Logo

Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863

SL-SITCS

Implementing Cisco Threat Control Solutions

Alert Me

Description

Implementing Cisco Threat Control Solutions (SITCS) v1.0 is a newly created 5 day instructor-led training course, which is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco`s Next Generation Firewall (NGFW) as well as Web Security, Email Security and Cloud Web Security.

The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls utilizing Cisco Next Generation product solution which integrates Cisco Prime Security Manager for managing identity policies.
The student will gain hands-on experience with configuring various advanced Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco`s Next Generation Firewall security appliance feature and provide operational support for Intrusion Prevention Systems, Email Security, and Web based security appliances.

Upon completing this course, the learner will be able to meet these overall objectives:

  • Understand Cisco ASA Next-Generation Firewall (NGFW)
  • Deploy Cisco Web Security appliance to mitigate malware
  • Configure Web Security appliance for acceptable use controls
  • Configure Cisco Cloud Web Security Connectors
  • Describe Cisco Email Security Solution
  • Configure Cisco Email Appliance Incoming and Outgoing Policies
  • Describe IPS Threat Controls
  • Configure and Implement Cisco IPS Sensor into a Network

Outline

Module 1: Cisco ASA Next-Generation Firewall (NGFW) Services

Lesson 1: Describing the Cisco Modular Network Architecture
  • Cisco Modular Network Architecture and Cisco NGFW
  • Cisco ASA (CX) NGFW Benefit and Components
  • Cisco ASA (CX) NGFW Broad and Web AVC
  • Cisco ASA (CX) NGFW Policy Types
  • Cisco ASA (CX) NGFW Compatibility with Existing Cisco ASA Features
  • Cisco 5585-X NGFW CX-SSP Hardware Module
  • Cisco ASA 5500-X NGFW (CX) Software Module
Lesson 2: Describing the Cisco ASA (CX) NGFW Management Architecture
  • Cisco ASA (CX) NGFW Management Architecture
  • On-Box and Off-Box Cisco PRSM
  • Cisco PRSM GUI Basic Functions
  • Cisco ASA (CX) NGFW Management Interface
  • Cisco ASA (CX) NGFW CLI Operations
  • Cisco ASA (CX) NGFW Licenses
  • Cisco Off-Box PRSM License
  • Cisco ASA (CX) NGFW and Off-Box Cisco PRSM License Management
Lesson 3: Configure Cisco ASA (CX) NGFW Policy Objects
  • Cisco ASA-to-Cisco ASA (CX) NGFW Traffic Redirection
  • Cisco ASA (CX) NGFW Policy Structure
  • Cisco ASA (CX) NGFW Policy Object Types
  • Cisco ASA (CX) NGFW Network Objects
  • Cisco ASA (CX) NGFW Service Objects and Service Groups
  • Cisco ASA (CX) NGFW Application Objects and Application Service Objects
  • Cisco ASA (CX) NGFW URL Objects
  • Cisco ASA (CX) NGFW User Agent Objects
  • Cisco ASA (CX) NGFW Course Object and Destination Object Groups
  • Cisco ASA (CX) NGFW Secure Mobility Objects
  • Cisco ASA (CX) NGFW Action Profile Objects
  • Policy Objects in Cisco ASA (CX) NGFW Policies
  • Tags, Ticket IDs, and Metadata
Lesson 4: Monitoring Cisco ASA (CX) NGFW Operations
  • Cisco PRSM Dashboards and Reports
  • Cisco PRSM Event Viewer
  • Cisco SIO Update Verifications
Lesson 5: Configuring Cisco ASA (CX) NGFW Access Policies
  • Cisco ASA (CX) NGFW Access Policy Configuration
  • Cisco ASA (CX) NGFW Application Control Configuration
  • Cisco ASA (CX) NGFW URL Filtering Configuration
  • Cisco ASA (CX) NGFW File Filtering Profile Configuration
Lesson 6: Configuring Cisco ASA (CX) NGFW Identity Policies
  • Cisco ASA (CX) NGFW Active and Passive Authentications
  • Cisco ASA (CX) NGFW Authentication Realms
  • Cisco ASA (CX) NGFW ADI
  • Cisco ASA (CX) NGFW Identity-Based Policy Configuration
  • LDAP Authentication Realm and Server Configurations
