Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010104856 | TK5105.59 C375 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
The official self-study test preparation guide for the Cisco CCSP Cisco Secure Intrusion Detection System exam - The only official self-study book for the CSIDS exam - Introduces features and functions of the Cisco Intrusion Detection System solution - Includes all book features of this best-selling series: Chapter Review Questions, Foundation Summaries, and more - Comprehensive test engine on companion CD-ROM assesses understanding of the topics and concepts covered in the book CCSP CSIDS Exam Certification Guide covers all of the major topics on the CSIDS exam, providing readers occasion to practice the skills critical for everyday administration and troubleshooting of Cisco's intrusion detection system solution. Each chapter of the CCSP CSIDS Exam Certification Guide tests readers' knowledge of the subjects through specially designed assessment and study features. Do I Know This Already? quizzes assess readers' knowledge and help them decide how much time to spend on each section. The Foundation Topics sections provide details on exam topics. Each chapter also includes a Foundation Summary section that highlights essential concepts for quick reference and study. the Cisco IDS solution. These scenarios include a description of the problem, a portion of the system configuration, debug output, and suggestions to help readers resolve the issue and become more familiar with the inner workings of the IDS solution, while reinforcing understanding of the key concepts covered throughout the book. Earl Carter is a member of the Security Technologies Assessment Team (STAT) that is part of Consulting Engineering (CE) at Cisco Systems. His duties involve performing security evaluations on numerous Cisco products and consulting with other teams within Cisco to help enhance the security of Cisco products. In this manner, he has examined various products from the PIX Firewall to the Cisco CallManager. Earl has been working in the field of computer security for eight years and lives in Texas.
Author Notes
Earl Carter is a member of the Security Technologies Assessment Team at Cisco where his duties involve performing security evaluations on numerous Cisco products as well as consulting with other teams at Cisco to help enhance the security of Cisco products. He has examined various products, from the Cisco PIX® Firewall to the Cisco CallManager. Presently, Earl holds a CCNA® certification and is working on earning his CCIE® certification with a security emphasis.
Table of Contents
| Foreword | p. xxvii |
| Introduction | p. xxviii |
| Part I Cisco IPS Overview | p. 3 |
| Chapter 1 Cisco Intrusion Prevention System (IPS) Overview | p. 5 |
| "Do I Know This Already?" Quiz | p. 5 |
| Foundation and Supplemental Topics | p. 9 |
| Cisco Intrusion Prevention Solution | p. 9 |
| Intrusion Prevention Overview | p. 9 |
| Cisco Intrusion Prevention System Hardware | p. 17 |
| Inline Mode Versus Promiscuous Mode | p. 25 |
| Software Bypass | p. 26 |
| Cisco Sensor Deployment | p. 27 |
| Cisco Sensor Communications Protocols | p. 30 |
| Cisco Sensor Software Architecture | p. 33 |
| Foundation Summary | p. 37 |
| Q&A | p. 41 |
| Part II Cisco IPS Configuration | p. 43 |
