• No results found

Managing Enterprise Security with Cisco Security Manager

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Managing Enterprise Security with Cisco Security Manager"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Managing Enterprise Security with Cisco Security Manager

Course SSECMGT v4.0; 5 Days, Instructor-led

Course Description:

The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to configure and deploy Cisco Security Manager. The course also provides an overview of network security technologies, and includes case studies that are useful for deployment scenarios.

Course Objectives:

Upon completing this course, the learner will be able to meet these overall objectives:

 Present an overview of the Cisco Security Manager product, describe the main product features, and introduce the basic deployment tasks

 Manage configuration of Cisco ASA adaptive security appliances and Cisco FWSM firewall devices, and explain firewall event management and device configuration correlation

 Describe the most commonly used VPN topologies and their deployment

 Examine the configuration of intrusion prevention mechanisms on the Cisco IOS platform, modules, and standalone appliances, as well as explain the Cisco IPS event and configuration correlation

 Explain how Cisco Security Manager works with Cisco IOS devices, including the new Cisco ISR G2 routers

 Describe the FlexConfig functionality of Cisco Security Manager, the workflow mode of operation, and administrative tasks and integration with Cisco Secure ACS

Prerequisites:

The knowledge and skills that a learner must have before attending this course are as follows:

 Cisco CCNP® Security certification:

o Securing Networks with Cisco Routers and Switches (SECURE)

o Deploying Cisco ASA Firewall Features (FIREWALL)

o Deploying Cisco ASA VPN Solutions (VPN)

o Implementing Cisco Intrusion Prevention System (IPS)

 Understanding of networking and routing (on the CCNP level, but no certification is required).

 Understanding of different VPN technologies (such as DMVPN, GET VPN, and SSL VPN).

(2)

Who Should Attend:

The primary audience for this course is as follows:

 Network security engineers that are working in the enterprise sector.

Course Outline:

Module 1: Cisco Security Manager Overview

Lesson 1: Introducing Cisco Security Manager

 Product Overview

 Using Cisco Security Manager  Installing Cisco Security Manager

 Cisco Security Manager Installation Procedure

 Working with the Cisco Security Manager User Interface  New Features in Cisco Security Manager 4.0

Lesson 2: Managing Devices

 Preparing the Devices for Cisco Security Manager

 Understanding the Device View

 Adding Devices to Cisco Security Manager Inventory

 Working with Devices with Dynamically Assigned IP Addresses

 Understanding Device Properties

 Understanding Device Credentials

 Managing Devices

 Understanding Device Grouping

 On-Demand Out–of-Band Change Detection

Lesson 3: Managing Policies

 Understanding Policies

 Managing Policies in Device View

 Managing Shared Policies in Policy View

 Interface Roles

 Advanced Policy Features

 Policy Locking

 Discovering Policies

Lesson 4: Managing Objects

 Objects Overview

 Understanding the Policy Object Manager Window

 Overriding Global Objects for Individual Devices

 Selecting Objects for Policies

Lesson 5: Using Map View

 Understanding Maps

 Displaying Your Network on the Map

 Managing Firewall Services in Map View

 Managing VPNs in Map View

(3)

Module 2: Firewall Policy Management

Lesson 1: Managing Firewall Services

 Overview of Managing Firewall Services

 Managing Rules Tables

 Understanding Access Rules

 Understanding Access Control Settings

 Understanding Inspection Rules

 Understanding Access Rule Functions

 Understanding AAA Rules

 Understanding Web Filter Rules

 Understanding Transparent Firewall Rules

 Understanding Zone-Based Firewall Rules

 Understanding Interface and Global Rules

 Understanding Botnet Traffic Filtering

Lesson 2: Managing Firewall Devices

 Platform Policies on Firewall Devices

 NAT Policies on Firewall Devices

 Bridging Policies on Firewall Devices

 Device Administration Policies on Firewall Devices

 Logging Policies on Firewall Devices

 Multicast Policies on Firewall Devices

 Routing Policies on Firewall Devices

 Security Policies on Firewall Devices

 Service Policy Rules on Firewall Devices

 Security Contexts on Firewall Devices

Lesson 3: Event Monitoring and Rule Correlation for Firewalls

 Supported Devices and Events in Event Viewer

 EventServer Overview

 Cisco ASA Device Bootstrapping

 Introduction to Event Viewer

 Event-to-Policy Correlation

 Event Collection and Event Viewer Settings

Module 3: VPN Policy Configuration

Lesson 1: Managing VPNs

 Overview of Site-to-Site VPNs

 Working with VPN Topologies

 Working with Site-to-Site VPN Policies

 Configuring Advanced VPN Platforms

Lesson 2: Managing Remote Access IPsec VPNs

 Overview of Remote-Access VPNs

(4)

 Configuring VPN Options

Lesson 3: Configuring Client-Based SSL VPNs

 SSL VPN Management Features and Platform Support

 Overview of Remote-Access SSL VPNs

 Bootstrapping Cisco ASA Adaptive Security Appliance for Full Tunnel SSL VPN

 Configuring Full Tunnel SSL VPN

Lesson 4: Configuring Clientless SSL VPNs

 Clientless SSL VPN Overview

 Clientless SSL VPN Configuration

 Working with Application Plug-Ins

 SSL VPN Portal Customization

Lesson 5: Configuring Advanced VPN Configurations

 Managing Cisco Security Desktop Policy

 Configuring DAP

 Creating Group Policies

 Creating Remote Connection Profiles

 Working with VPN AAA

Lesson 6: Deploying Advanced VPN Technologies

 DMVPN Overview  Hub-and-Spoke Prerequisites  Configuring DMVPN  Managing DMVPN  GET VPN Overview  Configuring GET VPN  Managing GET VPN

