Book description
Understand how Cisco IDS can be used to protect, monitor, and enforce physical security policies
Review techniques applicable to both network- and host-based platforms
Review the security wheel concepts and apply security to AVVID using the SAFE Blueprint
Install and configure the Cisco IDS to monitor your network for malicious activity
Understand Cisco Threat Response (CTR) benefits and how it operates
Apply alarm signatures and gain the proficiency to create your own custom signatures
Deploy Cisco IDS effectively in your network using sensor and management platforms
Get inside the Cisco Security Agent (CSA) architecture
In addition to firewalls and other security appliances intended to limit outsider access to a network, intrusion detection and targeted countermeasures are a critical component of a complete network security plan. The Cisco Intrusion Detection Sensors and Management options work as a united system to provide detection, notification, and aggressive lockdown to malicious network breaches. CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS), Second Edition, offers in-depth configuration and deployment information for the reliable and intensive intrusion detection solutions from Cisco Systems.
CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS), Second Edition, is a Cisco authorized, self-paced learning tool that helps you gain mastery over the use of both the host-based and network-based IDS options (as well as the Cisco Threat Response functionality) by presenting a consolidated all-inclusive reference on all of the current Cisco IDS sensor platforms and management platforms. Chapter overviews bring you quickly up to speed and help you get to work right away. Configuration examples are designed to show you how to make the most of your IDS system, and unique chapter-ending review questions test your knowledge.
Whether you are seeking a reference guide to working with the CIDS sensor and management platforms or a study guide for the 642-531 exam, CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS), Second Edition, supports your effective use of the Cisco IDS.
CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS), Second Edition, is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
This volume is in the Certification Self-Study Series offered by Cisco Press. Books in this series provide officially developed training solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
Table of contents
- Copyright
- About the Author
- About the Technical Reviewers
- Acknowledgments
- Icons Used in This Book
- Command Syntax Conventions
- Foreword
-
Introduction
- Audience
-
Organization
- Part I, “Introduction to Network Security”
- Part II, “Intrusion Detection and the CIDS Environment”
- Part III, “Cisco Network IDS Configuration”
- Part IV, “Cisco Endpoint Security”
- Part V, “CIDS Maintenance and Tuning”
- Part VI, “Cisco Enterprise IDS Management”
- Part VII, “Cisco Intrusion Protection System Upcoming Functionality”
- Part VIII, “Appendixes”
- Conventions Used in This Book
- Cisco Certified Security Professional
- Cisco Intrusion Detection Systems Course
- Cisco IDS Course Prerequisites
- 1. The Need for Network Security
-
2. Network Security and Cisco
- Securing the Network
- Monitoring Network Security
- Testing Network Security
- Improving Network Security
- Cisco Architecture for Voice, Video, and Integrated Data (AVVID)
- Cisco SAFE
- Summary
- Review Questions
- 3. Intrusion Detection Concepts
-
4. Cisco Intrusion Protection
- Cisco Intrusion Detection System (IDS) Solution Overview
- Cisco IDS Sensors
- Cisco Threat Response
- Cisco Sensor Management
- Cisco Alarm Monitoring and Reporting
- Deploying Cisco IDS
- Summary
- Review Questions
- 5. Cisco IDS Architecture
-
6. Capturing Network Traffic
- Traffic Capture Devices
- Switch Port Analyzer
- Remote Switch Port Analyzer
- Virtual Local-Area Network (VLAN) Access Control List
- Advanced Traffic Capturing
- Summary
- Review Questions
- 7. Cisco IDS Network Sensor Installation
- 8. Cisco IDS Module Configuration
-
