SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide Exam 500-285

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you’re working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program.  Likewise, if you’re thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020. 

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews.  Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language.

Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms.

• Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities
• Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis
• Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination
• Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary

Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.

Todd Lammle, CCSI and SFCP (SourceFire Certified Professional), is the authority on Cisco networking. President of GlobalNet Training & Consulting, Inc., a network integration and training firm, Todd has worked with Fortune 500 companies for nearly 35 years. His Cisco book sales have reached almost 1,000,000 copies in print. John Gay is a Field Security Enablement Lead with Cisco Systems. Prior to Cisco's acquisition of Sourcefire, John served as Director of Instructional Delivery. He has worked in the security industry for over 15 years. Alex Tatistcheff, CISSP, GPEN, GCIH, GCIA, SFCE, is currently a Network Consulting Engineer for Cisco Security Solutions specializing in FireSIGHT. Prior to Cisco's acquisition of Sourcefire, he worked for over five years as a Senior Security Instructor.

Assessment Test xxv

Chapter 1 Getting Started with FireSIGHT 1

Industry Terminology 2

Cisco Terminology 3

FirePOWER and FireSIGHT 3

Out with the Old… 4

Appliance Models 5

Hardware vs. Virtual Devices 6

Device Models 6

Defense Center Models 7

FireSIGHT Licensing 8

License Dependencies 9

Network Design 9

Inline IPS 10

Passive IPS 11

Router, Switch, and Firewall 11

Policies 12

The User Interface 13

Initial Appliance Setup 14

Setting the Management IP 15

Initial Login 15

Summary 17

Hands-on Lab 17

Review Questions 19

Chapter 2 Object Management 21

What Are Objects? 22

Getting Started 23

Network Objects 25

Individual Network Objects 25

Network Object Groups 25

Security Intelligence 26

Blacklist and Whitelist 26

Sourcefire Intelligence Feed 27

Custom Security Intelligence Objects 28

Port Objects 29

VLAN Tag 30

URL Objects and Site Matching 31

Application Filters 33

Variable Sets 35

File Lists 39

Security Zones 41

Geolocation 43

Summary 44

Hands-on Lab 45

Exam Essentials 49

Review Questions 51

Chapter 3 IPS Policy Management 53

IPS Policies 54

Default Policies 55

Policy Layers 56

Creating a Policy 57

Policy Editor 58

Summary 65

Hands-on Labs 65

Hands-on Lab 3.1: Creating an IPS Policy 66

Hands-on Lab 3.2: Viewing Connection Events 66

Exam Essentials 66

Review Questions 68

Chapter 4 Access Control Policy 71

Getting Started with Access Control Policies 72

Security Intelligence Lists 75

Blacklists, Whitelists, and Alerts 76

Security Intelligence Page Specifics 77

Configuring Security Intelligence 79

Access Control Rules 86

Access Control UI Elements 86

Rule Categories 88

A Simple Policy 97

Saving and Applying 98

Summary 100

Hands]on Lab 100

Exam Essentials 104

Review Questions 105

Chapter 5 FireSIGHT Technologies 107

FireSIGHT Technologies 108

Network Discovery Policy 109

Discovery Information 114

User Information 120

Host Attributes 124

Summary 126

Hands-on Labs 126

Hands-on Lab 5.1: Configuring a Discovery Policy 127

Hands-on Lab 5.2: Viewing Connection Events 127

Hands-on Lab 5.3: Viewing the Network Map 127

Hands-on Lab 5.4: Creating Host Attributes 128

Exam Essentials 128

Review Questions 130

Chapter 6 Intrusion Event Analysis 133

Intrusion Analysis Principles 134

False Positives 134

False Negatives 135

Possible Outcomes 135

The Goal of Analysis 136

The Dashboard and Context Explorer 136

