Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment

Overview/Description
After you have configured the sensing interfaces of a Cisco Intrusion Prevention System (IPS) sensor, you will need to attach them to the sensor analysis engine, and optionally tune basic, low-level analysis options that apply to inspected traffic. In this course, you will learn about virtual sensors and their session tracking modes, traffic sources and analysis engine settings, inline normalization and promiscuous mode reassembly options, IP version 6 (IPv6) support and how to configure the bypass feature. This course also introduces the configuration of the built-in signatures in the Cisco Intrusion Prevention System (IPS) sensor products. You will be able to find individual signatures and classes of signatures, and perform basic signature-related configuration actions. You will also learn how to configure the actions that you would like the sensor to take, and configure the two configuration mechanisms that allow you to scalably change responses for a large number of signatures.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)
3.0

Lesson Objectives

Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment

describe a default virtual sensor

identify the characteristics of traffic normalization in inline sensor mode

describe the configuration parameters for TCP stream reassembly in promiscuous mode

recognize when to use virtual sensor, interface and VLAN and VLAN only TCP session tracking modes

identify the major characteristics of Cisco IPS software bypass

assign the Cisco IPS sensor inline interface pair to the default virtual sensor to enable traffic inspection

recognize the characteristics of Cisco IPS sensor generated alerts

identify the characteristics of Cisco IPS sensor software version 7.0

describe how to configure basic signature properties

choose appropriate preventative signature actions for a particular scenario

describe the guidelines for detective and preventative signature actions

describe how ACLs are used on blocking devices

configure remote blocking on a Cisco IPS sensor for a particular scenario

identify the characteristics of IP logging in a Cisco IPS sensor

describe the components of a risk rating system

calculate the risk rating value for a particular event

select the appropriate active signature configuration tool for a particular scenario

manually configure and select signature responses

recognize the benefits and limitation of signature action response strategies