LernIX Solutions

Course Overview

The Understanding Cisco Wireless Foundations (WLFNDU) course provides the knowledge and skills needed to configure, manage, and troubleshoot a Cisco wireless LAN (WLAN) network. Topics include understanding critical aspects of RF technology, industry standards for Wi-Fi and security, how to design, install, and configure a WLAN network of any size, as well as using Cisco DNA Center.

This course is worth 30 Continuing Education (CE) credits towards recertification

Course Objectives

After completing this course you should be able to:

Describe and implement foundational wireless theory
Describe and implement foundational wireless math and antennas
Describe and implement foundational wireless operation including Wi-Fi 6
Describe security and client access in a wireless network
Implement 802.1X and Extensible Authentication Protocol (EAP)
Implement wireless guest access and configure wireless security
Describe Cisco wireless architecture components and deployment options
Describe Cisco wireless architecture and its deployment modes, the Control and Provisioning of Wireless Access Points (CAPWAP) protocol, and the Cisco WLC and AP line up
Describe the wired support for implementing wireless networks
Deploy Cisco centralized wireless networks using Cisco 9800 WLC
Describe the centralized wireless access model and its configuration
Describe maintenance and troubleshooting in the centralized WLAN model
Describe the management and monitoring of Cisco Wireless Networks with Cisco DNA Center

Course Content

Module 1: RF and WLAN Theory

Module 2: WLAN Math and Antennas

Module 3: Wi-Fi Operations

Module 4: Basic WLAN Security

Module 5: Advanced WLAN Security

Module 6: Configuring WLAN Security

Module 7: Cisco Wireless Network Architecture

Module 8: Implementing Cisco Wireless Network

Module 9: Implementing Cisco Wireless Network Wired Support

Module 10: Deploying Cisco Centralized Wireless Networks

Module 11: Configuring Cisco Centralized Wireless Networks

Module 12: Maintaining and Troubleshooting Cisco Wireless Networks

Module 13: Managing and Monitoring Cisco Wireless Networks with Cisco DNA Center

Labs

Discovery 1: Practice RF Math
Discovery 2: Antenna Calculations
Discovery 3: Explore the Wi-Fi Environment
Discovery 4: Analyze Wireless Frames
Discovery 5: Configure Client Access
Discovery 6: Deploy Cisco 9800 WLC
Discovery 7: Configure Cisco 9800 WLC
Discovery 8: Perform Cisco 9800 WLC Maintenance

Course Overview

TheUnderstanding Cybersecurity Operations Fundamentals (CBROPS) course teaches an understanding of the network infrastructure devices, operations, and vulnerabilities of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. You will learn basic information about security concepts, common network application operations and attacks, the Windows and Linux operating systems, and the types of data used to investigate security incidents. After completing this course, you will have the basic knowledge required to perform the job role of an associate-level cybersecurity analyst in a threat-centric security operations center to strengthen network protocol, protect your devices and increase operational efficiency. This course prepares you for the Cisco Certified CyberOps Associate certification.

Please note that this course is a combination of Instructor-Led and Self-Paced Study – 5 days in the classroom and approx 1 day of self study. The self-study content will be provided as part of the digital courseware that you will recieve at the beginning of the course and should be part of your preparation for the exam.

Course Objectives

After completing this course you should be able to:

Explain how a SOC operates and describe the different types of services that are performed from a Tier 1 SOC analyst’s perspective.
Explain Network Security Monitoring (NSM) tools that are available to the network security analyst.
Explain the data that is available to the network security analyst.
Describe the basic concepts and uses of cryptography.
Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts.
Understand common endpoint security technologies.
Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors.
Identify resources for hunting cyber threats.
Explain the need for event data normalization and event correlation.
Identify the common attack vectors.
Identify malicious activities.
Identify patterns of suspicious behaviors.
Conduct security incident investigations.
Explain the use of a typical playbook in the SOC.
Explain the use of SOC metrics to measure the effectiveness of the SOC.
Explain the use of a workflow management system and automation to improve the effectiveness of the SOC.
Describe a typical incident response plan and the functions of a typical CSIRT.
Explain the use of VERIS to document security incidents in a standard format.
Describe the Windows operating system features and functionality.
Describe the Linux operating system features and functionality

