SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide: exam 500-285
Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial n...
Gespeichert in:
| Beteiligte Personen: | , , |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | Englisch |
| Veröffentlicht: |
San Francisco
Sybex
2015
|
| Ausgabe: | 1st |
| Schlagwörter: | |
| Links: | https://learning.oreilly.com/library/view/-/9781119155034/?ar |
| Zusammenfassung: | Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Administration Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language. Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms. Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination. |
| Beschreibung: | Virtual Devices 6 Device Models 6 Defense Center Models 7 FireSIGHT Licensing 8 License Dependencies 9 Network Design 9 Inline IPS 10 Passive IPS 11 Router, Switch,. - And Firewall 11 Policies 12 The User Interface 13 Initial Appliance Setup 14 Setting the Management IP 15 Initial Login 15 Summary 17 Hands-on Lab 17 Review Questions 19 Chapter 2 Object Management 21 What Are Objects? 22 Getting Started 23 Network Objects 25 Individual Network Objects 25 Network Object Groups 25 Security Intelligence 26 Blacklist and Whitelist 26 Sourcefire Intelligence Feed 27 Custom Security Intelligence Objects 28 Port Objects 29 VLAN Tag 30 URL Objects and Site Matching 31 Application Filters 33 Variable Sets 35 File Lists 39 Security Zones 41 Geolocation 43 Summary 44 Hands-on Lab 45 Exam Essentials 49 Review Questions 51 Chapter 3 IPS Policy Management 53 IPS Policies 54 Default Policies 55 Policy Layers 56. - Creating a Policy 57 Policy Editor 58 Summary 65 Hands-on Labs 65 Hands-on Lab 3.1: Creating an IPS Policy 66 Hands-on Lab 3.2: Viewing Connection Events 66 Exam Essentials 66 Review Questions 68 Chapter 4 Access Control Policy 71 Getting Started with Access Control Policies 72 Security Intelligence Lists 75 Blacklists, Whitelists,. - And Alerts 76 Security Intelligence Page Specifics 77 Configuring Security Intelligence 79 Access Control Rules 86 Access Control UI Elements 86 Rule Categories 88 A Simple Policy 97 Saving and Applying 98 Summary 100 Hands?]on Lab 100 Exam Essentials 104 Review Questions 105 Chapter 5 FireSIGHT Technologies 107 FireSIGHT Technologies 108 Network Discovery Policy 109 Discovery Information 114 User Information 120 Host Attributes 124 Summary 126 Hands-on Labs 126 Hands-on Lab 5.1: Configuring a Discovery Policy 127 Hands-on Lab 5.2: Viewing Connection Events 127 Hands-on Lab 5.3: Viewing the Network Map 127 Hands-on Lab 5.4: Creating Host Attributes 128 Exam Essentials 128 Review Questions 130 Chapter 6 Intrusion Event Analysis 133 Intrusion Analysis Principles 134 False. - Positives 134 False Negatives 135 Possible Outcomes 135 The Goal of Analysis 136 The Dashboard and Context Explorer 136 Intrusion Events 141 An Introduction to Workflows 141 The Time Window 142 The Analysis Screen 145 The Caveat 154 Rule Comment 168 Summary 175 Hands?]on Lab 175 Exam Essentials 177 Review Questions 178 Chapter 7 Network?]Based Malware Detection 181 AMP Architecture 182 SHA?]256 183 Spero Analysis 183 Dynamic Analysis 183 Retrospective Events 184 Communications Architecture 184 File Dispositions 185 File Disposition Caching 185 File Policy 185 Advanced Settings 186 File Rules 187 File Types and Categories 191 File and Malware Event Analysis 193 Malware Events 194 File Events 196 Captured Files 197 Network File Trajectory 199 Context. - Explorer 203 Summary 204 Hands?]on Lab 204 Exam Essentials 205 Review Questions 206 Chapter 8 System Settings 209 User Preferences 210 Event Preferences 211 File Preferences 211 Default Time Windows 211 Default Workflows 212 System Configuration 212 System Policy 215 Health 217 Health Monitor 217 Health Policy 218 Health Events 218 Blacklist 220 Health Monitor Alerts 221 Summary 222 Hands-on Lab 222 Hands-on Lab 8.1: Creating a New System Policy 223 Hands-on Lab 8.2: Viewing Health Information 223 Exam Essentials 223 Review Questions 225 