eBook - ePub
SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide
Exam 500-285
Todd Lammle, Alex Tatistcheff, John Gay
This is a test
Condividi libro
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide
Exam 500-285
Todd Lammle, Alex Tatistcheff, John Gay
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Cisco has announced big changes to its certification program.
As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.
The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.
Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep
Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language.
Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.
- Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities
- Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis
- Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination
- Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary
Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide è disponibile online in formato PDF/ePub?
Sì, puoi accedere a SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide di Todd Lammle, Alex Tatistcheff, John Gay in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Informatik e Zertifizierungsleitfäden in der Informatik. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Chapter 1
Getting Started with FireSIGHT
Let’s begin our journey into the world of FireSIGHT by building a solid foundation in defining key, industry-wide, and Cisco-specific terms that we’ll be using throughout this book.
We’ll also introduce a variety of FireSIGHT appliance models and talk about licensing and network design.
We’ll move on to tour the web-based user interface and describe Cisco FireSIGHT policy-based management; then we’ll wrap the chapter up by guiding you through the new appliance initial setup process.
Industry Terminology
Let’s get started by covering some important industry-wide terms that mean the same thing to Cisco as they do to the rest of the world. You’re probably familiar with some of these, but they’re vital for a well-built knowledge base, so make sure you thoroughly understand them all!
Firewall Traditional firewalls work at the network/transport layer by allowing or blocking traffic based on criteria such as an IP address and/or port. Much more than a router with an access list, a firewall offers us lots of more advanced features—for example, the capacity to ensure that only packets associated with a stateful connection are allowed to pass through.
Intrusion Prevention System or Intrusion Protection System (IPS) An IPS is a device inserted between other network components in an inline configuration. This placement forces packets to pass through the IPS, enabling it to block any traffic deemed malicious. But what equips an IPS to make that kind of judgment call? Well, an IPS is capable of deep packet inspection, meaning it inspects the data portion of the packets, not just packet headers. Also, most IPS systems use rules or signatures—which look for specific conditions in packets—to identify known malicious behavior. When traffic matching the signature arrives, the IPS can generate an alert, drop the offending packet(s), or both.
Intrusion Detection System (IDS) An IDS is similar to the IPS we just talked about, but instead of being deployed inline, it’s connected passively via a network tap or a switch’s span port. The traffic that the IDS examines is actually a copy of the packets, which traverse the network. Even though the detection capabilities of an IDS are identical to those of an IPS, an IDS can’t actively block traffic it considers suspect—it can only alert us to it.
Next-Generation IPS (NGIPS) An NGIPS device provides all the traditional IPS features but packs additional powers like the ability to allow/block traffic based on specific application or user information. This expanded level of control provides more flexibility in restraining specific applications, regardless of their IP address or port. An NGIPS also gives you control over exactly who can or cannot access applications like your favorite social media site.
Next-Generation Firewall (NGFW) This device offers all the usual features that a classic firewall does, but it adds the application/user control features of an NGIPS into the mix, arming you with a firewall and NGIPS in one package!
Practically speaking, the line between an NGIPS and an NGFW is pretty fine. The main difference is the particular network layer where the two devices run. NGIPS typically operates as a “bump in the wire,” meaning packets that enter on one interface of an inline interface pair always exit the other interface. The device doesn’t have IP addresses assigned to the detection interfaces and it doesn’t build a CAM table of MAC addresses either. It simply inspects packets on their way through.
Alternatively, the NGFW performs the role of a traditional firewall and adds NGIPS features. Interfaces have IP addresses assigned and the device performs Layer 3 routing of traffic.
Cisco Terminology
At this writing, Cisco is in the midst of a branding transition. Following the acquisition of Sourcefire in late 2013, Cisco retained the Sourcefire name across much of its NGIPS/NGFW product line. It was basically business as usual, with the models and product names remaining unchanged as the integration between the two companies progressed. But beginning in late 2014, the names of the various components started changing, effectively removing the Sourcefire moniker. However, given that familiar terms tend to linger, it is likely that legacy names will continue to be used for some time. The more years someone has spent using the Sourcefire IPS legacy names, the greater the odds these experienced individuals will continue to do so—if only colloquially. This means you should definitely be fluent in both the legacy and new terms to work effectively with everyone in the brave new world of Cisco FireSIG...