  • Active Directory Authentication Realm and Server Configurations
  • Cisco ASA (CX) NGFW-to-Cisco CDA Integration Configurations
  • Cisco ASA (CX) NGFW Identity Policies with Active Authentication
  • Cisco ASA (CX) NGFW Authentication Settings Configuration
  • Cisco ASA (CX) NGFW Access and Decryption Policies with Identity Objects
  • Cisco ASA (CX) NGFW User Identity in Event Viewer
  • Cisco ASA CX Identity Policy Troubleshooting
Lesson 7: Configuring Cisco ASA (CX) NGFW Access Decryption Policies
  • Cisco ASA (CX) NGFW Decryption Policies
  • Cisco ASA (CX) NGFW Decryption Configurations
  • Cisco ASA (CX) NGFW Decryption Policy Configurations
  • Cisco ASA CX Decryption Policy Troubleshooting
  • Cisco ASA (CX) NGFW Identity, Decryption, and Access Policy Interactions
Module 2: Cisco Web Security Appliance Lesson 1: Describing The Cisco Web Security Appliance (WSA) Solutions
  • Cisco Modular Network Architecture and Cisco WSA
  • Cisco WSA Overview
  • Cisco WSA Architecture
  • Cisco WSA Malware Detection and Protection
  • Cisco Web-Based Reputation Score
  • Cisco WSA Acceptable Use Policy Enforcement
  • Cisco WSA GUI Management
  • Cisco WSA Committing the Configuration Changes
  • Cisco WSA Policy Types Overview
  • Cisco WSA Access Polices
  • Cisco WSA Identities: For who does this policies apply?
  • Cisco WSA Access Policy Assignment
  • Cisco WSA Identities and Authentication
  • Cisco WSA Access Policy Trace
Lesson 2: Integrating the Cisco Web Security Appliance
  • Explicit vs. Transparent Proxy Mode
  • Explicit Proxy Mode
  • PAC Files
  • PAC File Deployment Options
  • PAC File Hosting on Cisco WSA
  • Traffic Redirection In Transparent Mode
  • Connecting the Cisco WSA to a WCCP Router
  • Verifying WCCP
Lesson 3: Configuring Cisco Web Security Appliance Identities and User Authentication
  • Controls
  • Configure Identities to Group Client Transactions
  • Configure Policy Groups
  • The Need for User Authentication
  • Prompt the users for usernames and password
  • Transparent Authentication: Transparent User Identification
  • Transparent Authentication: Single Sign-on
  • Global Authentications Settings
  • Configure Realms and Realm Sequences
  • Configure NTLM Realm for Active Directory
  • Join Cisco WSA to Active Directory
  • Configure LDAP Realm for LDAP Servers
  • Define How User Information is Stored in LDAP
  • Bind Cisco WSA to LDAP Directory
  • LDAP Group Authorization
  • Allowing Guest Access to Users Who Fail Authentication
  • Testing Authentication Settings
  • Authenticated Users in Reports
Lesson 4: Configuring Cisco Web Security Appliance Acceptable Use Control
  • URL Filtering Overview
  • URL Categorizing Process
  • Application Visibility and Control Overview
  • Streaming Media Bandwidth Control Overview
  • Enable Acceptable Use Controls
  • Using the Policies Table
  • Configuring URL Filtering
  • Enable Safe Search and Site Content Ratings
  • Configure Custom URL Categories
  • URL Category Reports
  • Configuring AVC
  • Configure Media Bandwidth Limits
  • AVC Reports
Lesson 5: Configuring Cisco Web Security Appliance Anti-Malware Controls
  • Dynamic Vectoring and Streaming Engine Overview
  • Contract Webroot with Sophos or McAfee Malware Scanning
  • Adaptive Scanning Overview
  • Enable Web Reputation Filtering, Adaptive Scanning and Malware Scanning
  • Configure Inbound Web Republication Filtering and Malware Scanning
  • Configuring Outbound Malware Scanning
  • Malware Reports
Lesson 6: Configuring Cisco Web Security Appliance Decryption
  • HTTPS Proxy Operations Overview
  • Enable HTTPS Proxy
  • Invalid Destination Web Server Certification Handling
  • Configuring Decryption Policies