Chapter 9 Account Management 227 User Account Management 228 Internal versus External User Authentication 229 User Privileges 229 Predefined User Roles 230 Creating New User Accounts 231 Managing User Role Escalation 237. - Configuring External Authentication 239 Creating Authentication Objects 240 Summary 246 Hands-on Lab 247 Hands-on Lab 9.1: Configuring a User in the Local Database 247 Hands-on Lab 9.2: Configuring Permission Escalation 247 Exam Essentials 248 Review Questions 249 Chapter 10 Device Management 251 Device Management 252 Configuring the Device on the Defense Center 254 NAT Configuration 266 Virtual Private Networks 267 Point-to-Point VPN 267 Star VPN 269 Mesh VPN 270 Advanced Options 270 Summary 271 Hands-on Labs 271 Hands-on Lab 10.1: Creating a Device Group 272 Hands-on Lab 10.2: Renaming the Device 272 Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272 Exam Essentials 273 Review Questions 274 Chapter 11 Correlation Policy 277 Correlation Overview 278 Correlation Rules,. - Responses,. - And Policies 279 Correlation Rules 279 Rule Options 284 Responses 286 Correlation Policy 291 White Lists 295 Traffic Profiles 301 Summary 308 Hands-on Lab 308 Exam Essentials 309 Review Questions 311 Chapter 12 Advanced IPS Policy Settings 313 Advanced Settings 314 Preprocessor Alerting 316 Application Layer Preprocessors 316 SCADA Preprocessors 320 Transport/Network Layer Preprocessors 320 Specific Threat Detection 325 Detection Enhancement 326 Intrusion Rule Thresholds 327 Performance Settings 327 External Responses 330 Summary 330 Hands?]on Lab 331 Hands?]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331 Hands?]on Lab 12.2: Enabling Inline Normalization 332 Hands?]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332 Exam Essentials 333. - Review Questions 334 Chapter 13 Creating Snort Rules 337 Overview of Snort Rules 338 Rule Headers 339 The Rule Body 342 Writing Rules 352 Using the System GUI to Build a Rule 353 Summary 355 Exam Essentials 356 Review Questions 357 <b & g. - CIP data; item not viewed |
| Umfang: | 1 Online-Ressource |
| ISBN: | 9781119155041 1119155045 9781119155058 1119155053 9781119155034 |
Internformat
MARC
| LEADER | 00000nam a22000002c 4500 | ||
|---|---|---|---|
| 001 | ZDB-30-ORH-108523780 | ||
| 003 | DE-627-1 | ||
| 005 | 20241001123221.0 | ||
| 007 | cr uuu---uuuuu | ||
| 008 | 241001s2015 xx |||||o 00| ||eng c | ||
| 020 | |a 9781119155041 |c ePub ebook |9 978-1-119-15504-1 | ||
| 020 | |a 1119155045 |c ePub ebook |9 1-119-15504-5 | ||
| 020 | |a 9781119155058 |c PDF ebook |9 978-1-119-15505-8 | ||
| 020 | |a 1119155053 |c PDF ebook |9 1-119-15505-3 | ||
| 020 | |a 9781119155034 |9 978-1-119-15503-4 | ||
| 035 | |a (DE-627-1)108523780 | ||
| 035 | |a (DE-599)KEP108523780 | ||
| 035 | |a (ORHE)9781119155034 | ||
| 035 | |a (DE-627-1)108523780 | ||
| 040 | |a DE-627 |b ger |c DE-627 |e rda | ||
| 041 | |a eng | ||
| 082 | 0 | |a 005.8076 |2 23 | |
| 100 | 1 | |a Lammle, Todd |e VerfasserIn |4 aut | |
| 245 | 1 | 0 | |a SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide |b exam 500-285 |c Todd Lammle, John Gay, Alexis B. Tatistcheff |
| 250 | |a 1st | ||
| 264 | 1 | |a San Francisco |b Sybex |c 2015 | |
| 300 | |a 1 Online-Ressource | ||
| 336 | |a Text |b txt |2 rdacontent | ||
| 337 | |a Computermedien |b c |2 rdamedia | ||
| 338 | |a Online-Ressource |b cr |2 rdacarrier | ||
| 500 | |a Virtual Devices 6 Device Models 6 Defense Center Models 7 FireSIGHT Licensing 8 License Dependencies 9 Network Design 9 Inline IPS 10 Passive IPS 11 Router, Switch,. - And Firewall 11 Policies 12 The User Interface 13 Initial Appliance Setup 14 Setting the Management IP 15 Initial Login 15 Summary 17 Hands-on Lab 17 Review Questions 19 Chapter 2 Object Management 21 What Are Objects? 