Review Questions 68

Chapter 4 Access Control Policy 71

Getting Started with Access Control Policies 72

Security Intelligence Lists 75

Blacklists, Whitelists, and Alerts 76

Security Intelligence Page Specifics 77

Configuring Security Intelligence 79

Access Control Rules 86

Access Control UI Elements 86

Rule Categories 88

A Simple Policy 97

Saving and Applying 98

Summary 100

Handsi¿½]on Lab 100

Exam Essentials 104

Review Questions 105

Chapter 5 FireSIGHT Technologies 107

FireSIGHT Technologies 108

Network Discovery Policy 109

Discovery Information 114

User Information 120

Host Attributes 124

Summary 126

Hands-on Labs 126

Hands-on Lab 5.1: Configuring a Discovery Policy 127

Hands-on Lab 5.2: Viewing Connection Events 127

Hands-on Lab 5.3: Viewing the Network Map 127

Hands-on Lab 5.4: Creating Host Attributes 128

Exam Essentials 128

Review Questions 130

Chapter 6 Intrusion Event Analysis 133

Intrusion Analysis Principles 134

False Positives 134

False Negatives 135

Possible Outcomes 135

The Goal of Analysis 136

The Dashboard and Context Explorer 136

Intrusion Events 141

An Introduction to Workflows 141

The Time Window 142

The Analysis Screen 145

The Caveat 154

Rule Comment 168

Summary 175

Handsi¿½]on Lab 175

Exam Essentials 177

Review Questions 178

Chapter 7 Networki¿½]Based Malware Detection 181

AMP Architecture 182

SHAi¿½]256 183

Spero Analysis 183

Dynamic Analysis 183

Retrospective Events 184

Communications Architecture 184

File Dispositions 185

File Disposition Caching 185

File Policy 185

Advanced Settings 186

File Rules 187

File Types and Categories 191

File and Malware Event Analysis 193

Malware Events 194

File Events 196

Captured Files 197

Network File Trajectory 199

Context Explorer 203

Summary 204

Handsi¿½]on Lab 204

Exam Essentials 205

Review Questions 206

Chapter 8 System Settings 209

User Preferences 210

Event Preferences 211

File Preferences 211

Default Time Windows 211

Default Workflows 212

System Configuration 212

System Policy 215

Health 217

Health Monitor 217

Health Policy 218

Health Events 218

Blacklist 220

Health Monitor Alerts 221

Summary 222

Hands-on Lab 222

Hands-on Lab 8.1: Creating a New System Policy 223

Hands-on Lab 8.2: Viewing Health Information 223

Exam Essentials 223

Review Questions 225

Chapter 9 Account Management 227

User Account Management 228

Internal versus External User Authentication 229

User Privileges 229

Predefined User Roles 230

Creating New User Accounts 231

Managing User Role Escalation 237

Configuring External Authentication 239

Creating Authentication Objects 240

Summary 246

Hands-on Lab 247

Hands-on Lab 9.1: Configuring a User in the Local Database 247

Hands-on Lab 9.2: Configuring Permission Escalation 247

Exam Essentials 248

Review Questions 249

Chapter 10 Device Management 251

Device Management 252

Configuring the Device on the Defense Center 254

NAT Configuration 266

Virtual Private Networks 267

Point-to-Point VPN 267

Star VPN 269

Mesh VPN 270

Advanced Options 270

Summary 271

Hands-on Labs 271

Hands-on Lab 10.1: Creating a Device Group 272

Hands-on Lab 10.2: Renaming the Device 272

Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272

Exam Essentials 273

Review Questions 274

Chapter 11 Correlation Policy 277

Correlation Overview 278

Correlation Rules, Responses, and Policies 279

Correlation Rules 279

Rule Options 284

Responses 286

Correlation Policy 291

White Lists 295

Traffic Profiles 301

Summary 308

Hands-on Lab 308

Exam Essentials 309

Review Questions 311

Chapter 12 Advanced IPS Policy Settings 313

Advanced Settings 314

Preprocessor Alerting 316

Application Layer Preprocessors 316

SCADA Preprocessors 320

Transport/Network Layer Preprocessors 320

Specific Threat Detection 325

Detection Enhancement 326

Intrusion Rule Thresholds 327

Performance Settings 327

External Responses 330

Summary 330

Handsi¿½]on Lab 331

Handsi¿½]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331

Handsi¿½]on Lab 12.2: Enabling Inline Normalization 332

Handsi¿½]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332

Exam Essentials 333

Review Questions 334

Chapter 13 Creating Snort Rules 337

Overview of Snort Rules 338

Rule Headers 339

The Rule Body 342

Writing Rules 352

Using the System GUI to Build a Rule 353

Summary 355

Exam Essentials 356

Review Questions 357

Chapter 14 FireSIGHT v5.4 Facts and Features 359

Branding 360

Simplified IPS Policy 361

Network Analysis Policy 362

Why Network Analysis? 365

Access Control Policy 365

General Settings 366

Network Analysis and Intrusion Policies 366

Files and Malware Settings 368

Transport/Network Layer Preprocessor Settings 368

Detection Enhancement Settings 368

Performance/Latency Settings 369

SSL Inspection 369

SSL Objects 370

New Rule Keywords 376

File_type 376

Protected_content 377

Platform Enhancements 377

International Enhancements 378

Minor Changes 378

Summary 378

Appendix Answers to Review Questions 379

Index 393