SITCS v1.5 - Implementing Cisco Threat Control Solutions

Networking/Server/Operating Systems
Schedules
Optional
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Description

This course provides network professional with the knowledge to implement Cisco FirePOWER NGIPS (Next-Generation Intrusion Prevention System) and Cisco AMP (Advanced Malware Protection), as well as Web Security, Email Security and Cloud Web Security. You will gain hands-on experience configuring various advance Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall.

Objectives

After completing this course the student should be able to:

  • Describe and implement Cisco Web Security Appliance
  • Describe and implement Cloud Web Security
  • Describe and implement Cisco Email Security Appliance
  • Describe and implement Advanced Malware Protection
  • Describe and implement Cisco FirePOWER Next-Generation IPS
  • Describe and implement Cisco ASA FirePOWER Services Module

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • CCNA Security or valid CCSP or any CCIE certification can act as a prerequisite.

Outline

Module 1: Cisco Web Security Appliance

  • Lesson 1: Describing the Cisco Web Security Appliance Solutions
    • Cisco Modular Network Architecture and Cisco WSA
    • Cisco WSA Overview
    • Cisco WSA Architecture
    • Cisco WSA Malware Detection and Protection
    • Cisco Web-Based Reputation Score
    • Cisco WSA Acceptable Use Policy Enforcement
    • Cisco WSA GUI Management
    • Cisco WSA Committing the Configuration Changes
    • Cisco WSA Policy Types Overview
    • Cisco WSA Access Policies
    • Cisco WSA Identity: To Whom Does This Policy Apply?
    • Cisco WSA Identity Example
    • Cisco WSA Policy Assignment Using Identity
    • Cisco WSA Identity and Authentication
    • Cisco WSA Policy Trace Tool
    • Challenge

  • Lesson 2: Integrating the Cisco Web Security Appliance
    • Explicit vs. Transparent Proxy Mode
    • Explicit Proxy Mode
    • PAC Files
    • PAC File Deployment Options
    • PAC File Hosting on Cisco WSA
    • Traffic Redirection In Transparent Mode
    • Connecting the Cisco WSA to a WCCP Router
    • Verifying WCCP
    • Challenge

  • Lesson 3: Configuring Cisco Web Security Appliance Identities and User Authentication Controls
    • Configure Identities to Group Client Transactions
    • Configure Policy Groups
    • The Need for User Authentication
    • Authentication Protocols and Schemes
    • Basic Authentication in Explicit Proxy and Transparent Proxy Mode
    • Configure Realms and Realm Sequences
    • Configure NTLM Realm for Active Directory
    • Join Cisco WSA to Active Directory
    • Configure Global Authentication Settings
    • Configure an Identity to Require Authentication (Basic or NTLMSSP)
    • Configure an Identity to Require Transparent User Identification
    • Configure LDAP Realm for LDAP Servers
    • Define How User Information Is Stored in LDAP
    • Bind Cisco WSA to the LDAP Directory
    • LDAP Group Authorization
    • Allowing Guest Access to Users Who Fail Authentication
    • Testing Authentication Settings
    • Authenticated Users in Reports
    • Challenge

  • Lesson 4: Configuring Cisco Web Security Appliance Acceptable Use Controls
    • Acceptable Use Controls
    • URL Categorizing Process
    • Application Visibility and Control Overview
    • Streaming Media Bandwidth Control Overview
    • Enable Acceptable Use Controls
    • Using the Policies Table
    • Configure URL Filtering
    • Enable Safe Search and Site Content Ratings
    • Configure Custom URL Categories
    • URL Category Reports
    • Configuring AVC
    • Configure Media Bandwidth Limits
    • AVC Reports
    • Challenge

