Securing Hosts Using Cisco Security Agent (HIPS) — A 2-Day Course

 Open Public Course Closed In-House Course

Synopsis

HIPS is a two-day, lab-intensive training course which develops the knowledge and skills to deploy, configure and administer the Cisco Security Agent product to protect server and workstation hosts. It takes a task-oriented approach, using lecture and hands-on labs to teach the skills. The Cisco Security Agent functions to protect from intrusions, as compared to simply detecting attempted intrusions.

Course Objectives

After completing this course, students will be able to:

• Describe the need for network security; understand attack types, methods and Cisco security wheel
• CSA overview - functionality, components and architecture
• CSAMC install - overview, system requirements for management console
• CSAMC quick start configuration - configure a group, build an agent kit, view registered hosts, configure a policy, attach a policy to a group and generate rule programs
• CSAMC administration - accessing and using the management console
• Configure groups and manage hosts.Build agent kits and distributing software updates
• Develop a security policy
• Configure policies and rules for Windows and UNIX
• Use system correlation and heuristics
• Understand and configure application classes
• Configure variables - file sets, network address sets, network services, registry sets, COM component sets
• Use CSA Profiler for data analysis and as policy creation tool
• Configure and manage event logging, alerts and reports
• Understand and use CSAMC utilities - start/stop service for servers and agent, webmgr utility, backup configurations, COM extract utility and export / import configurations

Intended Audience

• Engineers who support sales of Cisco security product solutions
• Cisco Channel Partners, who sell, implement and maintain secure networks
• Cisco Customers who implement and maintain secure networks

Prerequisites

• Valid CCNA or equivalent knowledge
• 6 months practical experience of configuring Cisco IDS Routers
• Competency in using the Windows NT Operating system
• Familiarity with implementing network security policies and the following networking concepts:
  • Perimeter Security System Components
  • Perimeter Router
  • Firewall
  • Bastion Host/Servers and Hosts

Certification

The HIPS course is recommended as preparation for exam:

• 642-513

HIPS is part of the Cisco Certified Security Professional (CCSP) Certification Path.

Publicly scheduled dates, locations, and prices

Outline Course Contents

Security Fundamentals

• Need for Network Security
• Network Security Policy
• Network Attack Taxonomy

Cisco Security Agent Overview

• Defense in Depth
• Cisco Security Agent Architecture
• Anatomy of an Attack and Response
• Key Features of Cisco Security Agent

Cisco Security Agent Quick Start Installation

• CSAMC System Requirements
• CSA System Requirements
• Installing the CSAMC
• Configuring the CSAMC
• Installing the CSA

Cisco Security Agent Management Center Administration

• Using Cisco Securinty Agent Management Center

Using Event Logs and Generating Reports

• The Event Log and Event Monitor
• Configuring Event Sets
• Configuring Alerts
• Generating Reports

Configuring Groups and Managing Hosts

• Configuring Groups
• Building and Agent Kit
• Managing Hosts
• Deploying Scheduled Software Updates

Building Policies

• Developing a Security Policy
• Rule Basics
• Policy Components
• Configuring and Managing Policies
• Rules common to Windows and Unix
• Windows-Only Rules
• Unix-only Rules

Defining Application Classes

• About Application Classes
• Configuring Static Application Classes
• Dynamic Application Classes

Working with Variables

• Data Sets
• File Sets
• Network Address & Services Sets
• Registry Sets
• COM Component Sets

Using Cisco Security Agent Profiler

• Basics of Profiler
• Configuring an Analysis Job
• Starting Analysis
• The profiler Policy
• Profiler Reports