22 Getting Started 23 Network Objects 25 Individual Network Objects 25 Network Object Groups 25 Security Intelligence 26 Blacklist and Whitelist 26 Sourcefire Intelligence Feed 27 Custom Security Intelligence Objects 28 Port Objects 29 VLAN Tag 30 URL Objects and Site Matching 31 Application Filters 33 Variable Sets 35 File Lists 39 Security Zones 41 Geolocation 43 Summary 44 Hands-on Lab 45 Exam Essentials 49 Review Questions 51 Chapter 3 IPS Policy Management 53 IPS Policies 54 Default Policies 55 Policy Layers 56. - Creating a Policy 57 Policy Editor 58 Summary 65 Hands-on Labs 65 Hands-on Lab 3.1: Creating an IPS Policy 66 Hands-on Lab 3.2: Viewing Connection Events 66 Exam Essentials 66 Review Questions 68 Chapter 4 Access Control Policy 71 Getting Started with Access Control Policies 72 Security Intelligence Lists 75 Blacklists, Whitelists,. - And Alerts 76 Security Intelligence Page Specifics 77 Configuring Security Intelligence 79 Access Control Rules 86 Access Control UI Elements 86 Rule Categories 88 A Simple Policy 97 Saving and Applying 98 Summary 100 Hands?]on Lab 100 Exam Essentials 104 Review Questions 105 Chapter 5 FireSIGHT Technologies 107 FireSIGHT Technologies 108 Network Discovery Policy 109 Discovery Information 114 User Information 120 Host Attributes 124 Summary 126 Hands-on Labs 126 Hands-on Lab 5.1: Configuring a Discovery Policy 127 Hands-on Lab 5.2: Viewing Connection Events 127 Hands-on Lab 5.3: Viewing the Network Map 127 Hands-on Lab 5.4: Creating Host Attributes 128 Exam Essentials 128 Review Questions 130 Chapter 6 Intrusion Event Analysis 133 Intrusion Analysis Principles 134 False. - Positives 134 False Negatives 135 Possible Outcomes 135 The Goal of Analysis 136 The Dashboard and Context Explorer 136 Intrusion Events 141 An Introduction to Workflows 141 The Time Window 142 The Analysis Screen 145 The Caveat 154 Rule Comment 168 Summary 175 Hands?]on Lab 175 Exam Essentials 177 Review Questions 178 Chapter 7 Network?]Based Malware Detection 181 AMP Architecture 182 SHA?]256 183 Spero Analysis 183 Dynamic Analysis 183 Retrospective Events 184 Communications Architecture 184 File Dispositions 185 File Disposition Caching 185 File Policy 185 Advanced Settings 186 File Rules 187 File Types and Categories 191 File and Malware Event Analysis 193 Malware Events 194 File Events 196 Captured Files 197 Network File Trajectory 199 Context. - Explorer 203 Summary 204 Hands?]on Lab 204 Exam Essentials 205 Review Questions 206 Chapter 8 System Settings 209 User Preferences 210 Event Preferences 211 File Preferences 211 Default Time Windows 211 Default Workflows 212 System Configuration 212 System Policy 215 Health 217 Health Monitor 217 Health Policy 218 Health Events 218 Blacklist 220 Health Monitor Alerts 221 Summary 222 Hands-on Lab 222 Hands-on Lab 8.1: Creating a New System Policy 223 Hands-on Lab 8.2: Viewing Health Information 223 Exam Essentials 223 Review Questions 225 Chapter 9 Account Management 227 User Account Management 228 Internal versus External User Authentication 229 User Privileges 229 Predefined User Roles 230 Creating New User Accounts 231 Managing User Role Escalation 237. - Configuring External Authentication 239 Creating Authentication Objects 240 Summary 246 Hands-on Lab 247 Hands-on Lab 9.1: Configuring a User in the Local Database 247 Hands-on Lab 9.2: Configuring Permission Escalation 247 Exam Essentials 248 Review Questions 249 Chapter 10 Device Management 251 Device Management 252 Configuring the Device on the Defense Center 254 NAT Configuration 266 Virtual Private Networks 267 Point-to-Point VPN 267 Star VPN 269 Mesh VPN 270 Advanced Options 270 Summary 271 Hands-on Labs 271 Hands-on Lab 10.1: Creating a Device Group 272 Hands-on Lab 10.2: Renaming the Device 272 Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272 Exam Essentials 273 Review Questions 274 Chapter 11 Correlation Policy 277 Correlation Overview 278 Correlation Rules,. - Responses,. - And Policies 279 Correlation Rules 279 Rule Options 284 Responses 286 Correlation Policy 291 White Lists 295 Traffic Profiles 301 Summary 308 Hands-on Lab 308 Exam Essentials 309 Review Questions 311 Chapter 12 Advanced IPS Policy Settings 313 Advanced Settings 314 Preprocessor Alerting 316 Application Layer Preprocessors 316 SCADA Preprocessors 320 Transport/Network Layer Preprocessors 320 Specific Threat Detection 325 Detection Enhancement 326 Intrusion Rule Thresholds 327 Performance Settings 327 External Responses 330 Summary 330 Hands?]on Lab 331 Hands?]