Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Learn Cisco Sourcefire Firepower Intrusion Prevention System

Learn Cisco Sourcefire Intrusion Prevention System and prepare for the SSFIPS exam 500-285

Created byInfini Tech

Last updated 12/2016

English

What you'll learn

Understand Cisco Sourcefire Next Generation IPS
Configure Cisco Sourcefire NGIPS using Cisco Firesight
Create Access Control Policies
Create IPS policies
Create Application Filtering Policies
At a high level understand how to configure SSL inspection / Decryption
Understand and configure security intelligence
Understand how to configure sensitive data detection
Create custom IPS rules
Use Firesight as a compliance tool
Configure Traffic Profile to monitor traffic deviation and identify anomalies on the network
Automating Responses to Threats
Using and creating Dashboards
Running reports and creating custom reports
Scheduling reports
Understand Snort Rules Anatomy
Understand the different preprocessors used by the system
Understand user accounts, external authentication, and user roles
Prepare for the SSFIPS exam 500-285

Course content

11 sections • 84 lectures • 8h 41m total length

Introduction1:43
Discover the fundamentals of the Cisco Sourcefire Firepower intrusion prevention system and its role in network security.
Cisco Sourcefire Firepower Intro10:39
Install Firesight / Defense Center5:14
Deployment Modes2:50
Install IPS sensor9:58
Install and activate a Sourcefire IPS sensor, configure management and network interfaces, apply licenses, and set up inline or passive deployment with security zones for intrusion prevention.
Section 1

Access Control Policies Basics11:17
Access Control Policies based on Applications5:29
Interactive Block3:21
Using Application Filters to simplify access policy6:02
Using objects and object groups in the access control policy5:07
Using URL filtering - Url categories9:45
Block high-risk and non-business web categories with URL filtering in access control policies, using reset or block actions, while managing a 50-category limit and logging to verify blocked traffic.
Create Custom Application Detectors6:27
Create custom application detectors on your farside system to monitor internal apps and apply access rules, using Wireshark packet captures to identify Company X Y Z traffic.
Security Intelligence6:40
GeoLocation Based Access Rules3:18
Active Directory Integration15:32
Learn to integrate Active Directory with the Firepower intrusion prevention system by configuring the user agent, AD server, and access-control policy to enforce group-based rules.
SSL Decryption Policies7:14
Section 3

Intrusion Prevention Policies Basics6:47
Variable Sets deep dive8:16
Network Discovery and Host Scanning10:27
Network Discovery Policies Deep Dive9:18
Firesight Recommendations - Staying Uptodate with the latest threats5:02
Explore how Firesight recommendations analyze hosts to generate and enable intrusion prevention rules, commit and reapply policy updates, and automate scheduling to stay up to date with the latest threats.
Create Custom IPS rules6:47
Shared Object Rules3:30
Network Analysis Policy2:29
Closer look at the Network Analysis Policies7:29
Explore locating, cloning, and customizing Cisco's network analysis policies in Firepower, and compare connectivity over security with maximum detection to balance security and connectivity while tuning pre-processing and ports.
Sensitive Data - Data Leakage Detection / Prevention - Data Loss Prevention10:34
Custom Sensitive Data Detection2:37
Adaptive Profiles1:55
Learn how adaptive profiles in the intrusion prevention system defragment packets and reassemble tcap streams like the destination os, enabling anomaly detection and network discovery-driven policy tuning.
Adaptive Profiles in Passive Deployment3:32
Policy Layers and other information4:45
Dynamic state rules3:40
Configure dynamic state rules to throttle or drop traffic after threshold matches, applying intrusion policy to block sources during denial of service, demonstrated with icmp echo reply.
Rate Based Attack Prevention5:02
Enable rate based attack protection in the network analysis policy, track by source or destination, and drop traffic when thresholds are exceeded to prevent excessive connections and intrusions.
Event Suppression1:24
Understanding Thresholds3:57
Port Scan Detector5:21
Impact Level3:53
Packet latency and rule performance thresholds7:09
Event level details1:20
Section 4

File Policy and Malware Protection10:39
Custom Detection LIst7:46
File Policy additional features4:22
Using Network File Trajectory tool2:04
Use the network file trajectory tool to trace file transfers, enabling forensics by showing which machines downloaded the file and when, with sender and receiver IPs and disposition.
Indication Of Compromise4:25
Other things you need to know about file policies3:46
Section 5

