Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection
This course is included in our On-demand training solution.
This course describes the engine architecture found in the Cisco Intrusion Prevention System (IPS) sensors. It introduces each engine category and briefly describes each engine. You can use the information in this course to better understand individual signatures when tuning them, and when creating custom signatures.
Anomaly detection is also introduced in this course. The anomaly detection component of the Cisco Intrusion Prevention System (IPS) Sensor Software detects known and yet-unknown network treats and can take appropriate preventive actions to prevent their spreading in the network. Anomaly detection enables the sensor to be less dependent on signature updates by letting the Cisco IPS sensor learn normal activity, send alerts, and take dynamic response actions for behavior that deviates from what it has learned as normal behavior. In this course, you will learn to deploy and troubleshoot the anomaly detection functionality of the Cisco IPS sensor.
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification – Implementing Cisco IOS Network Security (IINS)
Cisco IPS Signature Engines and Common Parameters
Deploying ATOMIC Signature Engines
Deploying STRING and SERVICE Signature Engines
Deploying FLOOD and SWEEP Signature Engines
Deploying the META and the NORMALIZER Signature Engines
Deploying Other Engines
Configuring Anomaly Detection
Verifying and Troubleshooting Anomaly Detection