| Chapter 2 IPS Command-Line Interface | p. 45 |
| "Do I Know This Already?" Quiz | p. 45 |
| Foundation and Supplemental Topics | p. 49 |
| Sensor Installation | p. 49 |
| Sensor Initialization | p. 51 |
| IPS CLI | p. 61 |
| Foundation Summary | p. 75 |
| Q&A | p. 77 |
| Chapter 3 Cisco IPS Device Manager (IDM) | p. 79 |
| "Do I Know This Already?" Quiz | p. 79 |
| Foundation and Supplemental Topics | p. 83 |
| Cisco IPS Device Manager | p. 83 |
| System Requirements for IDM | p. 83 |
| Navigating IDM | p. 84 |
| Configuring Communication Parameters Using IDM | p. 97 |
| Foundation Summary | p. 99 |
| Q&A | p. 101 |
| Chapter 4 Basic Sensor Configuration | p. 103 |
| "Do I Know This Already?" Quiz | p. 103 |
| Foundation and Supplemental Topics | p. 107 |
| Basic Sensor Configuration | p. 107 |
| Sensor Host Configuration Tasks | p. 107 |
| Interface Configuration Tasks | p. 118 |
| Analysis Engine Configuration Tasks | p. 126 |
| Foundation Summary | p. 129 |
| Q&A | p. 131 |
| Chapter 5 Basic Cisco IPS Signature Configuration | p. 133 |
| "Do I Know This Already?" Quiz | p. 133 |
| Foundation and Supplemental Topics | p. 137 |
| Configuring Cisco IPS Signatures | p. 137 |
| Signature Groups | p. 137 |
| Alarm Summary Modes | p. 151 |
| Basic Signature Configuration | p. 155 |
| Foundation Summary | p. 163 |
| Q&A | p. 165 |
| Chapter 6 Cisco IPS Signature Engines | p. 167 |
| "Do I Know This Already?" Quiz | p. 167 |
| Foundation and Supplemental Topics | p. 171 |
| Cisco IPS Signatures | p. 171 |
| Cisco IPS Signature Engines | p. 171 |
| Application Inspection and Control Signature Engines | p. 172 |
| Atomic Signature Engines | p. 177 |
| Flood Signature Engines | p. 183 |
| Meta Signature Engine | p. 187 |
| Normalizer Signature Engine | p. 188 |
| Service Signature Engines | p. 189 |
| State Signature Engine | p. 204 |
| String Signature Engines | p. 208 |
| Sweep Signature Engines | p. 210 |
| Trojan Horse Signature Engines | p. 215 |
| Foundation Summary | p. 216 |
| Q&A | p. 219 |
| Chapter 7 Advanced Signature Configuration | p. 221 |
| "Do I Know This Already?" Quiz | p. 221 |
| Foundation and Supplemental Topics | p. 225 |
| Advanced Signature Configuration | p. 225 |
| Meta-Event Generator | p. 230 |
| Understanding HTTP and FTP Application Policy Enforcement | p. 237 |
| Tuning an Existing Signature | p. 238 |
| Creating a Custom Signature | p. 242 |
| Foundation Summary | p. 254 |
| Q&A | p. 257 |
| Chapter 8 Sensor Tuning | p. 259 |
| "Do I Know This Already?" Quiz | p. 259 |
| Foundation and Supplemental Topics | p. 263 |
| IDS Evasion Techniques | p. 263 |
| Tuning the Sensor | p. 268 |
| Event Configuration | p. 276 |
| Foundation Summary | p. 285 |
| Q&A | p. 289 |
| Part III Cisco IPS Response Configuration | p. 291 |
| Chapter 9 Cisco IPS Response Configuration | p. 293 |
| "Do I Know This Already?" Quiz | p. 293 |
| Foundation and Supplemental Topics | p. 297 |
| Cisco IPS Response Overview | p. 297 |
| Inline Actions | p. 298 |
| Logging Actions | p. 300 |
| IP Blocking | p. 303 |
| Configuring IP Blocking | p. 314 |
| Manual Blocking | p. 330 |
| TCP Reset | p. 334 |
| Foundation Summary | p. 335 |
| Q&A | p. 339 |
| Part IV Cisco IPS Event Monitoring | p. 341 |
| Chapter 10 Alarm Monitoring and Management | p. 343 |
| "Do I Know This Already?" Quiz | p. 343 |