Lesson 7: Configuring Cisco Web Security Appliance Data Security Controls
  • Cisco WSA Data Security Overview
  • Data Security Policies
  • Control Uploaded Content
  • External Data Loss Prevention
  • Add an ICAP Server
Module 3: Cisco Cloud Web Security Lesson 1: Describing the Cisco Cloud Web Security Solution
  • Cisco Modular Network Architecture and Cisco Cloud Web Security
  • Cisco Cloud Web Security Overview
  • Cisco Cloud Web Security Traffic Flow Overview
  • Cisco Cloud Web Security Scanning Processes Overview
  • Cisco ScanCenter Overview
Lesson 2: Configuring Cisco Cloud Web Security Connectors
  • Cisco Cloud Web Security Traffic Redirection Overview
  • Traffic Redirection Verification Using the http://whoami.scansafe.net URL
  • Cisco ASA Cloud Web Security Overview
  • Cisco Cloud Web Security Authentication Keys
  • Authentication Key Generation from the Cisco ScanCenter
  • Cisco ASA Cloud Web Security Proxy
  • Cisco Cloud Web Security Authentication Keys
  • Authentication Key Generation from the Cisco ScanCenter
  • Cisco ASA Cloud Web Security Proxy-Server Configuration using the CLI
  • Cisco ASA to Cloud Web Security Proxy Servers Traffic Redirection Configuration using the
  • CLI
  • Cisco ASA Cloud Web Security Proxy Server User-Identity Configuration using the CLI
  • Cisco ASA Cloud Web Security Configurations Example Using ASDM (without Whitelisting
  • and User-Identity Options)
  • Cisco ASA Cloud Web Security Operations Verification Using the CLI
  • Cisco ASA Cloud Web Security Operations Verification using the Cisco ASDM
  • Cisco AnyConnect Client to Cloud Web Security Proxy Servers Traffic Redirection
  • Configuration
  • Cisco AnyConnect Client to Cloud Web Security Operations Verification
  • Cisco ISR G2 to Cloud Web Security Proxy Servers Traffic Redirection using the CLI
  • Cisco ISR G2 Cloud Web Security Operations Verification using the CLI
  • Cisco WSA to Cloud Web Security Proxy Servers Traffic Redirection Configuration
  • Cisco WSA to Cloud Web Security Operations Verification
  • Summary
Lesson 3: Describing the Web Filtering Policy in Cisco ScanCenter
  • Configure Web Filtering Policy
  • Verify Web Filtering
  • Summary
Module 4: Cisco Email Security Appliance Lesson 1: Describe the Cisco Email Security Solutions
  • Cisco Modular Network Architecture and Cisco ESA
  • SMTP Terminologies
  • SMTP Flow
  • SMTP Conversation
  • Cisco ESA Services
  • Cisco ESA Hybrid Solution
  • Cisco ESA Incoming and Outgoing Email Policies Overview
  • Cisco ESA Encryption Overview
  • Cisco ESA LDAP Integration Overview
Lesson 2: Describing the Cisco Email Security Appliance Basic Configuration
  • Cisco ESA Listener
  • Cisco ESA Listener Type: Private and Public
  • Cisco ESA Using Two Listeners
  • Cisco ESA Listener Components – HAT and RAT
  • Cisco ESA Deployment Scenarios – One Listener on Data Interface 1 TCP Port 25
  • Cisco ESA Deployment Scenarios - HAT
  • Cisco ESA Deployment Scenarios – HAT Component – Sender Group
  • Cisco ESA Deployment Scenarios – HAT Component – Sender Group (SRBS)
  • Cisco ESA Deployment Scenarios – HAT Component – Sender Group (RELAYLIST)
  • Cisco ESA Deployment Scenarios – HAT Component – Mail Flow Policy
  • Cisco ESA Deployment Scenarios – Mail Flow Policy Examples
  • Cisco ESA Deployment Scenarios – Mail Flow Policies Configurations
  • Cisco ESA Deployment Scenarios – RAT
  • Cisco ESA Deployment Scenarios – SMTP Route
  • Summary
Lesson 3: Deploying Cisco ASA Application Inspection Policies
  • Cisco ESA Incoming Email Configurations Overview
  • Cisco ESA Incoming Email Configurations – Anti-Spam
  • Cisco ESA Incoming Email Configurations – Anti-Virus
  • Cisco ESA Incoming Email Configurations – Content Filters