Firesight as a Compliance Tool6:24
Host Profile Survey4:38
Traffic Profile and Anomaly Detection7:13
Create and monitor traffic profiles in Cisco Firepower to sample data, build a baseline, and alert when activity exceeds normal patterns via standard deviations.
Automating Response to Threats using Cisco ASA shun6:29
Automate threat response by blocking suspicious traffic with a policy-driven remediation using the map module, correlation events, and block source actions on a Cisco ASA.
Automating Response to Threats using Cisco Null Route2:53
Using Set Attribute action response10:01
Use the set attribute action to tag hosts with unusual traffic, triggering remediation and alerts via policy rules in the Firepower intrusion prevention system.
Connection Tracker7:00
Learn to use connection tracking in Cisco Sourcefire Firepower IPS to trigger alerts when external initiations target internal hosts, with criteria like country, bytes, time, and host or user identity.
Section 6

Dashboard / Dashboard Customization / Creating Custom Dashboards9:35
Discover how to use and customize dashboards in Cisco Sourcefire Firepower, adding widgets to monitor traffic, events, risk, and intrusion activity, and build your own custom dashboards.
Custom Widgets5:24
NOC Dashboard1:52
Context Explorer6:49
Context Explorer provides a quick network overview, showing traffic, intrusion events, and top users by source IP and destination IP, with filters for country, security zones, and application protocol.
Running Reports, Report Templates, Create your own Reports12:33
Schedule Reports1:37
Section 7

Snort Rules - Part 19:51
Snort Rules - Part 28:59
Learn how perl-compatible regular expressions match payload content in snort rules, with key syntax and modifiers, and how service metadata guides rule application based on identified applications.
Snort Rules - Part 310:44
Learn to craft snort rules in Firepower to match fragmented IP headers, IP options such as source routing, ICMP values, and flow tracking with content and file inspections.
Section 8

Transport and Network Layer Preprocessing10:44
Explore how transport and network layer preprocessing decodes packets, verifies checksums, and applies inline normalization of headers and payloads for intrusion rules, then manages ECN, TTL, fragmentation, defragmentation, and streams.
DCE/RPC preprocessor11:01
DNS Preprocessor2:26
FTP and Telnet Preprocessor6:21
HTTP preprocessor8:42
Other Preprocessors10:16
Section 9

Clustering and Stacking1:42
Learn clustering and stacking to achieve high availability with active standby, designate a device as active and other as passive, and apply policies to cluster for spillover via ha link.
Virtual Switching2:41
Virtual Router8:33
Configure a virtual router on Sourcefire devices to route traffic between segments, apply security policies and intrusion prevention, and manage layer 3 interfaces, arp entries, static routes, and icmp behavior.
LAG interfaces4:16
Explore lag interfaces, their types, and how link aggregation control protocol (lacp) negotiates active links, while learning load balancing algorithms, port counts, and policies to optimize redundancy and bandwidth.
Hybrid interfaces1:39
Gateway VPNs6:04
Configure Sourcefire vpn gateways using phase one diffie-hellman and phase two sa with rsa authentication to establish encrypted traffic across point-to-point, hub-and-spoke, and mesh deployments.
NAT Policies7:35
Section 10

Requirements

Understand network fundamentals
General knowledge of intrusion prevention and detection systems

Description

This course covers Cisco Sourcefire / Firesight next generation IPS and takes the student into advanced topic that would allow them to understand the solution and prepare for the SSFIPS exam - 500-285

Firepower Threat Defense is not covered in this class; however, information in this class is still valid and applies to firesight configuration and if you are running ASA with SFR module. New class covering FTD will be available soon. You will get an email with a coupon code once the new class is available.

This course covers version 5.4.1

Student needs to have previous knowledge about the terminology of intrusion prevention and detection.

Over 8 hours of video instructions
No material are included with this class.

You should take this course if you are curious about the SourceFire / Firesight / Firepower and want to get familiar with the product or if you want to prepare for the 500-285 exam.

The course progress the student in configuring the product from basics to advanced level and covers theoretical knowledge needed for the exam. Student will gain in-depth understanding on IPS tuning and in-depth configuration topics

Covering Firepower management center and IPS virtual

You get a Certificate Of Completion after finishing this course

Who this course is for:

Students who want to learn Cisco Sourcefire Intrusion Prevention System
Students seeking to get certified SSFIPS

Learn Cisco Sourcefire Firepower Intrusion Prevention System

What you'll learn

Explore related topics

Course content

Introduction and System Install5 lectures • 30min

Inital Settings, updating and monitoring your system3 lectures • 22min

Configure Access Control Policies11 lectures • 1hr 20min

Configuring IPS policies22 lectures • 1hr 55min

File policy and malware protection6 lectures • 33min

Firesight Compliance and automation response to threats7 lectures • 45min

Dashboard and Reporting6 lectures • 38min

Snort Rules3 lectures • 30min

Preprocessors6 lectures • 50min

Sourcefire Networking Features7 lectures • 33min

Requirements

Description

Who this course is for: