IPS Basics
Managing Risk
Risk Analysis
Intrusion Prevention Terminology
IDS x IPS
IPS and Firewall Together

IPS Threats: IPS Features and Limitations
Network IPS Evasion Techniques
Traffic Fragmentation
Traffic-Level Misinterpretation
Timing Attacks
Encryption and Tunneling
Resource Exhaustion
Common Evasion Tools

IPS Architecture: Network IPS Products

IPS Architecture: Network IPS Approaches
Signature Based
Anomaly Based
Policy Based
Reputation Based
Stateful Content Matching
Protocol Decoding
Packet Correlation
Rate Analysis
Packet Header Matching
Packet Content Matching

IPS Architecture: Network IPS Traffic Analysis Methods
Statistical Modeling
Event Correlation
Blended Threats
Endpoint Security Controls
System Approach to Security
IPS Recommended Practices

IPS Architecture: IPS Deployment
Sensor Deployments Considerations
Security
Protocol Decoding
IDS (Detection) x IPS (Prevention)
Performance
Virtualization Policies

IPS Deployment: Implementing Network IPS At Enterprise Internet Edge
Architecture Example
DMZ Architecture Example
Firewall Integration
Design Guidelines

IPS Deployment: Implementing Network IPS At WANs
Centralized Deployment
Distributed Deployment
Design Guidelines

IPS Deployment: Implementing Network IPS in Data Centers
Architecture Example

IPS Deployment: Implementing Campus Sensor Deployment
Centralized Sensors Clusters
Design Guidelines

IPS Deployment: Promiscuous Mode Deployment (IDS)
Definition
Benefits and Limitations
Deployment Options: SPAN
Deployment Options: RSPAN
Deployment Options: Flow-Based SPAN
Deployment Options: VACL Capture Ports
Deployment Options: Router-Selective Capture
Deployment Options: ASA Firewall
Deployment Guidelines

IPS Deployment: Inline Deployment (IPS)
Inline Interface Pair Deployment
Inline VLAN Pair Deployment
Selective Inline Analysis Deployment
Deployment Guidelines

IPS Deployment: High Availability and Cisco IPS Deployments
Overview
Switching Based: STP
Switching Based: EtherChannel
Routing Based
Load Sharing
Filter Traffic Reduction

IPS Review
Vulnerabilities and Exploits
IPS
Problems With Traditional IPS
Ways To Deployment IPS
IPS Deployment Locations

NGIPS
Configuration Problem
Organizational Problem
Addressing The Configuration Problem
Two Kinds Of Integration
Building a Visibility Architecture
Types o Visibility
Threat & Breach
Control
Event Horizon
NGIPS Solution

Cisco & SourceFire
Cisco FirePOWER Fanily
About SourceFire
Open Source Snort
Market Leadership (Magic Quadrant)
Talos Group
New Security Model Cisco
Better Together

Cisco NGIPS
FireSight & FirePower
Policies Structure
Traffic Flows Types
Centralized Event Management
FireSight Management Advantages
FirePower Events Data

Cisco FireAMP
Advanced Malware Protection
Cisco Options
How It Works
FireAMP Appliances

Cisco NGIPS Architecture
Solution Architecture
FireSight Instalation

ASA NGIPS Architecture
Solution Architecture
Sample Solution
Packet Flow
ASA Compatibility
ASA & FireSight
Redirect Traffic to Module Configuration
Considerations

Management Cisco NGIPS
FireSight
FirePower Registration Process
Device Properties
Stack Configuration
Clustered Configuration

Administration User Management
User Accounts
User Roles
Add User Account (Local)
User Escalation Option
User External Databases

Objects Management
Overview
Network Objects
Security Intelligence
Ports Objects
Protocol ICMP
Vlans
URL Objects
Applications Filters
Security Zones
Geolocation

Access Control Policy
Overview
Configure Access Control Policy
Advanced Options

Management IPS Rules
IPS Policies Configurations
FireSight Rules Recommendation
Configure Alerts

Discovery Management
Overview
Configuration and Tuning

Malware Protection
Overview
Network Malware Detection
Files Lists
Using Reports

IPS Tuning
Overview
Tuning False Positives and Negatives
Tuning Strategies
Tuning Phases
Tools
Guidelines
Incident Management

FireSight Tuning Process
FireSight Network Analysis Tuning
Intrusion Event & Investigation

FireSight Reports
Generating Reports

Correlations Analysis
Events & Responses
Remediations Actions

ASA NGIPS High Availability
Deployment Modes
Active & Standby
Clustering
Multi-Context
Asymmetric Traffic
Session Failover

ASA Projects
Measuring
Performance Impacts
ASA Feature Guidance
Sizing Guidance

ASA NGIPS Deployment
Redirect Traffic

dCloud Cisco

ASA NGIPS POV

Labs
Verifying the Product Licenses
Viewing Events
Creating User Accounts
Escalating Permissions
Working with an External User Account
Testing the LDAP Authentication Object
Creating Objects
Creating a Basic Access Control Policy
URL Filtering
Including an IPS Policy in Access Control Rules
Tuning the Network Discovery Detection Policy
Viewing FireSIGHT Data
User Discovery
Creating a File Policy
Creating an Intrusion Policy
Enabling Include FireSIGHT Recommendations
Implementing FireSIGHT Recommendations
Testing the Network Analysis Policy Settings
Analyzing Events
Tuning an Event
Using Context Explorer
Comparing Trends
Creating a Correlation Policy Based on Connection Data
Whitelists
Working with Connection Data and Traffic Profiles