Overview

The official self-study test preparation guide for the Cisco CCSP Cisco Secure Intrusion Detection System exam - The only official self-study book for the CSIDS exam - Introduces features and functions of the Cisco Intrusion Detection System solution - Includes all book features of this best-selling series: Chapter Review Questions, Foundation Summaries, and more - Comprehensive test engine on companion CD-ROM assesses understanding of the topics and concepts covered in the book CCSP CSIDS Exam Certification Guide covers all of the major topics on the CSIDS exam, providing readers occasion to practice the skills critical for everyday administration and troubleshooting of Cisco's intrusion detection system solution. Each chapter of the CCSP CSIDS Exam Certification Guide tests readers' knowledge of the subjects through specially designed assessment and study features. Do I Know This Already? quizzes assess readers' knowledge and help them decide how much time to spend on each section. The Foundation Topics sections provide details on exam topics. Each chapter also includes a Foundation Summary section that highlights essential concepts for quick reference and study. The final section of this book includes scenarios dedicated to working with the Cisco IDS solution. These scenarios include a description of the problem, a portion of the system configuration, debug output, and suggestions to help readers resolve the issue and become more familiar with the inner workings of the IDS solution, while reinforcing understanding of the key concepts covered throughout the book. Earl Carter is a member of the Security Technologies Assessment Team (STAT) that is part of Consulting Engineering (CE) at Cisco Systems. His duties involve performing security evaluations on numerous Cisco products and consulting with other teams within Cisco to help enhance the security of Cisco products. In this manner, he has examined various products from the PIX Firewall to the Cisco CallManager. Earl has been working in the field of computer security for eight years and lives in Texas.

Full Product Details

Author:   Earl Carter
Publisher:   Pearson Education (US)
Imprint:   Cisco Press
Edition:   1st Revised edition
Dimensions:   Width: 19.40cm , Height: 4.50cm , Length: 23.90cm
Weight:   1.238kg
ISBN:  

9781587201462

ISBN 10:   1587201461
Pages:   648
Publication Date:   06 October 2005
Audience:   College/higher education ,  Tertiary & Higher Education
Format:   Mixed media product
Publisher's Status:   Out of Print
Availability:   Out of stock  