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331 Hands?]on Lab 12.2: Enabling Inline Normalization 332 Hands?]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332 Exam Essentials 333. - Review Questions 334 Chapter 13 Creating Snort Rules 337 Overview of Snort Rules 338 Rule Headers 339 The Rule Body 342 Writing Rules 352 Using the System GUI to Build a Rule 353 Summary 355 Exam Essentials 356 Review Questions 357 <b & g. - CIP data; item not viewed | ||
| 520 | |a Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Administration Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language. Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms. Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination. | ||
| 650 | 0 | |a Computer networks |v Study guides |x Security measures |x Examinations | |
| 650 | 4 | |a Réseaux d'ordinateurs ; Sécurité ; Mesures ; Examens ; Guides de l'étudiant | |
| 650 | 4 | |a COMPUTERS ; Certification Guides ; General | |
| 650 | 4 | |a Computer networks ; Security measures ; Examinations | |
| 650 | 4 | |a Study guides | |
| 700 | 1 | |a Gay, John |e VerfasserIn |4 aut | |
| 700 | 1 | |a Tatistcheff, Alexis B. |e VerfasserIn |4 aut | |
| 776 | 1 | |z 9781119155034 | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |z 9781119155034 |
| 966 | 4 | 0 | |l DE-91 |p ZDB-30-ORH |q TUM_PDA_ORH |u https://learning.oreilly.com/library/view/-/9781119155034/?ar |m X:ORHE |x Aggregator |z lizenzpflichtig |3 Volltext |
| 912 | |a ZDB-30-ORH | ||
| 951 | |a BO | ||
| 912 | |a ZDB-30-ORH | ||
| 049 | |a DE-91 | ||
Datensatz im Suchindex
| DE-BY-TUM_katkey | ZDB-30-ORH-108523780 |
|---|---|
| _version_ | 1829007834012975104 |
| adam_text | |
| any_adam_object | |
| author | Lammle, Todd Gay, John Tatistcheff, Alexis B. |
| author_facet | Lammle, Todd Gay, John Tatistcheff, Alexis B. |
| author_role | aut aut aut |
| author_sort | Lammle, Todd |
| author_variant | t l tl j g jg a b t ab abt |
| building | Verbundindex |
| bvnumber | localTUM |
| collection | ZDB-30-ORH |
| ctrlnum | (DE-627-1)108523780 (DE-599)KEP108523780 (ORHE)9781119155034 |
| dewey-full | 005.8076 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8076 |
| dewey-search | 005.8076 |
| dewey-sort | 15.8076 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| edition | 1st |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>08335nam a22004932c 4500</leader><controlfield tag="001">ZDB-30-ORH-108523780</controlfield><controlfield tag="003">DE-627-1</controlfield><controlfield tag="005">20241001123221.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">241001s2015 xx |||||o 00| ||eng c</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781119155041</subfield><subfield code="c">ePub ebook</subfield><subfield code="9">978-1-119-15504-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1119155045</subfield><subfield code="c">ePub ebook</subfield><subfield code="9">1-119-15504-5</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781119155058</subfield><subfield code="c">PDF ebook</subfield><subfield code="9">978-1-119-15505-8</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1119155053</subfield><subfield code="c">PDF ebook</subfield><subfield code="9">1-119-15505-3</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781119155034</subfield><subfield code="9">978-1-119-15503-4</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)108523780</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KEP108523780</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ORHE)9781119155034</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)108523780</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8076</subfield><subfield