-
With the Firepower appliances and the Cisco Secure Firewall, Cisco offers a platform that, in addition to standardized configuration via a policy model, continues to focus very strongly on protection against threats in the network environment.
In addition to the classic firewall functionalities, the various Firepower systems also offer application control, threat detection, advanced malware protection and IPS. This course provides solid knowledge of the deployment and configuration options of the Cisco NGIPS. You will be able to understand and competently use all relevant functions of the NGIPS.
-
Course Contents
-
- IPS-Interfaces
- How an IPS works
- Network Analysis Policy
- Intrusion Policy
- NGIPS Policy Tuning
- Snort Rules
- Snort 3
- Advanced Malware Protection (AMP)
- Correlation Policy
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at people in security and network administration who will commission and manage a Firepower Threat Defense appliance. The focus is on the functionality of the Next Generation IPS.
-
Knowledge Prerequisites
-
For this course, you should have basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing. You should also already be familiar with the operation and basic configuration of FTD and management with the FMC.
-
Alternatives
-
Book this course together with Cisco Next Generation Firewall – Secure Networks with Firepower as PowerPackage Cisco Firepower for the discounted price of € 3.395,-.
-
Complementary and Continuative Courses
-
Cisco Next Generation Firewall – Sichere Netze mit Firepower
Cisco Firepower VPN Lösungen – Site-to-Site und Remote Access VPNs mit FTD
| 1 | FTD, IPS und AMP: Ein Überblick |
| 1.1 | Next Generation Firewall |
| 1.2 | Hardware: Die Modellreihen |
| 1.2.1 | Firewall Performance Estimator |
| 1.3 | IPS |
| 1.4 | Advanced Malware Protection |
| 2 | FTD als NGIPS |
| 2.1 | Einsatz als IPS oder IDS |
| 2.2 | Interfaces |
| 2.2.1 | Inline Sets |
| 2.2.2 | Passive Interfaces |
| 2.2.3 | ERSPAN Interfaces |
| 2.3 | Rule Updates |
| 2.4 | Die Snort Engine |
| 2.5 | Evasion Attacks |
| 2.6 | Adaptive Profiles |
| 2.7 | Snort 2 und Snort 3: Migration |
| 2.8 | Die Policies des IPS |
| 2.9 | Network Analysis Policy |
| 2.9.1 | Die Inspectors |
| 2.9.2 | Konfiguration der Inspectors |
| 2.9.3 | Scanning-Attacken |
| 2.10 | Intrusion Policy |
| 2.10.1 | Intrusion Policy: Summary |
| 2.10.2 | Base Policy |
| 2.10.3 | Group Overrides |
| 2.10.4 | Rule Overrides |
| 2.10.5 | Recommendations |
| 2.11 | Intrusion Rules |
| 2.11.1 | Alert Configuration |
| 2.11.2 | Custom Rules |
| 2.12 | Elephant Flows |
| 2.12.1 | Externes Logging von Intrusion Events |
| 2.12.2 | Variablen in Snort Rules |
| 2.13 | Event Monitoring |
| 2.13.1 | Host Profiles |
| 2.13.2 | Event View – Packets |
| 2.13.3 | Suche |
| 2.14 | Reporting |
| 2.15 | Performance |
| 2.15.1 | Performance: CLI |
| 2.15.2 | Elephant Flows |
| 3 | Snort 2 |
| 3.1 | Network Analysis Policy |
| 3.1.1 | Preprocessors |
| 3.1.2 | Scanning-Attacken |
| 3.1.3 | Policies vergleichen |
| 3.2 | Intrusion Policy |
| 3.2.1 | Cisco Recommendations |
| 3.2.2 | Advanced Settings |
