Librería Portfolio

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language.

Gain access to Sybex´s superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.

Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities
Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis
Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination
Access Sybex´s online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary
Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.



Table of Contents

Introduction xv
Assessment Test xxv

Chapter 1 Getting Started with FireSIGHT 1

Industry Terminology 2

Cisco Terminology 3

FirePOWER and FireSIGHT 3

Out with the Old. 4

Appliance Models 5

Hardware vs. Virtual Devices 6

Device Models 6

Defense Center Models 7

FireSIGHT Licensing 8

License Dependencies 9

Network Design 9

Inline IPS 10

Passive IPS 11

Router, Switch, and Firewall 11

Policies 12

The User Interface 13

Initial Appliance Setup 14

Setting the Management IP 15

Initial Login 15

Summary 17

Hands-on Lab 17

Review Questions 19

Chapter 2 Object Management 21

What Are Objects? 22

Getting Started 23

Network Objects 25

Individual Network Objects 25

Network Object Groups 25

Security Intelligence 26

Blacklist and Whitelist 26

Sourcefire Intelligence Feed 27

Custom Security Intelligence Objects 28

Port Objects 29

VLAN Tag 30

URL Objects and Site Matching 31

Application Filters 33

Variable Sets 35

File Lists 39

Security Zones 41

Geolocation 43

Summary 44

Hands-on Lab 45

Exam Essentials 49

Review Questions 51

Chapter 3 IPS Policy Management 53

IPS Policies 54

Default Policies 55

Policy Layers 56

Creating a Policy 57

Policy Editor 58

Summary 65

Hands-on Labs 65

Hands-on Lab 3.1: Creating an IPS Policy 66

Hands-on Lab 3.2: Viewing Connection Events 66

Exam Essentials 66

Review Questions 68

Chapter 4 Access Control Policy 71

Getting Started with Access Control Policies 72

Security Intelligence Lists 75

Blacklists, Whitelists, and Alerts 76

Security Intelligence Page Specifics 77

Configuring Security Intelligence 79

Access Control Rules 86

Access Control UI Elements 86

Rule Categories 88

A Simple Policy 97

Saving and Applying 98

Summary 100

Hands ]on Lab 100

Exam Essentials 104

Review Questions 105

Chapter 5 FireSIGHT Technologies 107

FireSIGHT Technologies 108

Network Discovery Policy 109

Discovery Information 114

User Information 120

Host Attributes 124

Summary 126

Hands-on Labs 126

Hands-on Lab 5.1: Configuring a Discovery Policy 127

Hands-on Lab 5.2: Viewing Connection Events 127

Hands-on Lab 5.3: Viewing the Network Map 127

Hands-on Lab 5.4: Creating Host Attributes 128

Exam Essentials 128

Review Questions 130

Chapter 6 Intrusion Event Analysis 133

Intrusion Analysis Principles 134

False Positives 134

False Negatives 135

Possible Outcomes 135

The Goal of Analysis 136

The Dashboard and Context Explorer 136

Intrusion Events 141

An Introduction to Workflows 141

The Time Window 142

The Analysis Screen 145

The Caveat 154

Rule Comment 168

Summary 175

Hands ]on Lab 175

Exam Essentials 177

Review Questions 178

Chapter 7 Network ]Based Malware Detection 181

AMP Architecture 182

SHA ]256 183

Spero Analysis 183

Dynamic Analysis 183

Retrospective Events 184

Communications Architecture 184

File Dispositions 185

File Disposition Caching 185

File Policy 185

Advanced Settings 186

File Rules 187

File Types and Categories 191

File and Malware Event Analysis 193

Malware Events 194

File Events 196

Captured Files 197

Network File Trajectory 199

Context Explorer 203

Summary 204

Hands ]on Lab 204

Exam Essentials 205

Review Questions 206

Chapter 8 System Settings 209

User Preferences 210

Event Preferences 211

File Preferences 211

Default Time Windows 211

Default Workflows 212

System Configuration 212

System Policy 215

Health 217

Health Monitor 217

Health Policy 218

Health Events 218

Blacklist 220

Health Monitor Alerts 221

Summary 222

Hands-on Lab 222

Hands-on Lab 8.1: Creating a New System Policy 223

Hands-on Lab 8.2: Viewing Health Information 223

Exam Essentials 223

Review Questions 225

Chapter 9 Account Management 227

User Account Management 228

Internal versus External User Authentication 229

User Privileges 229

Predefined User Roles 230

Creating New User Accounts 231

Managing User Role Escalation 237

Configuring External Authentication 239

Creating Authentication Objects 240

Summary 246

Hands-on Lab 247

Hands-on Lab 9.1: Configuring a User in the Local Database 247

Hands-on Lab 9.2: Configuring Permission Escalation 247

Exam Essentials 248

Review Questions 249

Chapter 10 Device Management 251

Device Management 252

Configuring the Device on the Defense Center 254

NAT Configuration 266

Virtual Private Networks 267

Point-to-Point VPN 267

Star VPN 269

Mesh VPN 270

Advanced Options 270

Summary 271

Hands-on Labs 271

Hands-on Lab 10.1: Creating a Device Group 272

Hands-on Lab 10.2: Renaming the Device 272

Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272

Exam Essentials 273

Review Questions 274

Chapter 11 Correlation Policy 277

Correlation Overview 278

Correlation Rules, Responses, and Policies 279

Correlation Rules 279

Rule Options 284

Responses 286

Correlation Policy 291

White Lists 295

Traffic Profiles 301

Summary 308

Hands-on Lab 308

Exam Essentials 309

Review Quest