code="2">23</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Lammle, Todd</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide</subfield><subfield code="b">exam 500-285</subfield><subfield code="c">Todd Lammle, John Gay, Alexis B. Tatistcheff</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1st</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">San Francisco</subfield><subfield code="b">Sybex</subfield><subfield code="c">2015</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Virtual Devices 6 Device Models 6 Defense Center Models 7 FireSIGHT Licensing 8 License Dependencies 9 Network Design 9 Inline IPS 10 Passive IPS 11 Router, Switch,. - And Firewall 11 Policies 12 The User Interface 13 Initial Appliance Setup 14 Setting the Management IP 15 Initial Login 15 Summary 17 Hands-on Lab 17 Review Questions 19 Chapter 2 Object Management 21 What Are Objects? 22 Getting Started 23 Network Objects 25 Individual Network Objects 25 Network Object Groups 25 Security Intelligence 26 Blacklist and Whitelist 26 Sourcefire Intelligence Feed 27 Custom Security Intelligence Objects 28 Port Objects 29 VLAN Tag 30 URL Objects and Site Matching 31 Application Filters 33 Variable Sets 35 File Lists 39 Security Zones 41 Geolocation 43 Summary 44 Hands-on Lab 45 Exam Essentials 49 Review Questions 51 Chapter 3 IPS Policy Management 53 IPS Policies 54 Default Policies 55 Policy Layers 56. - Creating a Policy 57 Policy Editor 58 Summary 65 Hands-on Labs 65 Hands-on Lab 3.1: Creating an IPS Policy 66 Hands-on Lab 3.2: Viewing Connection Events 66 Exam Essentials 66 Review Questions 68 Chapter 4 Access Control Policy 71 Getting Started with Access Control Policies 72 Security Intelligence Lists 75 Blacklists, Whitelists,. - And Alerts 76 Security Intelligence Page Specifics 77 Configuring Security Intelligence 79 Access Control Rules 86 Access Control UI Elements 86 Rule Categories 88 A Simple Policy 97 Saving and Applying 98 Summary 100 Hands?]on Lab 100 Exam Essentials 104 Review Questions 105 Chapter 5 FireSIGHT Technologies 107 FireSIGHT Technologies 108 Network Discovery Policy 109 Discovery Information 114 User Information 120 Host Attributes 124 Summary 126 Hands-on Labs 126 Hands-on Lab 5.1: Configuring a Discovery Policy 127 Hands-on Lab 5.2: Viewing Connection Events 127 Hands-on Lab 5.3: Viewing the Network Map 127 Hands-on Lab 5.4: Creating Host Attributes 128 Exam Essentials 128 Review Questions 130 Chapter 6 Intrusion Event Analysis 133 Intrusion Analysis Principles 134 False. - Positives 134 False Negatives 135 Possible Outcomes 135 The Goal of Analysis 136 The Dashboard and Context Explorer 136 Intrusion Events 141 An Introduction to Workflows 141 The Time Window 142 The Analysis Screen 145 The Caveat 154 Rule Comment 168 Summary 175 Hands?]on Lab 175 Exam Essentials 177 Review Questions 178 Chapter 7 Network?]Based Malware Detection 181 AMP Architecture 182 SHA?]256 183 Spero Analysis 183 Dynamic Analysis 183 Retrospective Events 184 Communications Architecture 184 File Dispositions 185 File Disposition Caching 185 File Policy 185 Advanced Settings 186 File Rules 187 File Types and Categories 191 File and Malware Event Analysis 193 Malware Events 194 File Events 196 Captured Files 197 Network File Trajectory 199 Context. - Explorer 203 Summary 204 Hands?]on Lab 204 Exam Essentials 205 Review Questions 206 Chapter 8 System Settings 209 User Preferences 210 Event Preferences 211 File Preferences 211 Default Time Windows 211 Default Workflows 212 System Configuration 212 System Policy 215 Health 217 Health Monitor 217 Health Policy 218 Health Events 218 Blacklist 220 Health Monitor Alerts 221 Summary 222 Hands-on Lab 222 Hands-on Lab 8.1: Creating a New System Policy 223 Hands-on Lab 8.2: Viewing Health Information 223 Exam Essentials 223 Review Questions 225 Chapter 9 Account Management 227 User Account Management 228 Internal versus External User Authentication 229 User Privileges 229 Predefined User Roles 230 Creating New User Accounts 231 Managing User Role Escalation 237. - Configuring External Authentication 