| 3.2.3 | Externes Logging von Intrusion Events |
| 3.3 | Intrusion Rules |
| 3.3.1 | IPS Rules in der Policy |
| 3.3.2 | Der Rule Editor |
| 4 | Advanced Malware Protection |
| 4.1 | Das Konzept hinter AMP |
| 4.2 | Konfiguration von Secure Malware Defense |
| 4.2.1 | Einbinden in die Access Policy |
| 4.3 | Best Practices für Secure Malware Defense |
| 4.3.1 | Best Practices: File Detection |
| 4.3.2 | Best Practices: File Blocking |
| 4.4 | File und Malware Events |
| 4.4.1 | File und Malware Events: Details |
| 4.4.2 | Trajectory |
| 4.5 | Captured Files |
| 4.5.1 | Detailanalyse |
| 4.6 | Externes Logging von File Events |
| 5 | Correlation |
| 5.1 | Correlation |
| 5.2 | Alerts |
| 5.2.1 | Alarmkonfiguration |
| 5.2.2 | Remediation Actions |
| 5.3 | Correlation Policy |
| 5.3.1 | Rule Management |
| 5.3.2 | Allow Lists |
| 5.3.3 | Traffic Profiles |
| 5.3.4 | Traffic Policies |
| A | Übungen Cisco Firepower Next Generation IPS |
| A.1 | Netzwerktopologie |
| A.2 | Einbinden des FTD-Gerätes in das FMC |
| A.3 | Interface-Konfiguration |
| A.4 | Health und Network Discovery Policy |
| A.5 | Intrusion Policy |
| A.5.1 | Variable Set und Access Control Policy |
| A.5.2 | Portscan |
| A.5.3 | IP Defragmentation: Snort 2 |
| A.6 | IP Defragmentation: Snort 3 |
| A.6.1 | Rate-Based Attack Prevention: Snort 2 |
| A.6.2 | Rate-Based Attack Prevention: Snort 3 |
| A.6.3 | Recommendations: Snort 2 und Snort 3 |
| A.7 | Rule Editor: eigene Regeln (Snort 2) |
| A.8 | AMP |
| A.9 | Correlation: Alerts |
| A.9.1 | Correlation Policy |
| A.9.2 | Correlation: Remediation Instance – Nmap Scan |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
With the Firepower appliances and the Cisco Secure Firewall, Cisco offers a platform that, in addition to standardized configuration via a policy model, continues to focus very strongly on protection against threats in the network environment.
In addition to the classic firewall functionalities, the various Firepower systems also offer application control, threat detection, advanced malware protection and IPS. This course provides solid knowledge of the deployment and configuration options of the Cisco NGIPS. You will be able to understand and competently use all relevant functions of the NGIPS.
-
Course Contents
-
- IPS-Interfaces
- How an IPS works
- Network Analysis Policy
- Intrusion Policy
- NGIPS Policy Tuning
- Snort Rules
- Snort 3
- Advanced Malware Protection (AMP)
- Correlation Policy
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at people in security and network administration who will commission and manage a Firepower Threat Defense appliance. The focus is on the functionality of the Next Generation IPS.
-
Knowledge Prerequisites
-
For this course, you should have basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing. You should also already be familiar with the operation and basic configuration of FTD and management with the FMC.
-
Alternatives
-
Book this course together with Cisco Next Generation Firewall – Secure Networks with Firepower as PowerPackage Cisco Firepower for the discounted price of € 3.395,-.
