Cisco IPS 7.0: False Positives, Negatives and Response Improvement

This course is included in our On-demand training solution.

Overview

Network intrusion prevention technologies are much more effective when they are customized for the environment in which they operate, which increases the quality of produced alarms and responses. This course examines some methodologies to tune a Cisco Intrusion Prevention System (IPS) sensor to properly manage false positive and negative events.
This course also provides configuration guidance for integrating the Cisco Intrusion Prevention System (IPS) sensor with your network and system environment and discusses several Cisco IPS sensor features can be enabled to increase the quality of the alarms and responses that are produced.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification – Implementing Cisco IOS Network Security (IINS)

Prerequisites

Expected Duration

90 min.

Course Objectives

Tuning False Positives and False Negatives

  • describe the process of tuning false positives
  • match false positives and false negatives to their descriptions
  • Tuning Cisco IPS Sensors to Reduce False Positives I

  • recognize the process of tuning the IPS sensor to reduce false positives
  • Tuning Cisco IPS Sensors to Reduce False Positives II

  • describe the process of counting signatures to reduce false positives
  • describe the process of selectively disabling signatures for specific traffic
  • Tuning Signatures to Eliminate False Positives

  • tune signatures to eliminate false positives
  • Tuning IPS Sensor to Reduce False Negatives

  • order the phases of the false-negative tuning process
  • describe the solutions for false negative reduction
  • Operating System Identification

  • match the operating system identification method to its description
  • recognize operating system identification guidelines
  • TVRs, SFRs, and Management Center

  • describe how to adjust signature fidelity ratings to influence event risk rating values
  • recognize how to use the Management Center for Cisco Security Agent attacker information to influence risk rating
  • Global Correlation and Reputation-Based Filtering

  • sequence the steps to deploy and configure the Cisco IPS sensor Global Correlation feature
  • COURSE COST



     

    NEED HELP OR NOT SURE?