9. Cisco IDS Device Manager and Event Viewer
- Cisco IDS Device Manager
-
Cisco IDS Event Viewer
- System Requirements
- Installing Cisco IDS Event Viewer
- Uninstalling Cisco IDS Event Viewer
- Starting IDS Event Viewer
- Specifying IDS Devices to Monitor
- Configuring Filters
- Configuring Views
- Viewing Event Data
- Working with Alarms
- Network Security Database (NSDB)
- Configuring Preferences
- Configuring Application Settings
- Database Administration
- Summary
- Review Questions
- 10. Sensor Configuration
-
11. Signature Configuration
- Global Sensing Configuration
- Signature Groups in IDM
- Signature Groups in IDS MC
- Signature Filtering
- Signature Configuration
- Tuning a Signature
- Creating Custom Signatures
- Summary
- Review Questions
-
12. Signature Response
- Signature Response Overview
- IP Blocking
-
Configuring IP Blocking
- Assigning the Block Action
- Setting Blocking Properties
- Defining Addresses Never to Block
- Setting Up Logical Devices
-
Defining Blocking Devices
- Defining Blocking Devices Using IDM
- Defining Router Blocking Devices Interfaces Using IDM
- Defining Cat6K Blocking Devices Interfaces Using IDM
- Defining Blocking Devices Using IDS MC
- Defining Router Blocking Devices Using IDS MC
- Defining Catalyst 6000 Blocking Devices Using IDS MC
- Defining PIX Blocking Devices Using IDS MC
- Defining Master Blocking Sensors
- Manual Blocking
- IP Logging
- TCP Reset
- Summary
- Review Questions
-
13. Cisco IDS Alarms and Signatures
- Cisco IDS Signatures
- Cisco IDS Alarms
-
Cisco IDS Signature Engines
- Signature Parameters
- Atomic Signature Engines
- Flood Signature Engines
- OTHER Signature Engine
-
Service Signature Engines
- SERVICE.DNS Engine Parameters
- SERVICE.FTP Engine Parameters
- SERVICE.GENERIC Engine Parameters
- SERVICE.HTTP Engine Parameters
- SERVICE.IDENT Engine Parameters
- SERVICE.MSSQL Engine Parameters
- SERVICE.NTP Engine Parameters
- SERVICE.RPC Engine Parameters
- SERVICE.SMB Engine Parameters
- SERVICE.SNMP Engine Parameters
- SERVICE.SSH Engine Parameters
- SERVICE.SYSLOG Engine Parameters
- State Signature Engines
- String Signature Engines
- Sweep Signature Engines
- Traffic Signature Engine
- Trojan Signature Engine
- Summary
- Review Questions
-
14. Host Intrusion Prevention
- Endpoint Protection
- Cisco Security Agent (CSA)
- Using Management Center for Cisco Security Agents
- Monitoring CSA Events
- Configuring Groups and Managing Hosts
- CSA Policies
- Agent Kits
- Distributing Software Updates
- Reports
- Profiler
- Summary
- Review Questions
- 15. Cisco IDS Maintenance and Troubleshooting
- 16. Enterprise IDS Management
-
17. Enterprise IDS Monitoring and Reporting
- Monitoring Center for Security
- Security Monitor Configuration
- Security Monitor Event Viewer
- Security Monitor Administration
- Security Monitor Reports
- Summary
- Review Questions
-
18. Cisco Threat Response
- Overview
- Cisco Threat Response (CTR) Requirements
- Software Installation
- Basic Configuration
- Advanced Configuration
- Alarms and Reports
- Maintenance
- Summary
- Review Questions
- 19. Cisco Intrusion Protection System Upcoming Functionality
- A. Cisco Intrusion Protection Solution Tuning: Case Studies
- B. Answers to Chapter Review Questions
- Glossary
Product information
- Title: CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS)
- Author(s):
- Release date: February 2004
- Publisher(s): Cisco Press
- ISBN: 1587051443
You might also like
book
Intrusion Detection Networks
The rapidly increasing sophistication of cyber intrusions makes them nearly impossible to detect without the use …
book
Cisco Security Professional's Guide to Secure Intrusion Detection Systems
Cisco Systems, Inc. is the worldwide leader in networking for the Internet, and its Intrusion Detection …
book
End-to-End Network Security: Defense-in-Depth
End-to-End Network Security Defense-in-Depth Best practices for assessing and improving network defenses and responding to security …
book
The Tao of Network Security Monitoring Beyond Intrusion Detection
"The book you are about to read will arm you with the knowledge you need to …