Intrusion Events 141

An Introduction to Workflows 141

The Time Window 142

The Analysis Screen 145

The Caveat 154

Rule Comment 168

Summary 175

Hands]on Lab 175

Exam Essentials 177

Review Questions 178

Chapter 7 Network]Based Malware Detection 181

AMP Architecture 182

SHA]256 183

Spero Analysis 183

Dynamic Analysis 183

Retrospective Events 184

Communications Architecture 184

File Dispositions 185

File Disposition Caching 185

File Policy 185

Advanced Settings 186

File Rules 187

File Types and Categories 191

File and Malware Event Analysis 193

Malware Events 194

File Events 196

Captured Files 197

Network File Trajectory 199

Context Explorer 203

Summary 204

Hands]on Lab 204

Exam Essentials 205

Review Questions 206

Chapter 8 System Settings 209

User Preferences 210

Event Preferences 211

File Preferences 211

Default Time Windows 211

Default Workflows 212

System Configuration 212

System Policy 215

Health 217

Health Monitor 217

Health Policy 218

Health Events 218

Blacklist 220

Health Monitor Alerts 221

Summary 222

Hands-on Lab 222

Hands-on Lab 8.1: Creating a New System Policy 223

Hands-on Lab 8.2: Viewing Health Information 223

Exam Essentials 223

Review Questions 225

Chapter 9 Account Management 227

User Account Management 228

Internal versus External User Authentication 229

User Privileges 229

Predefined User Roles 230

Creating New User Accounts 231

Managing User Role Escalation 237

Configuring External Authentication 239

Creating Authentication Objects 240

Summary 246

Hands-on Lab 247

Hands-on Lab 9.1: Configuring a User in the Local Database 247

Hands-on Lab 9.2: Configuring Permission Escalation 247

Exam Essentials 248

Review Questions 249

Chapter 10 Device Management 251

Device Management 252

Configuring the Device on the Defense Center 254

NAT Configuration 266

Virtual Private Networks 267

Point-to-Point VPN 267

Star VPN 269

Mesh VPN 270

Advanced Options 270

Summary 271

Hands-on Labs 271

Hands-on Lab 10.1: Creating a Device Group 272

Hands-on Lab 10.2: Renaming the Device 272

Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272

Exam Essentials 273

Review Questions 274

Chapter 11 Correlation Policy 277

Correlation Overview 278

Correlation Rules, Responses, and Policies 279

Correlation Rules 279

Rule Options 284

Responses 286

Correlation Policy 291

White Lists 295

Traffic Profiles 301

Summary 308

Hands-on Lab 308

Exam Essentials 309

Review Questions 311

Chapter 12 Advanced IPS Policy Settings 313

Advanced Settings 314

Preprocessor Alerting 316

Application Layer Preprocessors 316

SCADA Preprocessors 320

Transport/Network Layer Preprocessors 320

Specific Threat Detection 325

Detection Enhancement 326

Intrusion Rule Thresholds 327

Performance Settings 327

External Responses 330

Summary 330

Hands]on Lab 331

Hands]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331

Hands]on Lab 12.2: Enabling Inline Normalization 332

Hands]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332

Exam Essentials 333

Review Questions 334

Chapter 13 Creating Snort Rules 337

Overview of Snort Rules 338

Rule Headers 339

The Rule Body 342

Writing Rules 352

Using the System GUI to Build a Rule 353

Summary 355

Exam Essentials 356

Review Questions 357

Chapter 14 FireSIGHT v5.4 Facts and Features 359

Branding 360

Simplified IPS Policy 361

Network Analysis Policy 362

Why Network Analysis? 365

Access Control Policy 365

General Settings 366

Network Analysis and Intrusion Policies 366

Files and Malware Settings 368

Transport/Network Layer Preprocessor Settings 368

Detection Enhancement Settings 368

Performance/Latency Settings 369

SSL Inspection 369

SSL Objects 370

New Rule Keywords 376

File_type 376

Protected_content 377

Platform Enhancements 377

International Enhancements 378

Minor Changes 378

Summary 378

Appendix Answers to Review Questions 379

Index 393

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.