Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment

This course is included in our On-demand training solution.


After you have configured the sensing interfaces of a Cisco Intrusion Prevention System (IPS) sensor, you will need to attach them to the sensor analysis engine, and optionally tune basic, low-level analysis options that apply to inspected traffic.
In this course, you will learn about virtual sensors and their session tracking modes, traffic sources and analysis engine settings, inline normalization and promiscuous mode reassembly options, IP version 6 (IPv6) support and how to configure the bypass feature. This course also introduces the configuration of the built-in signatures in the Cisco Intrusion Prevention System (IPS) sensor products.
You will be able to find individual signatures and classes of signatures, and perform basic signature-related configuration actions. You will also learn how to configure the actions that you would like the sensor to take, and configure the two configuration mechanisms that allow you to scalably change responses for a large number of signatures.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification – Implementing Cisco IOS Network Security (IINS)


Expected Duration

180 min.

Course Objectives

Default Virtual Sensor and Inline Traffic Normalization

  • describe a default virtual sensor
  • identify the characteristics of traffic normalization in inline sensor mode
  • IPS Traffic Reassembly and TCP Session Tracking

  • describe the configuration parameters for TCP stream reassembly in promiscuous mode
  • recognize when to use virtual sensor, interface and VLAN and VLAN only TCP session tracking modes
  • Cisco IPS IPv6 Support and Sensor Bypass

  • identify the major characteristics of Cisco IPS software bypass
  • Assign Sensing Interfaces to the Default Virtual

  • assign the Cisco IPS sensor inline interface pair to the default virtual sensor to enable traffic inspection
  • Cisco IPS Signatures

  • recognize the characteristics of Cisco IPS sensor generated alerts
  • identify the characteristics of Cisco IPS sensor software version 7.0
  • Configuring Basic Signature Properties

  • describe how to configure basic signature properties
  • Configuring Signature Actions

  • choose appropriate preventative signature actions for a particular scenario
  • describe the guidelines for detective and preventative signature actions
  • Configuring Remote Blocking

  • describe how ACLs are used on blocking devices
  • configure remote blocking on a Cisco IPS sensor for a particular scenario
  • Configuring Packet Capture and IP Logging

  • identify the characteristics of IP logging in a Cisco IPS sensor
  • Understanding Threat and Risk Rating

  • describe the components of a risk rating system
  • calculate the risk rating value for a particular event
  • Event Action Overrides and Event Action Filters

  • select the appropriate active signature configuration tool for a particular scenario
  • Manual Configuration to Select Signature Responses

  • manually configure and select signature responses
  • Action Strategies and Alerts in IPS Event Logs

  • recognize the benefits and limitation of signature action response strategies