  • Lesson 5: Configuring Cisco Web Security Appliance Anti-Malware Controls
    • Dynamic Vectoring and Streaming Engine Overview
    • Contrast Webroot with Sophos or McAfee Malware Scanning
    • Adaptive Scanning Overview
    • Web Reputation Filtering Overview
    • Enable Web Reputation Filtering, Adaptive Scanning and Malware Scanning
    • Configure Inbound Web Reputation Filtering and Malware Scanning
    • Configure Outbound Malware Scanning
    • Malware Reports
    • Challenge

  • Lesson 6: Configuring Cisco Web Security Appliance Decryption
    • HTTPS Proxy Operations Overview
    • Enable HTTPS Proxy
    • Invalid Destination Web Server Certificate Handling
    • Configure Decryption Policies
    • Challenge

  • Lesson 7: Configuring Cisco Web Security Appliance Data Security Controls
    • Cisco WSA Data Security Overview
    • Data Security Policies
    • Control Uploaded Content
    • External Data Loss Prevention
    • Add an ICAP Server
    • Challenge

Module 2: Cisco Cloud Web Security

  • Lesson 1: Describing the Cisco Cloud Web Security Solutions
    • Cisco Modular Network Architecture and Cisco Cloud Web Security (CWS)
    • Cisco Cloud Web Security Overview
    • Cisco Cloud Web Security Traffic Flow Overview
    • Cisco Cloud Web Security URL Filtering, AVC, and Reporting Features Overview
    • Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview
    • Cisco ScanCenter Overview
    • Challenge

  • Lesson 2: Configuring Cisco Cloud Web Security Connectors
    • Cisco Cloud Web Security Traffic Redirection Overview
    • Cisco Cloud Web Security Authentication Key
    • Authentication Key Generation from the Cisco ScanCenter
    • Verifying Traffic Redirection to CWS Using Special URL
    • Cisco ASA Cloud Web Security Overview
    • Cisco ASA Cloud Web Security Basic Configuration Using ASDM
    • Cisco ASA Cloud Web Security Basic Configuration Using the CLI
    • Cisco ASA Cloud Web Security Configuration with the Whitelist and Identity Options Using the CLI
    • Verifying Cisco ASA Cloud Web Security Operations Using the Cisco ASDM
    • Verifying Cisco ASA Cloud Web Security Operations Using the CLI
    • Cisco AnyConnect Web Security Module Overview
    • Cisco AnyConnect Web Security Module for Standalone Use Overview
    • Configure Cisco AnyConnect Web Security Module for Standalone Use
    • Configure Cisco ASA to Download the Web Security Module to the Client Machine
    • Verifying Cisco AnyConnect Web Security Module Operations
    • Cisco ISR G2 Cloud Web Security Overview
    • Cisco ISR G2 Cloud Web Security Configuration
    • Cisco ISR G2 Cloud Web Security Verification
    • Cisco WSA Cloud Web Security Overview
    • Challenge

  • Lesson 3: Describing the Web Filtering Policy in Cisco ScanCenter
    • ScanCenter Web Filtering Policy Overview
    • ScanCenter Web Filtering Policy Configuration HTTPS Inspection Configuration Overview
    • ScanCenter Web Filtering Verification
    • ScanCenter Web Filtering Reporting
    • Challenge

Module 3: Cisco Email Security Appliance

  • Lesson 1: Describing the Cisco Email Security Solutions
    • Cisco Modular Network Architecture and Cisco ESA
    • Cisco Hybrid Email Security Solution Overview
    • SMTP Terminologies
    • SMTP Flow
    • SMTP Conversation
    • Cisco ESA Services Overview
    • Cisco ESA GUI Management
    • Cisco ESA Committing the Configuration Changes
    • Cisco ESA Licensing
    • Incoming Mail Processing Overview
    • Outgoing Mail Processing Overview
    • Cisco ESA LDAP Integration Overview
    • Cisco Registered Envelope Service (CRES) Overview
    • Challenge

