Security: Securing Hosts using Cisco Security Agent (2 day)

Scheduled Dates Locations filtered. Show all UK course locations.

Course Overview

HIPS is a two-day, lab-intensive Instructor-Led course which develops the knowledge and skills to deploy, configure and administer the Cisco Security Agent product to protect server and workstation hosts. It takes a task-oriented approach, using lecture and hands-on labs to teach the skills. The Cisco Security Agent functions to protect from intrusions, as compared to simply detecting attempted intrusions.

Audience

• Engineers who support sales of Cisco security product solutions.
• Cisco Channel Partners, who sell, implement and maintain secure networks.
• Cisco Customers who implement and maintain secure networks.

Skills Gained

• Describe the need for network security; understand attack types, methods and Cisco security wheel.
• CSA overview - functionality, components and architecture.
• CSAMC install - overview, system requirements for management console.
• CSAMC quick start configuration -configure a group, build an agent kit, view registered hosts, configure a policy, attach a policy to a group and generate rule programs
• CSAMC administration-accessing and using the management console.
• Configure groups and manage hosts.Build agent kits and distributing software updates.
• Develop a security policy.
• Configure policies and rules for Windows and UNIX.
• Use system correlation and heuristics.
• Understand and configure application classes.
• Configure variables-file sets, network address sets, network services, registry sets, COM component sets.
• Use CSA Profiler for data analysis and as policy creation tool.
• Configure and manage event logging, alerts and reports.Understand and use CSAMC utilities-start / stop service for servers and agent, webmgr utility, backup configurations, COM extract utility and export / import configurations.

Prerequisites

Delegates are required to meet the following prerequisites:

• CCNA or equivalent knowledge
• 6 months practical experience of configuring Cisco IDS Routers
• Competency in using the Windows NT Operating system
• Familiarity with implementing network security policies and the following networking concepts:
• Perimeter Security System Components
• Perimeter Router
• Firewall
• Bastion Host/Servers and Hosts

Course Outline

Security Fundamentals

• Need for Network Security
• Network Security Policy
• Network Attack Taxonomy

Cisco Security Agent Overview

• Defense in Depth
• Cisco Security Agent Architecture
• Anatomy of an Attack and Response
• Key Features of Cisco Security Agent

Cisco Security Agent Quick Start Installation

• CSAMC System Requirements
• CSA System Requirements
• Installing the CSAMC
• Configuring the CSAMC
• Installing the CSA

Cisco Security Agent Management Center Administration

• Using Cisco Securinty Agent Management Center

Using Event Logs and Generating Reports

• The Event Log and Event Monitor
• Configuring Event Sets
• Configuring Alerts
• Generating Reports

Configuring Groups and Managing Hosts

• Configuring Groups
• Building and Agent Kit
• Managing Hosts
• Deploying Scheduled Software Updates

Building Policies

• Developing a Security Policy
• Rule Basics
• Policy Components
• Configuring and Managing Policies
• Rules common to Windows and Unix
• Windows-Only Rules
• Unix-only Rules

Defining Application Classes

• About Application Classes
• Configuring Static Application Classes
• Dynamic Application Classes

Working with Variables

• Data Sets
• File Sets
• Network Address & Services Sets
• Registry Sets

Security: Securing Hosts using Cisco Security Agent (2 day) / HIPS