Course Content

Defining the Security Operations Center

Understanding Network Infrastructure and Network Security Monitoring Tools

Exploring Data Type Categories

Understanding Basic Cryptography Concepts

Understanding Common TCP/IP Attacks

Understanding Endpoint Security Technologies

Understanding Incident Analysis in a Threat-Centric SOC

Identifying Resources for Hunting Cyber Threats

Understanding Event Correlation and Normalization

Identifying Common Attack Vectors

Identifying Malicious Activity

Identifying Patterns of Suspicious Behavior

Conducting Security Incident Investigations

Using a Playbook Model to Organize Security Monitoring

Understanding SOC Metrics

Understanding SOC Workflow and Automation

Describing Incident Response

Understanding the Use of VERIS

Understanding Windows Operating System Basics

Understanding Linux Operating System Basics

Labs

Configure the Initial Collaboration Lab Environment
Use NSM Tools to Analyze Data Categories
Explore Cryptographic Technologies
Explore TCP/IP Attacks
Explore Endpoint Security
Investigate Hacker Methodology
Hunt Malicious Traffic
Correlate Event Logs, PCAPs, and Alerts of an Attack
Investigate Browser-Based Attacks
Analyze Suspicious DNS Activity
Explore Security Data for Analysis
Investigate Suspicious Activity Using Security Onion
Investigate Advanced Persistent Threats
Explore SOC Playbooks
Explore the Windows Operating System
Explore the Linux Operating System

Course Overview

This 2-day course gives network administrators, network operators, and network engineers a functional understanding of the BIG-IP system as it is commonly deployed in an application delivery network.

The course introduces students to the BIG-IP system, its configuration objects, how it processes traffic, and how typical administrative and operational activities are performed.

The course includes lecture, hands-on labs, interactive demonstrations, and discussions.

Course Topics

• Configuration Project

• Troubleshooting Methodology

• F5 Support

• Troubleshooting – Bottom to Top

• Troubleshooting Tools

• Using System Logs

Course Objectives

At the end of this course, the student will be able to:

• Describe the role of the BIG-IP system as a full proxy device in an application delivery network

• Set up, start/restart/stop, license, and provision the BIG-IP system

• Create a basic network configuration on the BIG-IP system including VLANs and self IPs

• Use the Configuration utility and TMOS Shell (tmsh) to manage BIG-IP resources and use as a resource when troubleshooting

• Create, restore from, and manage BIG-IP archives

• Understand and implement troubleshooting methodology to find and resolve issues

• View resource status, availability, and statistical information and use this information to determine how the BIG-IP system is currently processing traffic

• Use iApps to update BIG-IP configuration

• Perform troubleshooting and problem determination activities including using the iHealth diagnostic tool, researching known issues and solutions on AskF5, submitting a problem ticket to F5 Technical Support, and view traffic flow using tcpdump

• Understand the tools (ping, netstat, tcpdump, ssldump, WireShark, diff, Kdiff3, Fiddler, BIG-IP logs, etc.) available to use to identify BIG-IP and network issues from bottom to top

• List log files available, understand log levels, and use the appropriate files, log levels, and filters for troubleshooting

• Use High Speed Logging (HSL) and SNMP trap implementations to perform troubleshooting and problem determination activities

• Describe the role of iRules in affecting traffic behavior and how to use them to aid with troubleshooting and problem determination

Course Content

Chapter 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP System Configuration

Chapter 2: Reviewing Local Traffic Configuration

• Reviewing Nodes, Pools, and Virtual Servers

• Reviewing Address Translation

• Reviewing Routing Assumptions

• Reviewing Application Health Monitoring

• Reviewing Traffic Behavior Modification with Profiles

• Reviewing the TMOS Shell (TMSH)

• Reviewing Managing BIG-IP Configuration Data

• Reviewing High Availability (HA)

