Detailed Course Outline
- Module 1: Sourcefire System Overview and Classroom Setup
- Module 2: Device Management
- Module 3: Object Management
- Module 4: Access Control Policy
- Module 5: Network-based Malware Detection
- Module 6: FireSIGH Technology
- Module 7: Correlation Policies
- Module 8: IPS Policy Basics
- Module 9: Advanced IPS Polcity Configurations
- Module 10: User Account Management
- Module 11: Event Anlaysis
- Module 12: Reporting
- Module 13: Basic Rule Syntax and Usage
- Module 14: Case Studies in Rule Writing and Packet Analysis
Lab Outline
- Lab 1: Verifying the License
- Lab 2: Testing the Environment by Running Attack PCAPs
- Lab 3: Viewing Events
- Lab 4: Layer 2 and 3 Simulation
- Lab 5: Inline Interface Configuration
- Lab 6: Creating Objects
- Lab 7: Creating an Access Control Policy (Port Inspection)
- Lab 8: Creating an Access Control Policy (Application Awareness)
- Lab 9: URL Filtering
- Lab 10: Including an IPS Policy in Access Control Rules
- Lab 11: Creating a File Policy
- Lab 12: Tunning the Network Discovery Policy
- Lab 13: Viewing FireSIGHT Data
- Lab 14: User Discovery
- Lab 15: Creating a Correlation Policy Based on Connection Data
- Lab 16: White Lists
- Lab 17: Working with Connection Data and Traffic Profiles
- Lab 18: Creating an Intrusion Policy
- Lab 19: Including FireSIGHT Recommendations in an Intrusion Policy
- Lab 20: Tunning Your HTTP_Inspect Preprocessor
- Lab 21: Apply and Test Your Policy and Varriable Set
- Lab 22: Create User Accounts and Configure the UI Timeout Value
- Lab 23: Testing Exempt and Non Exempt Users
- Lab 24: Permission Escalation
- Lab 25: Working with External Accounts
- Lab 26: Analysis Lab
- Lab 27: Tunning Events
- Lab 28: Context Explorer
- Lab 29: Comparing Trends with Reports
- Lab 30: Writing Custom Rules
- Lab 31: Research and Packet Analysis
- Lab 32: Revisiting the Kaminsky Vulnerability