  • Lesson 2: Describing the Cisco Email Security Appliance Basic Setup Components
    • Cisco ESA Listener Overview
    • Cisco ESA Listener Type: Private and Public
    • Cisco ESA One Interface/One Listener Deployment Example
    • Cisco ESA Two Interfaces/Two Listeners Deployment Example
    • Cisco ESA Listener Major Components: HAT and RAT
    • Cisco ESA One Listener Deployment Scenario
    • One Listener Deployment Scenario: Interfaces and Listener
    • One Listener Deployment Scenario: LDAP Accept Query
    • One Listener Deployment Scenario: HAT
    • One Listener Deployment Scenario: HAT > Sender Group
    • One Listener Deployment Scenario: HAT > Sender Group SBRS
    • One Listener Deployment Scenario: HAT > BLACKLIST Sender Group
    • One Listener Deployment Scenario: HAT > RELAYLIST Sender Group
    • One Listener Deployment Scenario: HAT > Add Sender Group
    • One Listener Deployment Scenario: HAT > Mail Flow Policy
    • One Listener Deployment Scenario: HAT > Mail Flow Policy > Anti-Spam and Anti-Virus
    • One Listener Deployment Scenario: HAT > Mail Flow Policies Summary
    • One Listener Deployment Scenario: RAT
    • One Listener Deployment Scenario: SMTP Routes
    • One Listener Deployment Scenario: Email Relaying on Internal Mail Server
    • Challenge

  • Lesson 3: Configuring Cisco Email Security Appliance Basic Incoming and Outgoing Mail Policies
    • Cisco ESA Incoming and Outgoing Mail Policies Overview
    • Cisco ESA Mail Policies Matching
    • Anti-Spam Overview
    • Anti-Spam Configuration
    • Spam Quarantine Configuration
    • Policy, Virus, Outbreak Quarantines Configuration
    • Anti-Virus Overview
    • Anti-Virus Configuration
    • Content Filters Overview
    • Content Filters Configuration
    • Outbreak Filters Overview
    • Outbreak Filters Configuration
    • Data Loss Prevention Overview
    • Data Loss Prevention Configuration
    • Reporting Overview
    • Message Tracking
    • Trace
    • Challenge

Module 4: Advanced Malware Protection for Endpoints

  • Lesson 1: AMP for Endpoints Overview and Architecture
    • Modern Malware
    • Why Defenses Fail
    • Introduction to AMP for Endpoints
    • AMP for Endpoints Architecture
    • AMP Connector Architecture
    • Installation Components
    • How AMP Connector Components Interact
    • The Role of the AMP Cloud
    • Transaction Processing
    • Additional Transaction Processing
    • Real-time Data Mining
    • Private Cloud Architecture
    • Private Cloud Modes
    • Cloud Proxy Mode Communications
    • Air Gap Mode
    • Challenge

  • Lesson 2: Customizing Detection and AMP Policy
    • Detection, Application Control, DFC Options, and IOCs
    • Endpoint Policy
    • Policy Modes
    • Simple Custom Detections
    • Creating A Simple Custom Detection
    • Application Blocking
    • Advanced Custom Signatures
    • Whitelisting
    • Android Custom Detections
    • DFC IP Blacklists and Whitelists
    • DFC IP Blacklists
    • DFC IP Whitelists
    • Configuring Exclusions
    • Custom Exclusion Sets
    • Challenge

  • Lesson 3: IOCs and IOC Scanning
    • Indications of Compromise (IOCs)
    • IOC Scanning
    • Customizing IOCs
    • Challenge

  • Lesson 4: Deploying AMP Connectors
    • Groups
    • Creating Groups
    • Deploying Windows Connectors
    • Direct Download Deployment
    • Creating the Installer (Public Cloud)
    • Email Deployment
    • Microsoft Windows Installation and Interface
    • Connectivity Considerations
    • Command-Line Installation
    • Challenge

