SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide
eBook - ePub

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285

Todd Lammle, Alex Tatistcheff, John Gay

Compartir libro
  1. English
  2. ePUB (apto para móviles)
  3. Disponible en iOS y Android
eBook - ePub

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285

Todd Lammle, Alex Tatistcheff, John Gay

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language.

Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.

  • Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities
  • Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis
  • Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination
  • Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide un PDF/ePUB en línea?
Sí, puedes acceder a SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide de Todd Lammle, Alex Tatistcheff, John Gay en formato PDF o ePUB, así como a otros libros populares de Informatik y Zertifizierungsleitfäden in der Informatik. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Sybex
Año
2015
ISBN
9781119155041
Edición
1
Categoría
Informatik
Categoría
Zertifizierungsleitfäden in der Informatik

Chapter 1
Getting Started with FireSIGHT

Let’s begin our journey into the world of FireSIGHT by building a solid foundation in defining key, industry-wide, and Cisco-specific terms that we’ll be using throughout this book.
We’ll also introduce a variety of FireSIGHT appliance models and talk about licensing and network design.
We’ll move on to tour the web-based user interface and describe Cisco FireSIGHT policy-based management; then we’ll wrap the chapter up by guiding you through the new appliance initial setup process.

Industry Terminology

Let’s get started by covering some important industry-wide terms that mean the same thing to Cisco as they do to the rest of the world. You’re probably familiar with some of these, but they’re vital for a well-built knowledge base, so make sure you thoroughly understand them all!
Firewall Traditional firewalls work at the network/transport layer by allowing or blocking traffic based on criteria such as an IP address and/or port. Much more than a router with an access list, a firewall offers us lots of more advanced features—for example, the capacity to ensure that only packets associated with a stateful connection are allowed to pass through.
Intrusion Prevention System or Intrusion Protection System (IPS) An IPS is a device inserted between other network components in an inline configuration. This placement forces packets to pass through the IPS, enabling it to block any traffic deemed malicious. But what equips an IPS to make that kind of judgment call? Well, an IPS is capable of deep packet inspection, meaning it inspects the data portion of the packets, not just packet headers. Also, most IPS systems use rules or signatures—which look for specific conditions in packets—to identify known malicious behavior. When traffic matching the signature arrives, the IPS can generate an alert, drop the offending packet(s), or both.
Intrusion Detection System (IDS) An IDS is similar to the IPS we just talked about, but instead of being deployed inline, it’s connected passively via a network tap or a switch’s span port. The traffic that the IDS examines is actually a copy of the packets, which traverse the network. Even though the detection capabilities of an IDS are identical to those of an IPS, an IDS can’t actively block traffic it considers suspect—it can only alert us to it.
Next-Generation IPS (NGIPS) An NGIPS device provides all the traditional IPS features but packs additional powers like the ability to allow/block traffic based on specific application or user information. This expanded level of control provides more flexibility in restraining specific applications, regardless of their IP address or port. An NGIPS also gives you control over exactly who can or cannot access applications like your favorite social media site.
Next-Generation Firewall (NGFW) This device offers all the usual features that a classic firewall does, but it adds the application/user control features of an NGIPS into the mix, arming you with a firewall and NGIPS in one package!
Practically speaking, the line between an NGIPS and an NGFW is pretty fine. The main difference is the particular network layer where the two devices run. NGIPS typically operates as a “bump in the wire,” meaning packets that enter on one interface of an inline interface pair always exit the other interface. The device doesn’t have IP addresses assigned to the detection interfaces and it doesn’t build a CAM table of MAC addresses either. It simply inspects packets on their way through.
Alternatively, the NGFW performs the role of a traditional firewall and adds NGIPS features. Interfaces have IP addresses assigned and the device performs Layer 3 routing of traffic.

Cisco Terminology

At this writing, Cisco is in the midst of a branding transition. Following the acquisition of Sourcefire in late 2013, Cisco retained the Sourcefire name across much of its NGIPS/NGFW product line. It was basically business as usual, with the models and product names remaining unchanged as the integration between the two companies progressed. But beginning in late 2014, the names of the various components started changing, effectively removing the Sourcefire moniker. However, given that familiar terms tend to linger, it is likely that legacy names will continue to be used for some time. The more years someone has spent using the Sourcefire IPS legacy names, the greater the odds these experienced individuals will continue to do so—if only colloquially. This means you should definitely be fluent in both the legacy and new terms to work effectively with everyone in the brave new world of Cisco FireSIG...

Índice