Securing Networks with Cisco Firepower Next-Generation IPS (SSFIPS)

Detailed Course Outline

• Module 1: Sourcefire System Overview and Classroom Setup
• Module 2: Device Management
• Module 3: Object Management
• Module 4: Access Control Policy
• Module 5: Network-based Malware Detection
• Module 6: FireSIGH Technology
• Module 7: Correlation Policies
• Module 8: IPS Policy Basics
• Module 9: Advanced IPS Polcity Configurations
• Module 10: User Account Management
• Module 11: Event Anlaysis
• Module 12: Reporting
• Module 13: Basic Rule Syntax and Usage
• Module 14: Case Studies in Rule Writing and Packet Analysis

Lab Outline

• Lab 1: Verifying the License
• Lab 2: Testing the Environment by Running Attack PCAPs
• Lab 3: Viewing Events
• Lab 4: Layer 2 and 3 Simulation
• Lab 5: Inline Interface Configuration
• Lab 6: Creating Objects
• Lab 7: Creating an Access Control Policy (Port Inspection)
• Lab 8: Creating an Access Control Policy (Application Awareness)
• Lab 9: URL Filtering
• Lab 10: Including an IPS Policy in Access Control Rules
• Lab 11: Creating a File Policy
• Lab 12: Tunning the Network Discovery Policy
• Lab 13: Viewing FireSIGHT Data
• Lab 14: User Discovery
• Lab 15: Creating a Correlation Policy Based on Connection Data
• Lab 16: White Lists
• Lab 17: Working with Connection Data and Traffic Profiles
• Lab 18: Creating an Intrusion Policy
• Lab 19: Including FireSIGHT Recommendations in an Intrusion Policy
• Lab 20: Tunning Your HTTP_Inspect Preprocessor
• Lab 21: Apply and Test Your Policy and Varriable Set
• Lab 22: Create User Accounts and Configure the UI Timeout Value
• Lab 23: Testing Exempt and Non Exempt Users
• Lab 24: Permission Escalation
• Lab 25: Working with External Accounts
• Lab 26: Analysis Lab
• Lab 27: Tunning Events
• Lab 28: Context Explorer
• Lab 29: Comparing Trends with Reports
• Lab 30: Writing Custom Rules
• Lab 31: Research and Packet Analysis
• Lab 32: Revisiting the Kaminsky Vulnerability