Cover image for CCSP IPS exam certification guide
CCSP IPS exam certification guide
Personal Author:
Publication Information:
Indianapolis, IN : Cisco Press, 2006
Physical Description:
1v + 1 CD-ROM
General Note:
Accompanied by compact disc : CP7708


Item Barcode
Call Number
Material Type
Item Category 1
30000010104856 TK5105.59 C375 2006 Open Access Book Book

On Order



The official self-study test preparation guide for the Cisco CCSP Cisco Secure Intrusion Detection System exam - The only official self-study book for the CSIDS exam - Introduces features and functions of the Cisco Intrusion Detection System solution - Includes all book features of this best-selling series: Chapter Review Questions, Foundation Summaries, and more - Comprehensive test engine on companion CD-ROM assesses understanding of the topics and concepts covered in the book CCSP CSIDS Exam Certification Guide covers all of the major topics on the CSIDS exam, providing readers occasion to practice the skills critical for everyday administration and troubleshooting of Cisco's intrusion detection system solution. Each chapter of the CCSP CSIDS Exam Certification Guide tests readers' knowledge of the subjects through specially designed assessment and study features. Do I Know This Already? quizzes assess readers' knowledge and help them decide how much time to spend on each section. The Foundation Topics sections provide details on exam topics. Each chapter also includes a Foundation Summary section that highlights essential concepts for quick reference and study. the Cisco IDS solution. These scenarios include a description of the problem, a portion of the system configuration, debug output, and suggestions to help readers resolve the issue and become more familiar with the inner workings of the IDS solution, while reinforcing understanding of the key concepts covered throughout the book. Earl Carter is a member of the Security Technologies Assessment Team (STAT) that is part of Consulting Engineering (CE) at Cisco Systems. His duties involve performing security evaluations on numerous Cisco products and consulting with other teams within Cisco to help enhance the security of Cisco products. In this manner, he has examined various products from the PIX Firewall to the Cisco CallManager. Earl has been working in the field of computer security for eight years and lives in Texas.

Author Notes

Earl Carter is a member of the Security Technologies Assessment Team at Cisco where his duties involve performing security evaluations on numerous Cisco products as well as consulting with other teams at Cisco to help enhance the security of Cisco products. He has examined various products, from the Cisco PIX® Firewall to the Cisco CallManager. Presently, Earl holds a CCNA® certification and is working on earning his CCIE® certification with a security emphasis.