239 Creating Authentication Objects 240 Summary 246 Hands-on Lab 247 Hands-on Lab 9.1: Configuring a User in the Local Database 247 Hands-on Lab 9.2: Configuring Permission Escalation 247 Exam Essentials 248 Review Questions 249 Chapter 10 Device Management 251 Device Management 252 Configuring the Device on the Defense Center 254 NAT Configuration 266 Virtual Private Networks 267 Point-to-Point VPN 267 Star VPN 269 Mesh VPN 270 Advanced Options 270 Summary 271 Hands-on Labs 271 Hands-on Lab 10.1: Creating a Device Group 272 Hands-on Lab 10.2: Renaming the Device 272 Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272 Exam Essentials 273 Review Questions 274 Chapter 11 Correlation Policy 277 Correlation Overview 278 Correlation Rules,. - Responses,. - And Policies 279 Correlation Rules 279 Rule Options 284 Responses 286 Correlation Policy 291 White Lists 295 Traffic Profiles 301 Summary 308 Hands-on Lab 308 Exam Essentials 309 Review Questions 311 Chapter 12 Advanced IPS Policy Settings 313 Advanced Settings 314 Preprocessor Alerting 316 Application Layer Preprocessors 316 SCADA Preprocessors 320 Transport/Network Layer Preprocessors 320 Specific Threat Detection 325 Detection Enhancement 326 Intrusion Rule Thresholds 327 Performance Settings 327 External Responses 330 Summary 330 Hands?]on Lab 331 Hands?]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331 Hands?]on Lab 12.2: Enabling Inline Normalization 332 Hands?]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332 Exam Essentials 333. - Review Questions 334 Chapter 13 Creating Snort Rules 337 Overview of Snort Rules 338 Rule Headers 339 The Rule Body 342 Writing Rules 352 Using the System GUI to Build a Rule 353 Summary 355 Exam Essentials 356 Review Questions 357 <b & g. - CIP data; item not viewed</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Administration Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language. Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms. Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="v">Study guides</subfield><subfield code="x">Security measures</subfield><subfield code="x">Examinations</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Réseaux d'ordinateurs ; Sécurité ; Mesures ; Examens ; Guides de l'étudiant</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">COMPUTERS ; Certification Guides ; General</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks ; Security measures ; Examinations</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Study guides</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Gay, John</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Tatistcheff, Alexis B.</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="1" ind2=" "><subfield code="z">9781119155034</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">9781119155034</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-ORH</subfield><subfield code="q">TUM_PDA_ORH</subfield><subfield code="u">https://learning.oreilly.com/library/view/-/9781119155034/?ar</subfield><subfield code="m">X:ORHE</subfield><subfield code="x">Aggregator</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">BO</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield></record></collection> |
| id | ZDB-30-ORH-108523780 |
| illustrated | Not Illustrated |
| indexdate | 2025-04-10T09:36:35Z |
| institution | BVB |
| isbn | 9781119155041 1119155045 9781119155058 1119155053 9781119155034 |
| language | English |
| open_access_boolean | |
| owner | DE-91 DE-BY-TUM |
| owner_facet | DE-91 DE-BY-TUM |
| physical | 1 Online-Ressource |
| psigel | ZDB-30-ORH TUM_PDA_ORH ZDB-30-ORH |
| publishDate | 2015 |
| publishDateSearch | 2015 |
| publishDateSort | 2015 |
| publisher | Sybex |
| record_format | marc |