  • Lesson 5: AMP Analysis Tools
    • Event View Filters
    • Events List
    • Event Detail: File Detection
    • Event Detail: Connector Info
    • Event Detail: Comments
    • File Analysis
    • The File Analysis Page
    • File Analysis Results
    • File Repository
    • Trajectory
    • File Trajectory Page
    • Device Trajectory
    • Device Trajectory Filters and Search
    • Prevalence
    • Vulnerable Software
    • Reporting
    • Creating a Report
    • Challenge

Module 5: Cisco FirePOWER Next-Generation IPS

  • Lesson 1: Describing the Cisco FireSIGHT System
    • Cisco FireSIGHT System Overview
    • Cisco FirePOWER NGIPS and NGFW
    • Cisco FireSIGHT System Detection and Architecture
    • Cisco FireSIGHT System Components
    • Cisco FireSIGHT System Device Configuration
    • Traffic Flows
    • Challenge

  • Lesson 2: Configuring and Managing Cisco FirePOWER Devices
    • Introduction to Device Management
    • Interfaces Tab
    • Virtual Device Configuration
    • Static Route Configuration
    • Object Management
    • Challenge

  • Lesson 3: Implementing an Access Control Policy
    • Access Control Policy Overview
    • Access Control Policy Configuration
    • Default Action
    • Targets Tab
    • Security Intelligence
    • HTTP Responses
    • Advanced Tab
    • Access Control Policy Rules
    • Rule Constraints Overview
    • Save and Apply the Access Control Policy
    • Challenge

  • Lesson 4: Understanding Discovery Technology
    • Introduction to Host Discovery
    • Network Discovery Policy
    • Discovery Overview
    • Challenge

  • Lesson 5: Configuring File-Type and Network Malware Detection
    • Introduction to Network-Based Malware Detection
    • Network-Based Malware Detection Overview
    • File Dispositions
    • Important Network-Based Malware Detection Concepts
    • Retrospective Event Overview
    • Cisco FireSIGHT File-Type Detection Architecture
    • Cisco FireSIGHT Malware Detection Architecture
    • File Disposition Caching
    • File Lists
    • File Policy
    • Challenge

  • Lesson 6: Managing SSL Traffic with Cisco FireSIGHT
    • SSL Traffic Management Overview
    • SSL Inspection Architecture
    • Cisco FireSIGHT SSL Inspection
    • SSL Policy
    • Challenge

  • Lesson 7: Describing IPS Policy and Configuration Concepts
    • Introduction to IPS Policy
    • Policy Layering Model
    • Rule Management
    • Cisco FireSIGHT Rule Recommendations
    • IPS Policy Layering
    • Challenge

  • Lesson 8: Describing the Network Analysis Policy
    • Network Analysis Policy Introduction
    • Network Analysis Policy Customization
    • Preprocessors
    • Network Analysis Policy Configuration
    • Network Analysis Policy Creation
    • Preprocessor Configuration
    • Challenge

  • Lesson 9: Creating Reports
    • Reporting System Overview
    • Report Templates
    • Report Sections
    • Advanced Settings
    • Challenge

  • Lesson 10: Describing Correlation Rules and Policies
    • Correlation Policies Overview
    • Correlation Policy Responses
    • Remediations Configuration
    • Remediation Module Configuration
    • Correlation Policy Rules
    • Correlation Policies Overview
    • Correlation Events
    • Whitelists Overview
    • Whitelist Events and Violations
    • Traffic Profiles Overview
    • Traffic Profiles in Correlation Policies
    • Challenge

  • Lesson 11: Understanding Basic Rule Syntax and Usage
    • Basic Snort Rule Structure
    • Snort Rule Headers
    • Snort Rule Bodies
    • Challenge

Module 6: Cisco ASA FirePOWER Services Module

  • Lesson 1: Installing Cisco ASA 5500-X Series FirePOWER Services (SFR) Module
    • Cisco ASA FirePOWER Services (SFR) Module Overview
    • Cisco FireSIGHT Management Center Overview
    • Cisco ASA FirePOWER Services Software Module Management Interface
    • Cisco ASA FirePOWER Services Module Package Installation
    • Cisco ASA FirePOWER Services Module Verification
    • Redirect Traffic to Cisco ASA FirePOWER Services Module
    • Challenge

Lab Outline

Guided Lab 1: Configure Cisco Web Security Appliance Explicit Proxy and User Authentication Web-related connectivity.