| Foundation and Supplemental Topics | p. 347 |
| Cisco Works 2000 | p. 347 |
| Security Monitor | p. 351 |
| Installing Security Monitor | p. 351 |
| Security Monitor Configuration | p. 356 |
| Security Monitor Event Viewer | p. 374 |
| Security Monitor Administration | p. 387 |
| Security Monitor Reports | p. 393 |
| Foundation Summary | p. 399 |
| Q&A | p. 407 |
| Part V Cisco IPS Maintenance and Tuning | p. 409 |
| Chapter 11 Sensor Maintenance | p. 411 |
| "Do I Know This Already?" Quiz | p. 411 |
| Foundation and Supplemental Topics | p. 415 |
| Sensor Maintenance | p. 415 |
| Software Updates | p. 415 |
| Upgrading Sensor Software | p. 418 |
| Updating the Sensor's License | p. 423 |
| Image Recovery | p. 424 |
| Restoring Default Sensor Configuration | p. 425 |
| Resetting and Powering Down the Sensor | p. 427 |
| Foundation Summary | p. 429 |
| Q&A | p. 431 |
| Chapter 12 Verifying System Configuration | p. 433 |
| "Do I Know This Already?" Quiz | p. 433 |
| Foundation and Supplemental Topics | p. 437 |
| Verifying System Configuration | p. 437 |
| Viewing Sensor Configuration | p. 437 |
| Viewing Sensor Statistics | p. 441 |
| Viewing Sensor Events | p. 443 |
| Debugging Sensor Operation | p. 448 |
| Sensor SNMP Access | p. 455 |
| Foundation Summary | p. 459 |
| Q&A | p. 463 |
| Chapter 13 Cisco IDS Module (IDSM) | p. 465 |
| "Do I Know This Already?" Quiz | p. 465 |
| Foundation and Supplemental Topics | p. 469 |
| Cisco IDS Module | p. 469 |
| IDSM-2 Configuration | p. 472 |
| IDSM-2 Ports | p. 475 |
| Catalyst 6500 Switch Configuration | p. 476 |
| IDSM-2 Administrative Tasks | p. 477 |
| Troubleshooting the IDSM-2 | p. 478 |
| Foundation Summary | p. 484 |
| Q&A | p. 487 |
| Chapter 14 Cisco IDS Network Module for Access Routers | p. 489 |
| "Do I Know This Already?" Quiz | p. 489 |
| Foundation and Supplemental Topics | p. 493 |
| NM-CIDS Overview | p. 493 |
| NM-CIDS Hardware Architecture | p. 497 |
| Traffic Capture for NM-CIDS | p. 498 |
| NM-CIDS Installation and Configuration Tasks | p. 502 |
| NM-CIDS Maintenance Tasks | p. 510 |
| Recovering the NM-CIDS Software Image | p. 512 |
| Foundation Summary | p. 517 |
| Q&A | p. 521 |
| Chapter 15 Capturing Network Traffic | p. 523 |
| "Do I Know This Already?" Quiz | p. 523 |
| Foundation and Supplemental Topics | p. 527 |
| Capturing Network Traffic | p. 527 |
| Capturing Traffic for Inline Mode | p. 527 |
| Capturing Traffic for Promiscuous Mode | p. 529 |
| Configuring SPAN for Catalyst 4500 and 6500 Traffic Capture | p. 535 |
| Configuring RSPAN for Catalyst 4500 and 6500 Traffic Capture | p. 536 |
| Configuring VACLs for Catalyst 6500 Traffic Capture | p. 537 |
| Configuring VACLs for Traffic Capture With Cisco Catalyst 6500 IOS Firewall | p. 539 |
| Advanced Catalyst 6500 Traffic Capture | p. 542 |
| Foundation Summary | p. 545 |
| Q&A | p. 547 |
| Appendix Answers to the "Do I Know This Already?" Quizzes and Q&A Questions | p. 549 |
| Chapter 1 | p. 549 |
| Chapter 2 | p. 551 |
| Chapter 3 | p. 554 |
| Chapter 4 | p. 556 |
| Chapter 5 | p. 558 |
| Chapter 6 | p. 560 |
| Chapter 7 | p. 562 |
| Chapter 8 | p. 565 |
| Chapter 9 | p. 567 |
| Chapter 9 | p. 567 |
| Chapter 10 | p. 569 |
| Chapter 11 | p. 572 |
| Chapter 12 | p. 573 |
| Chapter 13 | p. 576 |
| Chapter 14 | p. 577 |
| Chapter 15 | p. 580 |
| Index | p. 582 |
