Description
Book SynopsisCisco has announced big changes to its certification program.
As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.
The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.
Up the ante on yourFirePOWER with Advanced FireSIGHT Administrationexam prep
Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285,provides 100% coverage of theFirePOWER with Advanced FireSIGHT Admin
Table of Contents
Introduction xv
Assessment Test xxv
Chapter 1 Getting Started with FireSIGHT 1
Industry Terminology 2
Cisco Terminology 3
FirePOWER and FireSIGHT 3
Out with the Old… 4
Appliance Models 5
Hardware vs. Virtual Devices 6
Device Models 6
Defense Center Models 7
FireSIGHT Licensing 8
License Dependencies 9
Network Design 9
Inline IPS 10
Passive IPS 11
Router, Switch, and Firewall 11
Policies 12
The User Interface 13
Initial Appliance Setup 14
Setting the Management IP 15
Initial Login 15
Summary 17
Hands-on Lab 17
Review Questions 19
Chapter 2 Object Management 21
What Are Objects? 22
Getting Started 23
Network Objects 25
Individual Network Objects 25
Network Object Groups 25
Security Intelligence 26
Blacklist and Whitelist 26
Sourcefire Intelligence Feed 27
Custom Security Intelligence Objects 28
Port Objects 29
VLAN Tag 30
URL Objects and Site Matching 31
Application Filters 33
Variable Sets 35
File Lists 39
Security Zones 41
Geolocation 43
Summary 44
Hands-on Lab 45
Exam Essentials 49
Review Questions 51
Chapter 3 IPS Policy Management 53
IPS Policies 54
Default Policies 55
Policy Layers 56
Creating a Policy 57
Policy Editor 58
Summary 65
Hands-on Labs 65
Hands-on Lab 3.1: Creating an IPS Policy 66
Hands-on Lab 3.2: Viewing Connection Events 66
Exam Essentials 66
Review Questions 68
Chapter 4 Access Control Policy 71
Getting Started with Access Control Policies 72
Security Intelligence Lists 75
Blacklists, Whitelists, and Alerts 76
Security Intelligence Page Specifics 77
Configuring Security Intelligence 79
Access Control Rules 86
Access Control UI Elements 86
Rule Categories 88
A Simple Policy 97
Saving and Applying 98
Summary 100
Hands]on Lab 100
Exam Essentials 104
Review Questions 105
Chapter 5 FireSIGHT Technologies 107
FireSIGHT Technologies 108
Network Discovery Policy 109
Discovery Information 114
User Information 120
Host Attributes 124
Summary 126
Hands-on Labs 126
Hands-on Lab 5.1: Configuring a Discovery Policy 127
Hands-on Lab 5.2: Viewing Connection Events 127
Hands-on Lab 5.3: Viewing the Network Map 127
Hands-on Lab 5.4: Creating Host Attributes 128
Exam Essentials 128
Review Questions 130
Chapter 6 Intrusion Event Analysis 133
Intrusion Analysis Principles 134
False Positives 134
False Negatives 135
Possible Outcomes 135
The Goal of Analysis 136
The Dashboard and Context Explorer 136
Intrusion Events 141
An Introduction to Workflows 141
The Time Window 142
The Analysis Screen 145
The Caveat 154
Rule Comment 168
Summary 175
Hands]on Lab 175
Exam Essentials 177
Review Questions 178
Chapter 7 Network]Based Malware Detection 181
AMP Architecture 182
SHA]256 183
Spero Analysis 183
Dynamic Analysis 183
Retrospective Events 184
Communications Architecture 184
File Dispositions 185
File Disposition Caching 185
File Policy 185
Advanced Settings 186
File Rules 187
File Types and Categories 191
File and Malware Event Analysis 193
Malware Events 194
File Events 196
Captured Files 197
Network File Trajectory 199
Context Explorer 203
Summary 204
Hands]on Lab 204
Exam Essentials 205
Review Questions 206
Chapter 8 System Settings 209
User Preferences 210
Event Preferences 211
File Preferences 211
Default Time Windows 211
Default Workflows 212
System Configuration 212
System Policy 215
Health 217
Health Monitor 217
Health Policy 218
Health Events 218
Blacklist 220
Health Monitor Alerts 221
Summary 222
Hands-on Lab 222
Hands-on Lab 8.1: Creating a New System Policy 223
Hands-on Lab 8.2: Viewing Health Information 223
Exam Essentials 223
Review Questions 225
Chapter 9 Account Management 227
User Account Management 228
Internal versus External User Authentication 229
User Privileges 229
Predefined User Roles 230
Creating New User Accounts 231
Managing User Role Escalation 237
Configuring External Authentication 239
Creating Authentication Objects 240
Summary 246
Hands-on Lab 247
Hands-on Lab 9.1: Configuring a User in the Local Database 247
Hands-on Lab 9.2: Configuring Permission Escalation 247
Exam Essentials 248
Review Questions 249
Chapter 10 Device Management 251
Device Management 252
Configuring the Device on the Defense Center 254
NAT Configuration 266
Virtual Private Networks 267
Point-to-Point VPN 267
Star VPN 269
Mesh VPN 270
Advanced Options 270
Summary 271
Hands-on Labs 271
Hands-on Lab 10.1: Creating a Device Group 272
Hands-on Lab 10.2: Renaming the Device 272
Hands-on Lab 10.3: Modifying the Name of the Inline Interface Set 272
Exam Essentials 273
Review Questions 274
Chapter 11 Correlation Policy 277
Correlation Overview 278
Correlation Rules, Responses, and Policies 279
Correlation Rules 279
Rule Options 284
Responses 286
Correlation Policy 291
White Lists 295
Traffic Profiles 301
Summary 308
Hands-on Lab 308
Exam Essentials 309
Review Questions 311
Chapter 12 Advanced IPS Policy Settings 313
Advanced Settings 314
Preprocessor Alerting 316
Application Layer Preprocessors 316
SCADA Preprocessors 320
Transport/Network Layer Preprocessors 320
Specific Threat Detection 325
Detection Enhancement 326
Intrusion Rule Thresholds 327
Performance Settings 327
External Responses 330
Summary 330
Hands]on Lab 331
Hands]on Lab 12.1: Modifying the HTTP Configuration Preprocessor 331
Hands]on Lab 12.2: Enabling Inline Normalization 332
Hands]on Lab 12.3: Demonstrating the Validation of Preprocessor Settings on Policy Commit 332
Exam Essentials 333
Review Questions 334
Chapter 13 Creating Snort Rules 337
Overview of Snort Rules 338
Rule Headers 339
The Rule Body 342
Writing Rules 352
Using the System GUI to Build a Rule 353
Summary 355
Exam Essentials 356
Review Questions 357
Chapter 14 FireSIGHT v5.4 Facts and Features 359
Branding 360
Simplified IPS Policy 361
Network Analysis Policy 362
Why Network Analysis? 365
Access Control Policy 365
General Settings 366
Network Analysis and Intrusion Policies 366
Files and Malware Settings 368
Transport/Network Layer Preprocessor Settings 368
Detection Enhancement Settings 368
Performance/Latency Settings 369
SSL Inspection 369
SSL Objects 370
New Rule Keywords 376
File_type 376
Protected_content 377
Platform Enhancements 377
International Enhancements 378
Minor Changes 378
Summary 378
Appendix Answers to Review Questions 379
Index 393