    Task 1: Verify Basic Cisco WSA Settings
    Task 2: Implement the Cisco WSA in Explicit Proxy Mode
    Task 3: Implement User Authentication with Active Directory using Basic Authentication
    Task 4: Implement User Authentication using Transparent User Identification

Guided Lab 2: Configure Cisco Web Security Appliance Acceptable Use Controls
    Task 1: Implement the Cisco WSA in Transparent Proxy Mode
    Task 2: Configure the Access Policy
    Task 3: Enable Decryption and Configure the Decryption Policy
    Task 4: Configure URL Filtering for the Access Policy
    Task 5: Configure Application Visibility Control for the Access Policy

Guided Lab 3: Configure Cisco Email Security Appliance Basic Policies
    Task 1: Verify the Initial Email Exchange Without the Cisco ESA
    Task 2: Deploy the Cisco ESA Mail Proxy
    Task 3: Integrate the Cisco ESA with LDAP and Enable LDAP Accept Query
    Task 4: Configure Incoming Content Filters and Mail Policies
    Task 5: Configure Outbound Data Loss Prevention

Guided Lab 4: Accessing the AMP Public Cloud Console
    Task 1: Accessing the AMP Public Cloud Console
    Task 2: Workstation Preparation

Guided Lab 5: Customizing Detection and AMP Policy
    Task 1: Simple Custom Detections
    Task 2: Advanced Custom Signatures
    Task 3: Application Blocking
    Task 4: Whitelisting
    Task 5: DFC IP Blacklist
    Task 6: Creating a Policy

Guided Lab 6: IOCs and IOC Scanning
    Task 1: Create and Upload a Custom IOC

Guided Lab 7: Deploying AMP Connectors
    Task 1: Create Groups
    Task 2: Deploy the Connector
    Task 3: Connector Command Line Installation

Guided Lab 8: AMP Analysis Tools
    Task 1: Install the AMP Connector
    Task 2: Test Your Policy
    Task 3: Work With AMP Events
    Task 4: Detection / Quarantine Events
    Task 5: File Trajectory
    Task 6: Device Trajectory
    Task 7: Vulnerable Applications
    Task 8: IOCs and IOC Scanning: Clean Scan
    Task 9: IOCs and IOC Scanning: Dirty Scan
    Task 10: File Analysis

Guided Lab 9: Configure Inline Interfaces and Create Objects
    Task 1: Test Inline Interfaces
    Task 2: Create Objects

Guided Lab 10: Create Access Control Policy Rules
    Task 1: Create a Basic Access Control Policy
    Task 2: Create an Access Control Policy For Application Awareness
    Task 3: Implement URL Filtering
    Task 4: Include an IPS Policy in Access Control Policy Rules

Guided Lab 11: Configure Network Discovery Detection
    Task 1: Tune the Network Discovery Detection Policy
    Task 2: View FireSIGHT Data
    Task 3: Assign Host Attributes

Guided Lab 12: Create a File Policy
    Task 1: Create a File Policy

Guided Lab 13: Create an Intrusion Policy
    Task 1: Create an Intrusion Policy
    Task 2: Enable Include FireSIGHT Recommendations
    Task 3: Implement FireSIGHT Recommendations
    Task 4: Apply Your Policy and Variable Set and Test

Guided Lab 14: Create a Network Analysis Policy
    Task 1: Tune Your HTTP Inspect Preprocessor
    Task 2: Test the Network Analysis Policy Settings

Guided Lab 15: Compare Trends
    Task 1: Compare Trends

Guided Lab 16: Create Correlation Policies
    Task 1: Create a Correlation Policy Based on Connection Data
    Task 2: Configure a Whitelist