Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection

Overview/Description
This course describes the engine architecture found in the Cisco Intrusion Prevention System (IPS) sensors. It introduces each engine category and briefly describes each engine. You can use the information in this course to better understand individual signatures when tuning them, and when creating custom signatures. Anomaly detection is also introduced in this course. The anomaly detection component of the Cisco Intrusion Prevention System (IPS) Sensor Software detects known and yet-unknown network treats and can take appropriate preventive actions to prevent their spreading in the network. Anomaly detection enables the sensor to be less dependent on signature updates by letting the Cisco IPS sensor learn normal activity, send alerts, and take dynamic response actions for behavior that deviates from what it has learned as normal behavior. In this course, you will learn to deploy and troubleshoot the anomaly detection functionality of the Cisco IPS sensor.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)
1.5

Lesson Objectives

Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection

describe Cisco IPS signature engine configuration

recognize the characteristics of alarm summarization

match the ATOMIC signature engine to its function

describe the characteristics of STRING signature engines

describe the characteristics of SERVICE signature engines

describe the characteristics of FLOOD signature engines

describe the characteristics of SWEEP signature engines

sequence the steps to configure META signatures

describe the NORMALIZER signature engine

identify the tasks to enable the AIC engines

identify the characteristics of anomaly detection

match the components used by |w anomaly detection to their characteristics

describe the process of configuring anomaly detection of a Cisco IPS sensor

sequence the steps to configuring anomaly detection

recognize basic anomaly detection troubleshooting steps