Cisco Secure Intrusion Detection System 4.1 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-1 Lesson 1 Course Introduction © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-2 Course Objectives Upon completion of this course, you will be able to perform the following tasks: • Describe the basic intrusion detection terminology. • Explain the different intrusion detection technologies and evasive techniques. • Design a Cisco IDS protection solution for small, medium, and enterprise customers. • Identify the Cisco IDS Sensor platforms and describe their features. • Describe the Cisco IDS signatures and determine the immediate threat posed to the network. © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-3 Course Objectives (Cont.) • Describe the Cisco IDS signature engines and engine parameters. • Tune Cisco IDS signatures to work optimally in unique network environments. • Create and implement customized intrusion detection signatures. • Create alarm exceptions to reduce alarms and possible false positives. • Configure a Cisco IDS Sensor to perform device management of supported blocking devices. © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-4 Course Objectives (Cont.) • Perform maintenance operations such as signature and service pack upgrades. • Describe the Cisco IDS architecture. • Manage a large scale deployment of Cisco IDS Sensors with management and monitoring software. • Install and configure Cisco IDS Sensors including the following: – A network appliance – A Network Module for Cisco 2600, 3600, and 3700 routers – An Intrusion Detection System Module 2 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-5 Course Agenda Day 1 • • • • • • Lesson 1—Course Introduction Lesson 2—Security Fundamentals Lesson 3—Intrusion Detection Overview Lunch Lesson 4—Cisco Intrusion Detection System Architecture Lesson 5—Getting Started with the IDS Command Line Interface Day 2 • Lesson 6—Sensor Management and Monitoring • Lesson 7—Using the Intrusion Detection System Device Manager to Configure the Sensor • Lunch • Lesson 8—Cisco Intrusion Detection System Alarms and Signatures • Lesson 9—Signature Configuration © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-6 Course Agenda (Cont.) Day 3 • • • • • Lesson 10—Sensor Tuning Lesson 11—Blocking Configuration Lunch Lesson 12—Cisco Intrusion Detection System Maintenance Lesson 13—Enterprise Intrusion Detection System Management Day 4 • • • • • Lesson 14—Enterprise IDS Monitoring and Reporting Lesson 15—Cisco Intrusion Detection System Network Module Lunch Lesson 16—Intrusion Detection System Module Configuration Lesson 17—Capturing Network Traffic for Intrusion Detection Systems © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-7 Participant Responsibilities Student responsibilities • Complete prerequisites • Participate in lab exercises • Ask questions • Provide feedback © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-8 General Administration Class-related Facilities-related • Sign-in sheet • Participant materials • Length and times • Site emergency procedures • Break and lunch room locations • Attire © 2004, Cisco Systems, Inc. All rights reserved. • Restrooms • Telephones/faxes CSIDS 4.1—1-9 Graphic Symbols IOS Router PIX Firewall VPN 3000 IDS Sensor Network Access Server Policy Manager CA Server PC Hub Modem © 2004, Cisco Systems, Inc. All rights reserved. Ethernet Link Catalyst 6500 w/ IDS Module 2 Laptop VPN Tunnel IOS Router w/IDS Network Module Server Web, FTP, etc. Network Cloud CSIDS 4.1—1-10 Participant Introductions • Your name • Your company • Prerequisite skills • Brief history • Objective © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-11 Cisco Security Career Certifications Expand Your Professional Options and Advance Your Career Cisco Certified Security Professional (CCSP) Certification Professional-level recognition in designing and implementing Cisco security solutions Expert CCIE Professional CCSP Associate Required Exam Recommended Training through Cisco Learning Partners 642-501 Securing Cisco IOS Networks 642-511 Cisco Secure Virtual Private Networks 642-531 Cisco Secure Intrusion Detection System 642-521 Cisco Secure PIX Firewall Advanced 642-541 Cisco SAFE Implementation CCNA Network Security www.cisco.com/go/securitytraining © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-12 Cisco Security Career Certifications (Cont.) Enhance Your Cisco Certifications and Validate Your Areas of Expertise Cisco Firewall, VPN, and IDS Specialists Cisco Firewall Specialist Required Exam 642-501 Recommended Training through Cisco Learning Partners Pre-requisite: Valid CCNA certification Securing Cisco IOS Networks Cisco Secure PIX Firewall Advanced 642-521 Cisco VPN Specialist Required Exam Recommended Training through Cisco Learning Partners Pre-requisite: Valid CCNA certification Cisco IDS Specialist 642-501 Securing Cisco IOS Networks 642-511 Cisco Secure Virtual Private Networks Required Exam 642-501 642-531 Recommended Training through Cisco Learning Partners Pre-requisite: Valid CCNA certification Securing Cisco IOS Networks Cisco Secure Intrusion Detection System www.cisco.com/go/securitytraining © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-13 Lab Topology Overview © 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.1—1-14 Lab Visual Objective Web FTP .50 172.26.26.0 .150 .1 .1 172.30.P.0 sensorP RBB 172.30.Q.0 .2 Router .2 sensorQ .2 .4 Router nmsensorP nmsensorQ .4 .2 10.0.P.0 .10 Web FTP SMTP POP 10.0.Q.0 .100 RTS © 2004, Cisco Systems, Inc. All rights reserved. .10 .100 RTS Student PC Student PC 10.0.P.12 10.0.Q.12 Web FTP SMTP POP CSIDS 4.1—1-15