| spelling | Lammle, Todd VerfasserIn aut SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 Todd Lammle, John Gay, Alexis B. Tatistcheff 1st San Francisco Sybex 2015 1 Online-Ressource Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Virtual Devices 6 Device Models 6 Defense Center Models 7 FireSIGHT Licensing 8 License Dependencies 9 Network Design 9 Inline IPS 10 Passive IPS 11 Router, Switch,. - And Firewall 11 Policies 12 The User Interface 13 Initial Appliance Setup 14 Setting the Management IP 15 Initial Login 15 Summary 17 Hands-on Lab 17 Review Questions 19 Chapter 2 Object Management 21 What Are Objects? 22 Getting Started 23 Network Objects 25 Individual Network Objects 25 Network Object Groups 25 Security Intelligence 26 Blacklist and Whitelist 26 Sourcefire Intelligence Feed 27 Custom Security Intelligence Objects 28 Port Objects 29 VLAN Tag 30 URL Objects and Site Matching 31 Application Filters 33 Variable Sets 35 File Lists 39 Security Zones 41 Geolocation 43 Summary 44 Hands-on Lab 45 Exam Essentials 49 Review Questions 51 Chapter 3 IPS Policy Management 53 IPS Policies 54 Default Policies 55 Policy Layers 56. - Creating a Policy 57 Policy Editor 58 Summary 65 Hands-on Labs 65 Hands-on Lab 3.1: Creating an IPS Policy 66 Hands-on Lab 3.2: Viewing Connection Events 66 Exam Essentials 66 Review Questions 68 Chapter 4 Access Control Policy 71 Getting Started with Access Control Policies 72 Security Intelligence Lists 75 Blacklists, Whitelists,. - And Alerts 76 Security Intelligence Page Specifics 77 Configuring Security Intelligence 79 Access Control Rules 86 Access Control UI Elements 86 Rule Categories 88 A Simple Policy 97 Saving and Applying 98 Summary 100 Hands?]on Lab 100 Exam Essentials 104 Review Questions 105 Chapter 5 FireSIGHT Technologies 107 FireSIGHT Technologies 108 Network Discovery Policy 109 Discovery Information 114 User Information 120 Host Attributes 124 Summary 126 Hands-on Labs 126 Hands-on Lab 5.1: Configuring a Discovery Policy 127 Hands-on Lab 5.2: Viewing Connection Events 127 Hands-on Lab 5.3: Viewing the Network Map 127 Hands-on Lab 5.4: Creating Host Attributes 128 Exam Essentials 128 Review Questions 130 Chapter 6 Intrusion Event Analysis 133 Intrusion Analysis Principles 134 False. - Positives 134 False Negatives 135 Possible Outcomes 135 The Goal of Analysis 136 The Dashboard and Context Explorer 136 Intrusion Events 141 An Introduction to Workflows 141 The Time Window 142 The Analysis Screen 145 The Caveat 154 Rule Comment 168 Summary 175 Hands?]on Lab 175 Exam Essentials 177 Review Questions 178 Chapter 7 Network?]Based Malware Detection 181 AMP Architecture 182 SHA?]256 183 Spero Analysis 183 Dynamic Analysis 183 Retrospective Events 184 Communications Architecture 184 File Dispositions 185 File Disposition Caching 185 File Policy 185 Advanced Settings 186 File Rules 187 File Types and Categories 191 File and Malware Event Analysis 193 Malware Events 194 File Events 196 Captured Files 197 Network File Trajectory 199 Context. - Explorer 203 Summary 204 Hands?]on Lab 204 Exam Essentials 205 Review Questions 206 Chapter 8 System Settings 209 User Preferences 210 Event Preferences 211 File Preferences 211 Default Time Windows 211 Default Workflows 212 System Configuration 212 System Policy 215 Health 217 Health Monitor 217 Health Policy 218 Health Events 218 Blacklist 220 Health Monitor Alerts 221 Summary 222 Hands-on Lab 222 Hands-on Lab 8.1: Creating a New System Policy 223 Hands-on Lab 8.2: Viewing Health Information 223 Exam Essentials 223 Review Questions 225 Chapter 9 Account Management 227 User Account Management 228 Internal versus External User Authentication 229 User Privileges 229 Predefined User Roles 230 Creating New User Accounts 231 Managing User Role Escalation 237. - Configuring External Authentication 239 Creating Authentication Objects 240 Summary 246 Hands-on Lab 247 Hands-on Lab 9.1: Configuring a User in the Local Database 247 Hands-on Lab 9.2: Configuring Permission Escalation 247 Exam Essentials 248 Review Questions 249 Chapter 10 Device Management 251 Device Management 252 Configuring the Device on the Defense Center 254 NAT Configuration 266 Virtual Private Networks 267 Point-to-Point VPN 267 Star VPN 269 Mesh VPN 270 Advanced Options 