Table of Contents

Forewordp. xxvii
Introductionp. xxviii
Part I Cisco IPS Overviewp. 3
Chapter 1 Cisco Intrusion Prevention System (IPS) Overviewp. 5
"Do I Know This Already?" Quizp. 5
Foundation and Supplemental Topicsp. 9
Cisco Intrusion Prevention Solutionp. 9
Intrusion Prevention Overviewp. 9
Cisco Intrusion Prevention System Hardwarep. 17
Inline Mode Versus Promiscuous Modep. 25
Software Bypassp. 26
Cisco Sensor Deploymentp. 27
Cisco Sensor Communications Protocolsp. 30
Cisco Sensor Software Architecturep. 33
Foundation Summaryp. 37
Q&Ap. 41
Part II Cisco IPS Configurationp. 43
Chapter 2 IPS Command-Line Interfacep. 45
"Do I Know This Already?" Quizp. 45
Foundation and Supplemental Topicsp. 49
Sensor Installationp. 49
Sensor Initializationp. 51
IPS CLIp. 61
Foundation Summaryp. 75
Q&Ap. 77
Chapter 3 Cisco IPS Device Manager (IDM)p. 79
"Do I Know This Already?" Quizp. 79
Foundation and Supplemental Topicsp. 83
Cisco IPS Device Managerp. 83
System Requirements for IDMp. 83
Navigating IDMp. 84
Configuring Communication Parameters Using IDMp. 97
Foundation Summaryp. 99
Q&Ap. 101
Chapter 4 Basic Sensor Configurationp. 103
"Do I Know This Already?" Quizp. 103
Foundation and Supplemental Topicsp. 107
Basic Sensor Configurationp. 107
Sensor Host Configuration Tasksp. 107
Interface Configuration Tasksp. 118
Analysis Engine Configuration Tasksp. 126
Foundation Summaryp. 129
Q&Ap. 131
Chapter 5 Basic Cisco IPS Signature Configurationp. 133
"Do I Know This Already?" Quizp. 133
Foundation and Supplemental Topicsp. 137
Configuring Cisco IPS Signaturesp. 137
Signature Groupsp. 137
Alarm Summary Modesp. 151
Basic Signature Configurationp. 155
Foundation Summaryp. 163
Q&Ap. 165
Chapter 6 Cisco IPS Signature Enginesp. 167
"Do I Know This Already?" Quizp. 167
Foundation and Supplemental Topicsp. 171
Cisco IPS Signaturesp. 171
Cisco IPS Signature Enginesp. 171
Application Inspection and Control Signature Enginesp. 172
Atomic Signature Enginesp. 177
Flood Signature Enginesp. 183
Meta Signature Enginep. 187
Normalizer Signature Enginep. 188
Service Signature Enginesp. 189
State Signature Enginep. 204
String Signature Enginesp. 208
Sweep Signature Enginesp. 210
Trojan Horse Signature Enginesp. 215
Foundation Summaryp. 216
Q&Ap. 219
Chapter 7 Advanced Signature Configurationp. 221
"Do I Know This Already?" Quizp. 221
Foundation and Supplemental Topicsp. 225
Advanced Signature Configurationp. 225
Meta-Event Generatorp. 230
Understanding HTTP and FTP Application Policy Enforcementp. 237
Tuning an Existing Signaturep. 238
Creating a Custom Signaturep. 242
Foundation Summaryp. 254
Q&Ap. 257
Chapter 8 Sensor Tuningp. 259
"Do I Know This Already?" Quizp. 259
Foundation and Supplemental Topicsp. 263
IDS Evasion Techniquesp. 263
Tuning the Sensorp. 268
Event Configurationp. 276
Foundation Summaryp. 285
Q&Ap. 289
Part III Cisco IPS Response Configurationp. 291
Chapter 9 Cisco IPS Response Configurationp. 293
"Do I Know This Already?" Quizp. 293
Foundation and Supplemental Topicsp. 297
Cisco IPS Response Overviewp. 297
Inline Actionsp. 298
Logging Actionsp. 300
IP Blockingp. 303
Configuring IP Blockingp. 314
Manual Blockingp. 330
TCP Resetp. 334
Foundation Summaryp. 335
Q&Ap. 339
Part IV Cisco IPS Event Monitoringp. 341
Chapter 10 Alarm Monitoring and Managementp. 343
"Do I Know This Already?" Quizp. 343
Foundation and Supplemental Topicsp. 347
Cisco Works 2000p. 347
Security Monitorp. 351
Installing Security Monitorp. 351
Security Monitor Configurationp. 356
Security Monitor Event Viewerp. 374
Security Monitor Administrationp. 387
Security Monitor Reportsp. 393
Foundation Summaryp. 399
Q&Ap. 407
Part V Cisco IPS Maintenance and Tuningp. 409
Chapter 11 Sensor Maintenancep. 411
"Do I Know This Already?" Quizp. 411
Foundation and Supplemental Topicsp. 415
Sensor Maintenancep. 415
Software Updatesp. 415
Upgrading Sensor Softwarep. 418
Updating the Sensor's Licensep. 423
Image Recoveryp. 424
Restoring Default Sensor Configurationp. 425
Resetting and Powering Down the Sensorp. 427
Foundation Summaryp. 429
Q&Ap. 431
Chapter 12 Verifying System Configurationp. 433
"Do I Know This Already?" Quizp. 433
Foundation and Supplemental Topicsp. 437
Verifying System Configurationp. 437
Viewing Sensor Configurationp. 437
Viewing Sensor Statisticsp. 441
Viewing Sensor Eventsp. 443
Debugging Sensor Operationp. 448
Sensor SNMP Accessp. 455
Foundation Summaryp. 459
Q&Ap. 463
Chapter 13 Cisco IDS Module (IDSM)p. 465
"Do I Know This Already?" Quizp. 465
Foundation and Supplemental Topicsp. 469
Cisco IDS Modulep. 469
IDSM-2 Configurationp. 472
IDSM-2 Portsp. 475
Catalyst 6500 Switch Configurationp. 476
IDSM-2 Administrative Tasksp. 477
Troubleshooting the IDSM-2p. 478
Foundation Summaryp. 484
Q&Ap. 487
Chapter 14 Cisco IDS Network Module for Access Routersp. 489
"Do I Know This Already?" Quizp. 489
Foundation and Supplemental Topicsp. 493
NM-CIDS Overviewp. 493
NM-CIDS Hardware Architecturep. 497
Traffic Capture for NM-CIDSp. 498
NM-CIDS Installation and Configuration Tasksp. 502
NM-CIDS Maintenance Tasksp. 510
Recovering the NM-CIDS Software Imagep. 512
Foundation Summaryp. 517
Q&Ap. 521
Chapter 15 Capturing Network Trafficp. 523
"Do I Know This Already?" Quizp. 523
Foundation and Supplemental Topicsp. 527
Capturing Network Trafficp. 527
Capturing Traffic for Inline Modep. 527
Capturing Traffic for Promiscuous Modep. 529
Configuring SPAN for Catalyst 4500 and 6500 Traffic Capturep. 535
Configuring RSPAN for Catalyst 4500 and 6500 Traffic Capturep. 536
Configuring VACLs for Catalyst 6500 Traffic Capturep. 537
Configuring VACLs for Traffic Capture With Cisco Catalyst 6500 IOS Firewallp. 539
Advanced Catalyst 6500 Traffic Capturep. 542
Foundation Summaryp. 545
Q&Ap. 547
Appendix Answers to the "Do I Know This Already?" Quizzes and Q&A Questionsp. 549
Chapter 1p. 549
Chapter 2p. 551
Chapter 3p. 554
Chapter 4p. 556
Chapter 5p. 558
Chapter 6p. 560
Chapter 7p. 562
Chapter 8p. 565
Chapter 9p. 567
Chapter 9p. 567
Chapter 10p. 569
Chapter 11p. 572
Chapter 12p. 573
Chapter 13p. 576
Chapter 14p. 577
Chapter 15p. 580
Indexp. 582