Instructor Materials – Chapter 5: Implementing Intrusion Prevention
Chapter Outline:
5.0 Introduction
5.1 IPS Technologies
5.2 IPS Signatures
5.3 Implement IPS
5.4 Summary
Section 5.1: IPS Technologies
Topic 5.1.1: IDS and IPS Characteristics
- Zero-Day Attacks
- Monitor for Attacks
- Detect and Stop Attacks
- Similarities Between IDS and IPS
- Advantages and Disadvantages of IDS and IPS
Topic 5.1.2: Network-Based IPS Implementations
- Host-Based and Network-Based IPS
- Network-Based IPS Sensors
- Cisco’s Modular and Appliance-Based IPS Solutions
- Choose an IPS Solution
- IPS Advantages and Disadvantages
- Modes of Deployment
Topic 5.1.3: Cisco Switched Port Analyzer
- Port Mirroring
- Cisco SPAN
- Configuring Cisco SPAN Using Intrusion Detection
Section 5.2: IPS Signatures
Topic 5.2.1: IPS Signature Characteristics
- Signature Attributes
- Signature Types
- Signature File
- Signature Micro-Engines
- Download a Signature File
Topic 5.2.2: IPS Signature Alarms
- Signature Alarm
- Pattern-Based Detection
- Anomaly-Based Detection
- Policy-Based and Honey Pot-Based Detection
- Benefits of the Cisco IOS IPS Solution
- Alarm Triggering Mechanisms
Topic 5.2.3: IPS Signature Actions
- Signature Actions
- Manage Generated Alerts
- Log Activities for Later Analysis
- Deny the Activity
- Reset, Block, and Allow Traffic
Topic 5.2.4: Manage and Monitor IPS
- Monitor Activity
- Monitoring Considerations
- Secure Device Event Exchange
- IPS Configuration Best Practices
Topic 5.2.5: IPS Global Correlation
- Cisco Global Correlation
- Cisco SensorBase Network
- Cisco Security Intelligence Operation
- Reputations, Blacklists, and Traffic Filters
Section 5.3: Implement IPS
Topic 5.3.1: Configure Cisco IOS IPS with CLI
- Implement IOS IPS
- Download the IOS IPS Files
- IPS Crypto Key
- Enable IOS IPS
- Load the IPS Signature Package in RAM
Topic 5.3.2: Modifying Cisco IOS IPS Signatures
- Retire and Unretire Signatures
- Change Signature Actions
Topic 5.3.3: Verify and Monitor IPS
- Verify IOS IPS
- Report IPS Alerts
- Enable SDEE
Section 5.4: Summary
Chapter Objectives:
- Describe IPS technologies and how they are implemented.
- Explain IPS Signatures.
- Describe the IPS implementation process.