Table of Contents

Foreword Introduction Part I Cisco IPS Overview Chapter 1 Cisco Intrusion Prevention System (IPS) Overview Do I Know This Already? Quiz Foundation and Supplemental Topics Cisco Intrusion Prevention Solution Intrusion Prevention Overview Intrusion-Prevention Terminology IPS/IDS Triggers Anomaly Detection Misuse Detection Protocol Analysis IPS/IDS Monitoring Locations Host-Based Network-Based Cisco Hybrid IPS/IDS Solution Risk Rating Event Severity Signature Fidelity Asset Value of Target Meta-Event Generator Inline Deep-Packet Inspection Cisco Intrusion Prevention System Hardware Cisco IDS 4200 Series Network Sensors Cisco 4215 Appliance Sensor Cisco 4235 Appliance Sensor Cisco 4240 Diskless Appliance Sensor Cisco 4250 Appliance Sensor Cisco 4250XL Appliance Sensor Cisco 4255 Diskless Appliance Sensor Cisco IDSM-2 for Catalyst 6500 Cisco IDS Network Module for Access Routers Router Sensor Firewall Sensor Inline Sensor Support Inline Mode Versus Promiscuous Mode Software Bypass Auto Mode Off Mode On Mode Cisco Sensor Deployment Internet Boundaries Extranet Boundaries Intranet Boundaries Remote Access Boundaries Servers and Desktops Sensor Deployment Considerations Sensor Placement Sensor Management and Monitoring Options Number of Sensors External Sensor Communications Cisco Sensor Communications Protocols Secure Shell Transport Layer Security (TLS)/Secure Socket Layer (SSL) Remote Data Exchange Protocol Event Messages IP Log Messages Transaction Messages Security Device Event Exchange Standard Cisco Sensor Software Architecture cidWebServer IDM Servlet Event Server Servlet Transaction Server Servlet IP Log Server Servlet mainApp logApp authentication Network Access Controller (NAC) ctlTransSource sensorApp Event Store cidCLI Foundation Summary Q&A Part II Cisco IPS Configuration Chapter 2 IPS Command-Line Interface Do I Know This Already? Quiz Foundation and Supplemental Topics Sensor Installation Installing 5.0 Software via the Network Installing 5.0 Software from a CD Sensor Initialization Accessing the CLI Running the setup Command Creating the Service Account Manually Setting the System Clock Changing your Password Adding and Removing Users Adding a Known SSH Host IPS CLI Using the Sensor CLI Prompts Help Tab Completion Command Recall Command Case Sensitivity Keywords User Roles Administrator Operator Viewer Service CLI Command Modes Privileged Exec Global Configuration Service Service Analysis-Engine Service Authentication Service Event-Action-Rules Service Host Service Interface Service Logger Service Network-Access Service Notification Service Signature-Definition Service SSH-Known-Hosts Service Trusted-Certificates Service Web-Server Administrative Tasks Configuration Tasks Foundation Summary Q&A Chapter 3 Cisco IPS Device Manager (IDM) Do I Know This Already? Quiz Foundation and Supplemental Topics Cisco IPS Device Manager System Requirements for IDM Navigating IDM Configuration Sensor Setup Interface Configuration Analysis Engine Signature Definition Event Action Rules Blocking Simple Network Management Protocol Auto Update Monitoring Back Forward Refresh Help Configuring Communication Parameters Using IDM Foundation Summary Q&A Chapter 4 Basic Sensor Configuration Do I Know This Already? Quiz Foundation and Supplemental Topics Basic Sensor Configuration Sensor Host Configuration Tasks Configuring Allowed Hosts Configuring Sensor User Accounts Configuring the Sensor's Time Parameters Manually Setting the Clock Configuring the NTP Server Settings Configuring the Time Zone Configuring the Summertime Settings Configuring SSH Hosts Interface Configuration Tasks Enabling Monitoring Interfaces Editing Monitoring Interface Parameters Configuring Inline Interface Pairs Configuring Inline Software Bypass Configuring Traffic Flow Notifications Analysis Engine Configuration Tasks Foundation Summary Q&A Chapter 5 Basic Cisco IPS Signature Configuration Do I Know This Already? Quiz Foundation and Supplemental Topics Configuring Cisco IPS Signatures Signature Groups Displaying Signatures by Attack Displaying Signatures by L2/L3/L4 Protocol Displaying Signatures by Operating System Displaying Signatures by Signature Release Displaying Signatures by Service Displaying Signatures by Signature Identification Displaying Signatures by Signature Name Displaying Signatures by Response Action Displaying Signatures by Signature Engine Alarm Summary Modes Fire Once Fire All Alarm Summarization Variable Alarm Summarization Basic Signature Configuration Viewing NSDB Information Signature Information Related Threats Information Viewing NSDB Information Enabling Signatures Creating New Signatures Editing Existing Signatures Retiring Signatures Defining Signature Responses Foundation Summary Q&A Chapter 6 Cisco IPS Signature Engines Do I Know This Already? Quiz Foundation and Supplemental Topics Cisco IPS Signatures Cisco IPS Signature Engines Signature Parameters Application Inspection and Control Signature Engines AIC FTP Signature Engine Parameters AIC HTTP Signature Engine Parameters Content Types Parameters Define Web Traffic Policy Parameters Msg Body Pattern Parameters Request Methods Parameters Transfer Encodings Parameters Atomic Signature Engines Atomic ARP Engine Parameters Atomic IP Engine Parameters Atomic IP ICMP Parameters Atomic IP TCP Parameters Atomic IP UDP Parameters Atomic IP Payload Parameters Flood Signature Engines Flood Host Engine Parameters