-
Complementary and Continuative Courses
-
Cisco Next Generation Firewall – Sichere Netze mit Firepower
Cisco Firepower VPN Lösungen – Site-to-Site und Remote Access VPNs mit FTD
| 1 | FTD, IPS und AMP: Ein Überblick |
| 1.1 | Next Generation Firewall |
| 1.2 | Hardware: Die Modellreihen |
| 1.2.1 | Firewall Performance Estimator |
| 1.3 | IPS |
| 1.4 | Advanced Malware Protection |
| 2 | FTD als NGIPS |
| 2.1 | Einsatz als IPS oder IDS |
| 2.2 | Interfaces |
| 2.2.1 | Inline Sets |
| 2.2.2 | Passive Interfaces |
| 2.2.3 | ERSPAN Interfaces |
| 2.3 | Rule Updates |
| 2.4 | Die Snort Engine |
| 2.5 | Evasion Attacks |
| 2.6 | Adaptive Profiles |
| 2.7 | Snort 2 und Snort 3: Migration |
| 2.8 | Die Policies des IPS |
| 2.9 | Network Analysis Policy |
| 2.9.1 | Die Inspectors |
| 2.9.2 | Konfiguration der Inspectors |
| 2.9.3 | Scanning-Attacken |
| 2.10 | Intrusion Policy |
| 2.10.1 | Intrusion Policy: Summary |
| 2.10.2 | Base Policy |
| 2.10.3 | Group Overrides |
| 2.10.4 | Rule Overrides |
| 2.10.5 | Recommendations |
| 2.11 | Intrusion Rules |
| 2.11.1 | Alert Configuration |
| 2.11.2 | Custom Rules |
| 2.12 | Elephant Flows |
| 2.12.1 | Externes Logging von Intrusion Events |
| 2.12.2 | Variablen in Snort Rules |
| 2.13 | Event Monitoring |
| 2.13.1 | Host Profiles |
| 2.13.2 | Event View – Packets |
| 2.13.3 | Suche |
| 2.14 | Reporting |
| 2.15 | Performance |
| 2.15.1 | Performance: CLI |
| 2.15.2 | Elephant Flows |
| 3 | Snort 2 |
| 3.1 | Network Analysis Policy |
| 3.1.1 | Preprocessors |
| 3.1.2 | Scanning-Attacken |
| 3.1.3 | Policies vergleichen |
| 3.2 | Intrusion Policy |
| 3.2.1 | Cisco Recommendations |
| 3.2.2 | Advanced Settings |
| 3.2.3 | Externes Logging von Intrusion Events |
| 3.3 | Intrusion Rules |
| 3.3.1 | IPS Rules in der Policy |
| 3.3.2 | Der Rule Editor |
| 4 | Advanced Malware Protection |
| 4.1 | Das Konzept hinter AMP |
| 4.2 | Konfiguration von Secure Malware Defense |
| 4.2.1 | Einbinden in die Access Policy |
| 4.3 | Best Practices für Secure Malware Defense |
| 4.3.1 | Best Practices: File Detection |
| 4.3.2 | Best Practices: File Blocking |
| 4.4 | File und Malware Events |
| 4.4.1 | File und Malware Events: Details |
| 4.4.2 | Trajectory |
| 4.5 | Captured Files |
| 4.5.1 | Detailanalyse |
| 4.6 | Externes Logging von File Events |
| 5 | Correlation |
| 5.1 | Correlation |
| 5.2 | Alerts |
| 5.2.1 | Alarmkonfiguration |
| 5.2.2 | Remediation Actions |
| 5.3 | Correlation Policy |
| 5.3.1 | Rule Management |
| 5.3.2 | Allow Lists |
| 5.3.3 | Traffic Profiles |
| 5.3.4 | Traffic Policies |
| A | Übungen Cisco Firepower Next Generation IPS |
| A.1 | Netzwerktopologie |
| A.2 | Einbinden des FTD-Gerätes in das FMC |
| A.3 | Interface-Konfiguration |
| A.4 | Health und Network Discovery Policy |
| A.5 | Intrusion Policy |
| A.5.1 | Variable Set und Access Control Policy |
| A.5.2 | Portscan |
| A.5.3 | IP Defragmentation: Snort 2 |
| A.6 | IP Defragmentation: Snort 3 |
| A.6.1 | Rate-Based Attack Prevention: Snort 2 |
| A.6.2 | Rate-Based Attack Prevention: Snort 3 |
| A.6.3 | Recommendations: Snort 2 und Snort 3 |
| A.7 | Rule Editor: eigene Regeln (Snort 2) |
| A.8 | AMP |
| A.9 | Correlation: Alerts |
| A.9.1 | Correlation Policy |
| A.9.2 | Correlation: Remediation Instance – Nmap Scan |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Guaranteed with the next booking
Classroom Training
Hybrid Training
Trainer language German