270 Summary 271 Hands-on Labs 271 Hands-on Lab 10.1: Creating a Device Group 272 Hands-on Lab 10.2: Renaming the Device 272 Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272 Exam Essentials 273 Review Questions 274 Chapter 11 Correlation Policy 277 Correlation Overview 278 Correlation Rules,. - Responses,. - And Policies 279 Correlation Rules 279 Rule Options 284 Responses 286 Correlation Policy 291 White Lists 295 Traffic Profiles 301 Summary 308 Hands-on Lab 308 Exam Essentials 309 Review Questions 311 Chapter 12 Advanced IPS Policy Settings 313 Advanced Settings 314 Preprocessor Alerting 316 Application Layer Preprocessors 316 SCADA Preprocessors 320 Transport/Network Layer Preprocessors 320 Specific Threat Detection 325 Detection Enhancement 326 Intrusion Rule Thresholds 327 Performance Settings 327 External Responses 330 Summary 330 Hands?]on Lab 331 Hands?]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331 Hands?]on Lab 12.2: Enabling Inline Normalization 332 Hands?]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332 Exam Essentials 333. - Review Questions 334 Chapter 13 Creating Snort Rules 337 Overview of Snort Rules 338 Rule Headers 339 The Rule Body 342 Writing Rules 352 Using the System GUI to Build a Rule 353 Summary 355 Exam Essentials 356 Review Questions 357 <b & g. - CIP data; item not viewed Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Administration Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language. Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms. Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination. Computer networks Study guides Security measures Examinations Réseaux d'ordinateurs ; Sécurité ; Mesures ; Examens ; Guides de l'étudiant COMPUTERS ; Certification Guides ; General Computer networks ; Security measures ; Examinations Study guides Gay, John VerfasserIn aut Tatistcheff, Alexis B. VerfasserIn aut 9781119155034 Erscheint auch als Druck-Ausgabe 9781119155034 |
| spellingShingle | Lammle, Todd Gay, John Tatistcheff, Alexis B. SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 Computer networks Study guides Security measures Examinations Réseaux d'ordinateurs ; Sécurité ; Mesures ; Examens ; Guides de l'étudiant COMPUTERS ; Certification Guides ; General Computer networks ; Security measures ; Examinations Study guides |
| title | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 |
| title_auth | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 |
| title_exact_search | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 |
| title_full | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 Todd Lammle, John Gay, Alexis B. Tatistcheff |
| title_fullStr | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 Todd Lammle, John Gay, Alexis B. Tatistcheff |
| title_full_unstemmed | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide exam 500-285 Todd Lammle, John Gay, Alexis B. Tatistcheff |
| title_short | SSFIPS Securing Cisco Networks with Sourcefire intrusion prevention system study guide |
| title_sort | ssfips securing cisco networks with sourcefire intrusion prevention system study guide exam 500 285 |
| title_sub | exam 500-285 |
| topic | Computer networks Study guides Security measures Examinations Réseaux d'ordinateurs ; Sécurité ; Mesures ; Examens ; Guides de l'étudiant COMPUTERS ; Certification Guides ; General Computer networks ; Security measures ; Examinations Study guides |
| topic_facet | Computer networks Study guides Security measures Examinations Réseaux d'ordinateurs ; Sécurité ; Mesures ; Examens ; Guides de l'étudiant COMPUTERS ; Certification Guides ; General Computer networks ; Security measures ; Examinations Study guides |
| work_keys_str_mv | AT lammletodd ssfipssecuringcisconetworkswithsourcefireintrusionpreventionsystemstudyguideexam500285 AT gayjohn ssfipssecuringcisconetworkswithsourcefireintrusionpreventionsystemstudyguideexam500285 AT tatistcheffalexisb ssfipssecuringcisconetworkswithsourcefireintrusionpreventionsystemstudyguideexam500285 |