Flood Host ICMP Parameters Flood Host UDP Parameters Flood Net Engine Parameters Meta Signature Engine Normalizer Signature Engine Service Signature Engines Service DNS Engine Parameters Service FTP Engine Parameters Service Generic Engine Parameters Service H225 Engine Parameters Service HTTP Engine Parameters Service Ident Engine Parameters Service MSSQL Engine Parameters Service NTP Engine Parameters Service RPC Engine Parameters Service SMB Engine Parameters Service SNMP Engine Parameters Service SSH Engine Parameters State Signature Engine Cisco Login States LPR Format String States SMTP States String Signature Engines String ICMP Engine Specific Parameters String TCP Engine-Specific Parameters Sweep Signature Engines Sweep Signature Engine Parameters Unique ICMP Sweep Parameters Unique TCP Sweep Parameters Sweep Other TCP Signature Engine Parameters Trojan Horse Signature Engines Foundation Summary Q&A Chapter 7 Advanced Signature Configuration Do I Know This Already? Quiz Foundation and Supplemental Topics Advanced Signature Configuration Regular Expressions String Matching Signature Fields Basic Signature Fields Signature Description Fields Engine-Specific Fields Event Counter Fields Alert Frequency Fields Status Fields Meta-Event Generator Understanding HTTP and FTP Application Policy Enforcement Tuning an Existing Signature Tuning Example Creating a Custom Signature Choose a Signature Engine Network Protocol Target Address Target Port Attack Type Inspection Criteria Verify Existing Functionality Define Signature Parameters Test Signature Effectiveness Custom Signature Scenario Creating Custom Signatures Using IDM Using IDM Custom Signature Wizard Cloning an Existing Signature Foundation Summary Q&A Chapter 8 Sensor Tuning Do I Know This Already? Quiz Foundation and Supplemental Topics IDS Evasion Techniques Flooding Fragmentation Encryption Obfuscation Using Control Characters Using Hex Representation Using Unicode Representation TTL Manipulation Tuning the Sensor Configuring IP Log Settings Configuring Application Policy Settings Configuring Reassembly Options Fragment Reassembly Stream Reassembly Configuring Reassembly Options Event Configuration Event Variables Target Value Rating Event Action Override Event Action Filters Foundation Summary Q&A Part III Cisco IPS Response Configuration Chapter 9 Cisco IPS Response Configuration Do I Know This Already? Quiz Foundation and Supplemental Topics Cisco IPS Response Overview Inline Actions Deny Packet Inline Deny Connection Inline Deny Attacker Inline Configuring Deny Attacker Duration Parameter Logging Actions Log Attacker Packets Log Pair Packets Log Victim Packets Manual IP Logging IP Blocking IP Blocking Definitions IP Blocking Devices Cisco Routers Cisco Catalyst 6000 Switches Cisco PIX Firewalls Blocking Guidelines Antispoofing Mechanisms Critical Hosts Network Topology Entry Points Signature Selection Blocking Duration Device Login Information Interface ACL Requirements Blocking Process ACL Placement Considerations External Versus Internal ACLs Versus VACLs Using Existing ACLs Master Blocking Sensor Configuring IP Blocking Assigning a Blocking Action Setting Blocking Properties Setting Blocking Properties via IDM Defining Addresses Never to Block Setting Up Logical Devices Defining Blocking Devices Defining Blocking Devices Using IDM Defining Router Blocking Devices Interfaces Using IDM Defining Cat6K Blocking Device Interfaces Using IDM Defining Master Blocking Sensors Configuring a Master Blocking Sensor in IDM Manual Blocking Blocking Hosts Blocking Networks TCP Reset Foundation Summary Q&A Part IV Cisco IPS Event Monitoring Chapter 10 Alarm Monitoring and Management Do I Know This Already? Quiz Foundation and Supplemental Topics CiscoWorks 2000 Login Process Authorization Roles Adding Users Security Monitor Installing Security Monitor Windows Installation Server Requirements Client Requirements Security Monitor User Interface Configuration Tabs Options Bar TOC Path Bar Instruction Box Content Area Tools Bar Security Monitor Configuration Adding Devices Adding RDEP Devices Adding PostOffice Devices Adding IOS Devices Adding PIX Devices Importing Devices Event Notification Adding Event Rules Activating Event Rules Monitoring Devices Monitoring Connections Monitoring Statistics Monitoring Events Security Monitor Event Viewer Moving Columns Deleting Rows and Columns Delete from This Grid Delete from Database Delete Column Collapsing Rows Collapse > First Group Collapse > All Rows Expanding Rows Expand > First Group Expand > All Rows Suspending and Resuming New Events Changing Display Preferences Actions Cells Sort By Boundaries Severity Indicator Database Creating Graphs By Child By Time Tools Pull-Down Menu Options Explanation Trigger Packet IP Logs Statistics Options Resolving Host Names Security Monitor Administration Data Management System Configuration Settings Defining Event Viewer Preferences Security Monitor Reports Defining the Report Running the Report Viewing the Report Foundation Summary Q&A Part V Cisco IPS Maintenance and Tuning Chapter 11 Sensor Maintenance Do I Know This Already? Quiz Foundation and Supplemental Topics Sensor Maintenance Software Updates IPS Software File Format Software Type Cisco IPS Version Service Pack Level Signature Version Extension Software Update Guidelines Upgrading Sensor Software Saving Current Configuration Software Installation via CLI Software Installation