  • Cisco ESA Incoming Email Configurations – Outbreak Filters
  • Cisco ESA Outgoing Email Configurations Overview
  • Cisco ESA Outgoing Email Configurations – Anti-Spam
  • Cisco ESA Outgoing Email Configurations – Anti-Virus
  • Cisco ESA Outgoing Email Configurations – Outbreak Filters
  • Cisco ESA Outgoing Email Configurations - DLP
  • Cisco ESA Reporting
  • Cisco ESA Troubleshooting
  • Summary
Module 5: Cisco Intrusion Prevention Systems Lesson 1: Describing IPS Threat Controls
  • Cisco Modular Network Architecture and Cisco IPS
  • Comparison of Intrusion Detection Systems and Intrusion Prevention Systems
  • Intrusion Prevention Terminology
  • Traditional Network Intrusion Prevention Approarches
  • Cisco Network IPS solutions
  • Cisco Next-Generation IPS with SourceFire
  • Cisco Next-Generation IPS with NGFW + NGIPS
  • Summary
Lesson 2: Integrating Cisco IPS Sensor into a Network
  • Overview of Cisco IPS Sensor Deployment Modes
  • Deploy Sensor in Promiscuous Mode
  • Deploy Sensor in Inline Interface Pair Mode
  • Deploy Sensor in Inline VLAN Pair Mode
  • Deploy Sensor in Inline VLAN Group Mode
  • Configure Interfaces on IPS Sensor
  • Configure Traffic Redirection for IPS Modules
  • Configure Promiscuous Interfaces
  • Configure Inline Interface Pairs
  • Configure Inline VLAN Pairs
  • Configure Inline VLAN Groups
  • Summary
Lesson 3: Configuring Basic Cisco IPS Settings
  • Describe IPS Terminology
  • Signature Properties
  • IPS Signature Threat Profiles
  • Next-Generation IPS (NGIPS) Threat Profile Objects
  • Cisco IPS Actions
  • Configure a Virtual Sensor
  • Configure Basic Signature Properties
  • Apply Signature Threat Profile
  • Risk Rating
  • Inputs for Risk Rating Calculation
  • Threat Rating
  • Overview of Event Action Overrides
  • Configure and Verify Event Action Overrides
  • Overview of Event Action Filters
  • Configure and Verify Event Action Filters
  • Summary
Lesson 4: Tuning Cisco IPS Signatures
  • False Negatives
  • False Positives
  • False Positive Examples
  • Cisco IPS Tuning Approaches
  • Tune Cisco IPS to Reduce False Positives
  • Reduce False Positives: Narrow Search Context
  • Reduce False Positives: Narrow Header Values
  • Reduce False Positives: Limit Number of Matched Patterns
  • Reduce False Positives: Limit Number of Matched Patterns Example
  • Reduce False Positives: Decrease Attention Span
  • Reduce False Positives: Increase Number of Events
  • Tune Cisco IPS To Reduce False Negatives
  • Reduce False Negatives: IP Reassembly
  • Reduce False Negatives: TCP Reassembly
  • Reduce False Negatives: Deobfuscation
  • Summary
Lesson 5: Configuring Custom Cisco IPS Signatures
  • Custom Signatures Overview
  • Signature Engines
  • Customer Signature Creation Procedure
  • Configure Customer Signatures
  • Custom Signature Wizard
  • Customer Signature Wizard Options
  • Verify Custom Signatures
  • Summary
Lesson 6: Configuring Cisco IPS Anomaly-Detection
  • Describe Anomaly Detection
  • Worm Scanning Methods
  • Scanners and Histograms
  • Anomaly Detection Zones
  • Anomaly Detection Learning and Knowledge Base
  • Anomaly Detection and Actions
  • Anomaly Detection Scenario
  • Anomaly Detection Configuration Procedure
  • Verify Knowledge Base Creation
  • Verify Anomaly Detection Operational Mode
  • Verify Anomaly Detection Statistics
  • Summary
Lesson 7: Configuring Cisco IPS Reputation-Based Features
  • Options for Using Reputation Data
  • Traffic Processing Flow
  • Reputation Filters
  • Reputation Filter Modes
  • Global Correlation Updates
  • Receiving Global Correlation Reputation Updates
  • Feedback to Cisco SensorBase
  • View Reputation Information
  • View Reputation-Related Statistics
  • Summary

