eBook - ePub

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Name: SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide
Author: Todd Lammle, Alex Tatistcheff, John Gay

Exam 500-285

Todd Lammle, Alex Tatistcheff, John Gay

Partager le livre

English
ePUB (adapté aux mobiles)
Disponible sur iOS et Android

eBook - ePub

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285

Todd Lammle, Alex Tatistcheff, John Gay

Détails du livre

Aperçu du livre

Table des matières

Citations

À propos de ce livre

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language.

Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.

Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities
Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis
Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination
Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.

Foire aux questions

Comment puis-je résilier mon abonnement ?

Il vous suffit de vous rendre dans la section compte dans paramètres et de cliquer sur « Résilier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez résilié votre abonnement, il restera actif pour le reste de la période pour laquelle vous avez payé. Découvrez-en plus ici.

Puis-je / comment puis-je télécharger des livres ?

Pour le moment, tous nos livres en format ePub adaptés aux mobiles peuvent être téléchargés via l’application. La plupart de nos PDF sont également disponibles en téléchargement et les autres seront téléchargeables très prochainement. Découvrez-en plus ici.

Quelle est la différence entre les formules tarifaires ?

Les deux abonnements vous donnent un accès complet à la bibliothèque et à toutes les fonctionnalités de Perlego. Les seules différences sont les tarifs ainsi que la période d’abonnement : avec l’abonnement annuel, vous économiserez environ 30 % par rapport à 12 mois d’abonnement mensuel.

Qu’est-ce que Perlego ?

Nous sommes un service d’abonnement à des ouvrages universitaires en ligne, où vous pouvez accéder à toute une bibliothèque pour un prix inférieur à celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! Découvrez-en plus ici.

Prenez-vous en charge la synthèse vocale ?

Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte à haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accélérer ou le ralentir. Découvrez-en plus ici.

Est-ce que SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide est un PDF/ePUB en ligne ?

Oui, vous pouvez accéder à SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide par Todd Lammle, Alex Tatistcheff, John Gay en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Informatik et Zertifizierungsleitfäden in der Informatik. Nous disposons de plus d’un million d’ouvrages à découvrir dans notre catalogue.

Informations

Éditeur

Sybex

Année

2015

ISBN

9781119155041

Édition

Sujet

Informatik

Sous-sujet

Zertifizierungsleitfäden in der Informatik

Chapter 1
Getting Started with FireSIGHT

Let’s begin our journey into the world of FireSIGHT by building a solid foundation in defining key, industry-wide, and Cisco-specific terms that we’ll be using throughout this book.

We’ll also introduce a variety of FireSIGHT appliance models and talk about licensing and network design.

We’ll move on to tour the web-based user interface and describe Cisco FireSIGHT policy-based management; then we’ll wrap the chapter up by guiding you through the new appliance initial setup process.

Industry Terminology

Let’s get started by covering some important industry-wide terms that mean the same thing to Cisco as they do to the rest of the world. You’re probably familiar with some of these, but they’re vital for a well-built knowledge base, so make sure you thoroughly understand them all!

Firewall Traditional firewalls work at the network/transport layer by allowing or blocking traffic based on criteria such as an IP address and/or port. Much more than a router with an access list, a firewall offers us lots of more advanced features—for example, the capacity to ensure that only packets associated with a stateful connection are allowed to pass through.

Intrusion Prevention System or Intrusion Protection System (IPS) An IPS is a device inserted between other network components in an inline configuration. This placement forces packets to pass through the IPS, enabling it to block any traffic deemed malicious. But what equips an IPS to make that kind of judgment call? Well, an IPS is capable of deep packet inspection, meaning it inspects the data portion of the packets, not just packet headers. Also, most IPS systems use rules or signatures—which look for specific conditions in packets—to identify known malicious behavior. When traffic matching the signature arrives, the IPS can generate an alert, drop the offending packet(s), or both.

Intrusion Detection System (IDS) An IDS is similar to the IPS we just talked about, but instead of being deployed inline, it’s connected passively via a network tap or a switch’s span port. The traffic that the IDS examines is actually a copy of the packets, which traverse the network. Even though the detection capabilities of an IDS are identical to those of an IPS, an IDS can’t actively block traffic it considers suspect—it can only alert us to it.

Next-Generation IPS (NGIPS) An NGIPS device provides all the traditional IPS features but packs additional powers like the ability to allow/block traffic based on specific application or user information. This expanded level of control provides more flexibility in restraining specific applications, regardless of their IP address or port. An NGIPS also gives you control over exactly who can or cannot access applications like your favorite social media site.

Next-Generation Firewall (NGFW) This device offers all the usual features that a classic firewall does, but it adds the application/user control features of an NGIPS into the mix, arming you with a firewall and NGIPS in one package!

Practically speaking, the line between an NGIPS and an NGFW is pretty fine. The main difference is the particular network layer where the two devices run. NGIPS typically operates as a “bump in the wire,” meaning packets that enter on one interface of an inline interface pair always exit the other interface. The device doesn’t have IP addresses assigned to the detection interfaces and it doesn’t build a CAM table of MAC addresses either. It simply inspects packets on their way through.

Alternatively, the NGFW performs the role of a traditional firewall and adds NGIPS features. Interfaces have IP addresses assigned and the device performs Layer 3 routing of traffic.

Cisco Terminology

At this writing, Cisco is in the midst of a branding transition. Following the acquisition of Sourcefire in late 2013, Cisco retained the Sourcefire name across much of its NGIPS/NGFW product line. It was basically business as usual, with the models and product names remaining unchanged as the integration between the two companies progressed. But beginning in late 2014, the names of the various components started changing, effectively removing the Sourcefire moniker. However, given that familiar terms tend to linger, it is likely that legacy names will continue to be used for some time. The more years someone has spent using the Sourcefire IPS legacy names, the greater the odds these experienced individuals will continue to do so—if only colloquially. This means you should definitely be fluent in both the legacy and new terms to work effectively with everyone in the brave new world of Cisco FireSIG...