Using IDM Configuring Automatic Software Updates Using IDM Downgrading an Image Updating the Sensor's License Image Recovery Restoring Default Sensor Configuration Restoring Default Configuration Using the CLI Restoring Default Configuration Using IDM Resetting and Powering Down the Sensor Resetting the Sensor Using the Sensor CLI Resetting the Sensor Using IDM Foundation Summary Q&A Chapter 12 Verifying System Configuration Do I Know This Already? Quiz Foundation and Supplemental Topics Verifying System Configuration Viewing Sensor Configuration Displaying Software Version Displaying Sensor Configuration Displaying Sensor PEP Inventory Viewing Sensor Statistics Viewing Sensor Events Viewing Events Using the CLI Viewing Events Using IDM Selecting Event Types Selecting Time Frame for Events Using the IDM Event Viewer Debugging Sensor Operation Verifying Interface Operation Capturing Packets Generating Tech-Support Output Sensor SNMP Access Enabling SNMP Traps by Using the Sensor CLI Enabling SNMP Traps Using IDM Foundation Summary Q&A Chapter 13 Cisco IDS Module (IDSM) Do I Know This Already? Quiz Foundation and Supplemental Topics Cisco IDS Module IDSM-2 Technical Specifications Performance Capabilities Catalyst 6500 Requirements Key Features IDSM-2 Traffic Flow IDSM-2 Configuration Verifying IDSM-2 Status Initializing the IDSM-2 Accessing the IDSM-2 CLI Logging in to the IDSM-2 Configuring the Command and Control Port Configuring the Switch Traffic Capture Settings IDSM-2 Ports TCP Reset Port Command and Control Port Monitoring Ports Catalyst 6500 Switch Configuration Configuring the Command and Control Port Setting VLANs by Using IOS Setting VLANs by Using CatOS Monitored Traffic IDSM-2 Administrative Tasks Enabling Full Memory Test Stopping the IDS Module Troubleshooting the IDSM-2 IDSM-2 Status LED Catalyst 6500 Commands show module Command show port Command show trunk Command Foundation Summary Q&A Chapter 14 Cisco IDS Network Module forAccess Routers Do I Know This Already? Quiz Foundation and Supplemental Topics NM-CIDS Overview NM-CIDS Key Features NM-CIDS Specifications NM-CIDS Front Panel Traditional Appliance Sensor Network Architecture NM-CIDS Network Architecture NM-CIDS Hardware Architecture NM-CIDS Internal Fast Ethernet Interface NM-CIDS External Fast Ethernet Interface Internal Universal Asynchronous Receiver/Transmitter Interface NM-CIDS Disk, Flash, and Memory Traffic Capture for NM-CIDS Cisco IOS Features Access Control Lists and NM-CIDS Encryption and NM-CIDS Inside NAT and NM-CIDS Outside NAT and NM-CIDS IP Multicast, IP Broadcast, and UDP Flooding and NM-CIDS GRE Tunnels and NM-CIDS Packets Not Forwarded to NM-CIDS NM-CIDS Installation and Configuration Tasks Installing the NM-CIDS Inserting the NM-CIDS into a Router Connecting the NM-CIDS to the Network Verifying That the Router Recognizes the NM-CIDS Verifying That Cisco IOS-IDS is Not Running Configuring the Internal ids-sensor Interface Verifying the NM-CIDS Slot Number Enabling CEF Configuring the Interface Assigning the Clock Settings Using the Router Time Source Using an NTP Time Source Configuring NM-CIDS Clock Mode Setting Up Packet Monitoring Logging In to NM-CIDS Console Accessing NM-CIDS via a Session Accessing NM-CIDS via Telnet NM-CIDS Login Performing Initial Sensor Configuration NM-CIDS Maintenance Tasks Reloading the NM-CIDS Resetting the NM-CIDS Shutting Down the NM-CIDS Viewing the NM-CIDS Status Recovering the NM-CIDS Software Image Configuring the Boot Loader Booting the Helper Image Selecting the File Transfer Method Installing the Application Image Booting the Application Image Configuring the IPS Application Foundation Summary Q&A Chapter 15 Capturing Network Traffic Do I Know This Already? Quiz Foundation and Supplemental Topics Capturing Network Traffic Capturing Traffic for Inline Mode Capturing Traffic for Promiscuous Mode Traffic Capture Devices Hub Traffic Flow Network Tap Traffic Flow Switch Traffic Flow Switch Capture Mechanisms Switched Port Analyzer Remote Switched Port Analyzer VLAN Access Control Lists TCP Resets and Switches Configuring SPAN for Catalyst 4500 and 6500 Traffic Capture The monitor session Command Configuring RSPAN for Catalyst 4500 and 6500 Traffic Capture Configuring VACLs for Catalyst 6500 Traffic Capture Configure an ACL Create a VLAN Access Map Match ACL to Access Map Define Action for Access Map Apply Access Map to VLANs Configure Capture Ports Configuring VACLs for Traffic Capture With Cisco Catalyst 6500 IOS Firewall Configure the Extended ACL Apply ACL to an Interface or VLAN Assign the Capture Port Advanced Catalyst 6500 Traffic Capture Configure Destination Port Define Trunks to Capture Assign Switch Ports to VLANs Create the VACL Foundation Summary Q&A Appendix Answers to the Do I Know ThisAlready? Quizzes and Q&AQuestions Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Index

Reviews

Author Information

Earl Carter is a member of the Security Technologies Assessment Team at Cisco where his duties involve performing security evaluations on numerous Cisco products as well as consulting with other teams at Cisco to help enhance the security of Cisco products. He has examined various products, from the Cisco PIX (R) Firewall to the Cisco CallManager. Presently, Earl holds a CCNA (R) certification and is working on earning his CCIE (R) certification with a security emphasis.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions