© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Cisco Secure Intrusion Detection System 4.1
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 1 Course Introduction
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Objectives Upon completion of this course, you will be able to perform the following tasks: Describe the basic intrusion detection terminology. Explain the different intrusion detection technologies and evasive techniques. Design a Cisco IDS protection solution for small, medium, and enterprise customers. Identify the Cisco IDS Sensor platforms and describe their features. Describe the Cisco IDS signatures and determine the immediate threat posed to the network.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Objectives (Cont.) Describe the Cisco IDS signature engines and engine parameters. Tune Cisco IDS signatures to work optimally in unique network environments. Create and implement customized intrusion detection signatures. Create alarm exceptions to reduce alarms and possible false positives. Configure a Cisco IDS Sensor to perform device management of supported blocking devices.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Objectives (Cont.) Perform maintenance operations such as signature and service pack upgrades. Describe the Cisco IDS architecture. Manage a large scale deployment of Cisco IDS Sensors with management and monitoring software. Install and configure Cisco IDS Sensors including the following: –A network appliance –A Network Module for Cisco 2600, 3600, and 3700 routers –An Intrusion Detection System Module 2
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Agenda Day 1 Lesson 1Course Introduction Lesson 2Security Fundamentals Lesson 3Intrusion Detection Overview Lunch Lesson 4Cisco Intrusion Detection System Architecture Lesson 5Getting Started with the IDS Command Line Interface Day 2 Lesson 6Sensor Management and Monitoring Lesson 7Using the Intrusion Detection System Device Manager to Configure the Sensor Lunch Lesson 8Cisco Intrusion Detection System Alarms and Signatures Lesson 9Signature Configuration
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Agenda (Cont.) Day 3 Lesson 10Sensor Tuning Lesson 11Blocking Configuration Lunch Lesson 12Cisco Intrusion Detection System Maintenance Lesson 13Enterprise Intrusion Detection System Management Day 4 Lesson 14Enterprise IDS Monitoring and Reporting Lesson 15Cisco Intrusion Detection System Network Module Lunch Lesson 16Intrusion Detection System Module Configuration Lesson 17Capturing Network Traffic for Intrusion Detection Systems
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Participant Responsibilities Student responsibilities Complete prerequisites Participate in lab exercises Ask questions Provide feedback
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS General Administration Class-related Sign-in sheet Length and times Break and lunch room locations Attire Facilities-related Participant materials Site emergency procedures Restrooms Telephones/faxes
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Graphic Symbols IOS Router PIX Firewall VPN 3000IDS SensorCatalyst 6500 w/ IDS Module 2 IOS Router w/IDS Network Module Network Access Server Policy Manager CA Server PCLaptopServer Web, FTP, etc. Modem Ethernet Link VPN Tunnel Hub Network Cloud
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Participant Introductions Your name Your company Prerequisite skills Brief history Objective
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Cisco Security Career Certifications Expand Your Professional Options and Advance Your Career Cisco Certified Security Professional (CCSP) Certification Expert Professional CCIE CCSP CCNA Associate Professional-level recognition in designing and implementing Cisco security solutions Recommended Training through Cisco Learning Partners Required Exam Cisco SAFE Implementation Network Security Securing Cisco IOS Networks Cisco Secure Virtual Private Networks Cisco Secure Intrusion Detection System Cisco Secure PIX Firewall Advanced
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Cisco Security Career Certifications (Cont.) Enhance Your Cisco Certifications and Validate Your Areas of Expertise Cisco Firewall, VPN, and IDS Specialists Recommended Training through Cisco Learning Partners Required Exam Securing Cisco IOS Networks Cisco Secure PIX Firewall Advanced Recommended Training through Cisco Learning Partners Required Exam Securing Cisco IOS Networks Cisco Secure Virtual Private Networks Recommended Training through Cisco Learning Partners Required Exam Securing Cisco IOS Networks Cisco Secure Intrusion Detection System Cisco Firewall Specialist Cisco VPN Specialist Cisco IDS Specialist Pre-requisite: Valid CCNA certification
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lab Topology Overview
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS sensorP.4 sensorQ Q P.0 Lab Visual Objective Student PC.2 Student PC Router nmsensorQ.1.2 Router nmsensorP P Q P Q.0 RTS Web FTP SMTP POP Web FTP SMTP POP Web FTP RBB