-
Review the fundamentals of intrusion detection and intrusion prevention systems (IDS/IPS), how they detect and mitigate common attacks, and the practical applications of IDS/IPS.
A network must be able to quickly recognize threats. Intrusion detection and intrusion prevention systems (IDS/IPS) provide organizations with a proactive approach to monitoring their network, enabling them to take action against possible threats. In this course, join security ambassador Lisa Bock as she provides an overview of intrusion detection and intrusion prevention systems and explains how they detect and mitigate common attacks. She covers detection and signature engines, triggering actions and responses, and deploying an IOS-based IPS. In addition, she goes over some practical applications of these systems, including honeypot-based intrusion detection and the EINSTEIN system from the Department of Homeland Security.
Overview
Syllabus
-
Introduction
- Welcome
- What you need to know
- Packet Tracer and exercise files
- Prepare for the CCNA Security Exam (210-260)
- Managing the threat landscape
- Overview and benefits of IDS and IPS
- IPS versus IDS
- Host-based versus network IDS
- Prerequisites and restrictions for IPS
- Monitoring the network
- Signature-based IDS
- Sweep scan
- Anomaly-based IDS
- Reputation-based IDS
- Policy-based IDS
- IDS signature files
- Trigger actions and responses
- Blacklist and whitelist
- Managing IPS alarms
- Analyze the flow
- Implementing an IPS
- Configure an IPS
- Monitoring and analyzing
- Syslog
- Using IDS and honeypots
- The EINSTEIN system
- Summary
