Chapter 5: Implementing Intrusion Prevention

Instructor Materials – Chapter 5: Implementing Intrusion Prevention

Chapter Outline:

5.0 Introduction
5.1 IPS Technologies
5.2 IPS Signatures
5.3 Implement IPS
5.4 Summary

Section 5.1: IPS Technologies

Topic 5.1.1: IDS and IPS Characteristics

  • Zero-Day Attacks
  • Monitor for Attacks
  • Detect and Stop Attacks
  • Similarities Between IDS and IPS
  • Advantages and Disadvantages of IDS and IPS

Topic 5.1.2: Network-Based IPS Implementations

  • Host-Based and Network-Based IPS
  • Network-Based IPS Sensors
  • Cisco’s Modular and Appliance-Based IPS Solutions
  • Choose an IPS Solution
  • IPS Advantages and Disadvantages
  • Modes of Deployment

Topic 5.1.3: Cisco Switched Port Analyzer

  • Port Mirroring
  • Cisco SPAN
  • Configuring Cisco SPAN Using Intrusion Detection

Section 5.2: IPS Signatures

Topic 5.2.1: IPS Signature Characteristics

  • Signature Attributes
  • Signature Types
  • Signature File
  • Signature Micro-Engines
  • Download a Signature File

Topic 5.2.2: IPS Signature Alarms

  • Signature Alarm
  • Pattern-Based Detection
  • Anomaly-Based Detection
  • Policy-Based and Honey Pot-Based Detection
  • Benefits of the Cisco IOS IPS Solution
  • Alarm Triggering Mechanisms

Topic 5.2.3: IPS Signature Actions

  • Signature Actions
  • Manage Generated Alerts
  • Log Activities for Later Analysis
  • Deny the Activity
  • Reset, Block, and Allow Traffic

Topic 5.2.4: Manage and Monitor IPS

  • Monitor Activity
  • Monitoring Considerations
  • Secure Device Event Exchange
  • IPS Configuration Best Practices

Topic 5.2.5: IPS Global Correlation

  • Cisco Global Correlation
  • Cisco SensorBase Network
  • Cisco Security Intelligence Operation
  • Reputations, Blacklists, and Traffic Filters

Section 5.3: Implement IPS

Topic 5.3.1: Configure Cisco IOS IPS with CLI

  • Implement IOS IPS
  • Download the IOS IPS Files
  • IPS Crypto Key
  • Enable IOS IPS
  • Load the IPS Signature Package in RAM

Topic 5.3.2: Modifying Cisco IOS IPS Signatures

  • Retire and Unretire Signatures
  • Change Signature Actions

Topic 5.3.3: Verify and Monitor IPS

  • Verify IOS IPS
  • Report IPS Alerts
  • Enable SDEE

Section 5.4: Summary

Chapter Objectives:

  • Describe IPS technologies and how they are implemented.
  • Explain IPS Signatures.
  • Describe the IPS implementation process.


Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.