Labs:

Lab 1-1: Exploring Cisco ASA (CX) NGFW and PRSM Lab
  • Task 1: Verify the ASA (CX) NGFW Software Module Status
  • Task 2: Shut Down and Uninstall the IPS Software Module (Perform only if CX is not installed)
  • Task 3: Install and Setup the ASA (CX) NGFW Software Module
  • Task 4: Explore the ASA (CX) NGFW CLI
  • Task 5: Explore the On-Box PRSM GUI
  • Task 6: Redirect Traffic from the ASA to ASA (CX) NGFW
  • Task 7: Explorer the System Predefined Default ASA (CX) NGFW Policy Objects
  • Task 8: Configure ASA (CX) NGFW Policy Object
Lab 1-2: Exploring Cisco ASA (CX) NGFW Access Policy Lab
  • Task 1: Configure the ASA CX Access Policy to Deny Access to Unacceptable Websites
  • Task 2: Configure the ASA CX Access Policy to Deny Any Executable File Download
  • Task 3: Configure the ASA CX Access Policy to Deny Access to Any Website with Bad Reputation
  • Optional Challenge Lab Task: Configure ASA CX Access Policies
Lab 1-3: Exploring Cisco ASA (CX) NGFW Access Policy Lab
  • Task 1: Configure the ASA CX Identity Policy to implement Active Authentication
  • Task 2: Configure the ASA CX Identity Policy to implement Passive Authentication
  • Task 3: Configure an ASA CX Access Policy Using an Identity Object per the Given Requirements
Lab 1-4: Configuring Cisco ASA (CX) NGFW Decryption Policy Lab
  • Task 1: Enable Cisco ASA (CX) NGFW Decryption
  • Task 2: Configure a Cisco ASA (CX) NGFW Decryption Policy per Security Requirements
Lab 2-1: Configuring Cisco Web Security Appliance
  • Task 1: Prepare Cisco WSA for Explicit Proxy Mode
  • Task 2: Deploy URL Filtering
  • Task 3: Implement Transparent Web Proxy Mode
  • Task 4: Implement Client Authentication (Optional)
Lab 3-1: Configuring Cisco Cloud Web Security Connector on ISR G2 on AnyConnect
  • Task 1: Enable the CWS Connector on the AnyConnect Client
  • Task 2: Enable the CWS Connector on the Branch ISR G2 Router
Lab 4-1: Configuring Basic Cisco Email Security Mail Policies Lab
  • Task 1: Verify the Initial Email Exchange Without the Cisco ESA
  • Task 2: Deploy the Cisco ESA Mail Proxy
  • Task 3: Integrate the Cisco ESA with LDAP
  • Task 4: Configure Incoming Content Filters and Mail Policies
  • Task 5: Configure Data Loss Prevention (Optional)
Lab 5-1: Configuring Basic Cisco IPS Settings
  • Task 1: Install the ASA IPS Software Module and configure basic IPS settings
Lab 5-2: Tuning Cisco IPS Signatures and Anomaly-Detection Lab
  • Task 1: Tune Existing Signatures
  • Task 2: Create Custom Signatures
  • Task 3: Enable Anomaly Detection

PreRequisites

Learner Prerequisite Skills and Knowledge
  • Cisco Certified Network Associate (CCNA©_) certification
  • Cisco Certified Network Associate (CCNA©_) Security certification
  • Knowledge of Microsoft Windows operating system

Audience

The primary audience for this course is as follows:
  • Network Security Engineers
$3695.00 List Price

5 Days Course

Class Dates

Request a Date or a Private Class below.


MAX Educ. Savings
Categories: , Tag:
Loading ...