SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide
eBook - ePub

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285

Todd Lammle, Alex Tatistcheff, John Gay

Share book
  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285

Todd Lammle, Alex Tatistcheff, John Gay

Book details
Book preview
Table of contents
Citations

About This Book

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language.

Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.

  • Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities
  • Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis
  • Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination
  • Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide an online PDF/ePUB?
Yes, you can access SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide by Todd Lammle, Alex Tatistcheff, John Gay in PDF and/or ePUB format, as well as other popular books in Informatique & Guides de certification en informatique. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Sybex
Year
2015
ISBN
9781119155041
Edition
1
Topic
Informatique
Subtopic
Guides de certification en informatique

Chapter 1
Getting Started with FireSIGHT

Let’s begin our journey into the world of FireSIGHT by building a solid foundation in defining key, industry-wide, and Cisco-specific terms that we’ll be using throughout this book.
We’ll also introduce a variety of FireSIGHT appliance models and talk about licensing and network design.
We’ll move on to tour the web-based user interface and describe Cisco FireSIGHT policy-based management; then we’ll wrap the chapter up by guiding you through the new appliance initial setup process.

Industry Terminology

Let’s get started by covering some important industry-wide terms that mean the same thing to Cisco as they do to the rest of the world. You’re probably familiar with some of these, but they’re vital for a well-built knowledge base, so make sure you thoroughly understand them all!
Firewall Traditional firewalls work at the network/transport layer by allowing or blocking traffic based on criteria such as an IP address and/or port. Much more than a router with an access list, a firewall offers us lots of more advanced features—for example, the capacity to ensure that only packets associated with a stateful connection are allowed to pass through.
Intrusion Prevention System or Intrusion Protection System (IPS) An IPS is a device inserted between other network components in an inline configuration. This placement forces packets to pass through the IPS, enabling it to block any traffic deemed malicious. But what equips an IPS to make that kind of judgment call? Well, an IPS is capable of deep packet inspection, meaning it inspects the data portion of the packets, not just packet headers. Also, most IPS systems use rules or signatures—which look for specific conditions in packets—to identify known malicious behavior. When traffic matching the signature arrives, the IPS can generate an alert, drop the offending packet(s), or both.
Intrusion Detection System (IDS) An IDS is similar to the IPS we just talked about, but instead of being deployed inline, it’s connected passively via a network tap or a switch’s span port. The traffic that the IDS examines is actually a copy of the packets, which traverse the network. Even though the detection capabilities of an IDS are identical to those of an IPS, an IDS can’t actively block traffic it considers suspect—it can only alert us to it.
Next-Generation IPS (NGIPS) An NGIPS device provides all the traditional IPS features but packs additional powers like the ability to allow/block traffic based on specific application or user information. This expanded level of control provides more flexibility in restraining specific applications, regardless of their IP address or port. An NGIPS also gives you control over exactly who can or cannot access applications like your favorite social media site.
Next-Generation Firewall (NGFW) This device offers all the usual features that a classic firewall does, but it adds the application/user control features of an NGIPS into the mix, arming you with a firewall and NGIPS in one package!
Practically speaking, the line between an NGIPS and an NGFW is pretty fine. The main difference is the particular network layer where the two devices run. NGIPS typically operates as a “bump in the wire,” meaning packets that enter on one interface of an inline interface pair always exit the other interface. The device doesn’t have IP addresses assigned to the detection interfaces and it doesn’t build a CAM table of MAC addresses either. It simply inspects packets on their way through.
Alternatively, the NGFW performs the role of a traditional firewall and adds NGIPS features. Interfaces have IP addresses assigned and the device performs Layer 3 routing of traffic.

Cisco Terminology

At this writing, Cisco is in the midst of a branding transition. Following the acquisition of Sourcefire in late 2013, Cisco retained the Sourcefire name across much of its NGIPS/NGFW product line. It was basically business as usual, with the models and product names remaining unchanged as the integration between the two companies progressed. But beginning in late 2014, the names of the various components started changing, effectively removing the Sourcefire moniker. However, given that familiar terms tend to linger, it is likely that legacy names will continue to be used for some time. The more years someone has spent using the Sourcefire IPS legacy names, the greater the odds these experienced individuals will continue to do so—if only colloquially. This means you should definitely be fluent in both the legacy and new terms to work effectively with everyone in the brave new world of Cisco FireSIG...

Table of contents