 GRE over IPsec

 VPN Dial Backup

 VRF-Aware IPsec

 VPN High Availability

Module 4: Cisco IPS Solutions Management

Lesson 1: Managing Cisco IPS Services

 Overview of Network Sensing

 Configuring Interfaces

 Configuring Signatures

 Working with IPS Signatures

 Configuring Anomaly Detection

 Configuring Event Actions

 Configuring Global Correlation

Lesson 2: Managing Cisco IPS Devices

 Managing Cisco IPS Modules and Appliances

(5)

 Managing Cisco IPS Updates

Lesson 3: Managing Cisco IPS Events

 Cisco Security Manager IPS Event Management

 Mapping IPS Events to Policies

Module 5: Cisco IOS Device Provisioning

Lesson 1: Managing Routers

 Overview of Policy Management on Cisco IOS Routers

 Working with Platform Policies for Cisco IOS Routers

 NAT Policies

 Interface Policies

 Device Administration Policies

 Configuring Device Administration Policies

 Identity Policies

 Logging and QoS Policies

 Routing Policies

 Advanced Routing Configuration Options

 Zone-Based Firewall

Lesson 2: Using the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router Device Manager

 Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers Overview

 Managing Policies for Catalyst 6500 Series Switches and 7600 Series Routers

Module 6: Management, Deployment, and Administration of FlexConfigs in Cisco Security Manager

Lesson 1: Managing FlexConfigs

 Understanding FlexConfig

 Creating FlexConfig Policy Objects

 Working with FlexConfig

Lesson 2: Managing Activities and Workflow Deployments

 Managing Activities

 Working with Activities

 Managing Deployment

Lesson 3: Implementing Integration between Cisco Security Manager and Cisco Secure ACS

 Understanding Roles in Cisco Security Manager

 Understanding RBAC with Cisco Secure ACS

 Configuring Cisco Secure ACS and Cisco Security Manager for RBAC Integration

Lesson 4: Backing Up and Restoring Cisco Security Manager Databases

 Database Backup in Cisco Security Manager

 Database Restore in Cisco Security Manager

Lesson 5: Using Monitoring, Troubleshooting, and Diagnostic Tools Lab Outline

 Lab 1-1: Configuring Device Bootstrap and Testing Connectivity

 Lab 1-2: Importing Devices

(6)

 Lab 1-4: Creating Policy Objects

 Lab 2-1: Managing Firewall Policy—Policy Sharing

 Lab 2-2: Managing Firewall Policy—Policy Inheritance

 Lab 2-3: Configuring NAT and Inspecting Configuration Commands Prior to Deployment

 Lab 2-4: Configuring Event Monitoring and Configuration Correlation for Firewalls

 Lab 3-1: Managing SSL VPN Deployment Using Cisco AnyConnect

 Lab 3-2: Managing Clientless SSL VPN Deployment

 Lab 3-3: Managing DMVPN Deployment

 Lab 3-4: Managing GET VPN Deployment

 Lab 4-1: Configuring the Cisco IOS IPS

 Lab 4-2: Configuring the Cisco IPS Module

 Lab 4-3: Configuring Event Monitoring and Configuration Correlation for IPSs

 Lab 5-1: Configuring the Cisco IOS Software Router

 Lab 5-2: Managing DHCP Devices with the CiscoWorks Auto Update Server

 Lab 6-1: Configuring FlexConfigs

References

Download now ( PDF - 6 Page - 433.80 KB )

Related documents

Library Research Skills Teaching Staff ( ) The Library

The aim of this session is to develop knowledge and understanding of data scholarship and the related Library Research Skills Teaching.

Cisco ASA 5500 Series Adaptive Security Appliances

The Cisco ASA 5500 Series includes the Cisco ASA 5505, 5510, 5520, 5540, 5550, and 5580 Adaptive Security Appliances—purpose-built, high-performance security solutions that take

Gastrointestinal Tract Pathology

Imperforate Anus Anus Diverticulum Diverticulum Chronic Chronic gastritis gastritis Ischemic Ischemic bowel bowel disease disease Esophagus Esophagus Diaphragmatic

Curriculum Vitae. personal details. career objectives

networking CISCO Router management and configuration, CISCO Switch management and configuration, CISCO Firewall management and configuration, Routing protocols, troubleshooting

Eruption Characteristic of the Sleeping Volcano, Sinabung, North Sumatera, Indonesia, and SMS Gateway for Disaster Early Warning System

Eruption Characteristic of the Sleeping Volcano, Sinabung, North Sumatera, Indonesia, and SMS gateway for Disaster Early Warning System.. Sari Bahagiarti Kusumayudha, Puji Lestari

Investigating Mobile Accessibility Guidance for People with Aphasia

Only 13.7% of the total usability issues encountered by participants could be mapped to the accessibility guidelines. They were mapped to 5 different guidelines from

Alternative Financing for Commercial Real Estate

The advantages to forming a Regional Center are significant, ranging from economic to strategic, including (1) it eliminates the middleman from receiving a spread between the

Security Target for Cisco Firewall Services Module (FWSM)

ACM_AUT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.. ACM_CAP.4 Generation support and