Chapter 3: Troubleshooting Methodology

• Step-By-Step Process

• Documenting a Problem

• Putting Troubleshooting Steps to Use

Chapter 4: Working with F5 Support

• Leveraging F5 Support Resources

• Leveraging F5 Labs

• Working with F5 Technical Support

• Running End User Diagnostics (EUD) – Hardware Only

• New Platform Diagnostic Tools

• Always-On Management (AOM) Subsystem

• Requesting Return Materials Authorization

• F5’s Software Version Policy

• Managing the BIG-IP License for Upgrades

• Managing BIG-IP Disk Space

• Upgrading BIG-IP Software

Chapter 5: Troubleshooting – Bottom to Top

• Introducing Differences between BIG-IP and LINUX Tools

• Troubleshooting with Layer 1/Layer 2 Tools

• Troubleshooting with Layer 2/Layer 3 Tools

• Troubleshooting with Layer 3 Tools

• Troubleshooting Network Communication

• Troubleshooting Memory and CPU

• Troubleshooting with watch

• Troubleshooting with Additional tmsh commands

Chapter 6: Troubleshooting Tools

• tcpdump

• Wireshark

• SSL/TLS

• Fiddler

• diff

• KDiff3

• cURL

Chapter 7: Using System Logs

• Configuring Logging

• Log Files

• Understanding BIG-IP Daemons Functions

• Triggering an iRule

• Deploying and Testing iRules

• Application Visibility and Reporting

Chapter 8: Troubleshooting Lab Projects

• Network Configurations for Project

Chapter 9: Additional Training and Certification

• Getting Started Series Web-Based Training

• F5 Instructor Led Training Curriculum

• F5 Professional Certification Program

Course Changes since v15

The Troubleshooting BIG-IP v16.1 course presents much of the same content as v15.1 with minor modifications to improve flow. Password length is 8 digits.

Course Overview

Learn the details of Vulnerability Response in ServiceNow.

This two-day course covers Vulnerability Response essentials such as why customers need Vulnerability Response, what Vulnerability Response is, and how to properly implement Vulnerability Response.

Participants will learn the common technical aspects of a Vulnerability Response implementation as well as experience various processes to effectively manage a Vulnerability Response implementation. Additionally, participants will learn tactical skills and strategies that will better prepare them to implement Vulnerability Response in a scalable, repeatable, and efficient manner.

Topics include: Vulnerability Response Overview, Getting Data into Vulnerability Response, Tools to Manage Vulnerability Response Data, Automating Vulnerability Response, Vulnerability Response Data Visualization, Vulnerability Response Delta for the Paris Release, Capstone Project for Vulnerability Response Implementation

These objectives are achieved through a combination of demos, lecture, and group discussions. Lab exercises woven throughout the class walk you through how to effectively implement Vulnerability Response.

Course Objectives

After you complete this course you will be able to:

Prepare to Implement Vulnerability Response
Configure NVD Auto-Updates
Perform a full Qualys Integration
Preview Rapid7 and Tenable Integrations
Configure Vulnerability Groups
Configure Criticality Calculator Groups
Perform Vulnerability Remediation Task Assignments
Design a Severe Vulnerability Workflow
Work with Vulnerability Dashboards and Reports

Course Content

Vulnerability Response Overview

Define ServiceNow Security Operations
Discuss Vulnerability Response
Examine Vulnerability Response within the ServiceNow Platform
Lab 1.2 Exploring Vulnerability Response
Lab 1.3 Preparing to Implement Vulnerability Response

Getting Data Into Vulnerability Response

Definition of Vulnerabilities and Vulnerable Items
Integrate Vulnerability Response with Vulnerability Scanners and Other Data Sources
Scanner Integration and CMDB Reconciliation
Lab 2.1 Configure NVD Auto-Update
Lab 2.2 Full Qualys Integration and Store Preview

Tools to Manage Vulnerability Response

Configure Vulnerability Groups for Easier Management
Employ Tasking for Vulnerability Remediation
Lab 3.1 Configure Vulnerability Groups
Lab 3.2 Configure Vulnerability Calculator Groups
Lab 3.3 Vulnerability Remediation Task Assignment

Automating Vulnerability Response

Demonstrate how to handle Vulnerability Exceptions
Construct Workflows for Process Automation
Lab 4.1 Configure Vulnerability Exception Workflow

Vulnerability Response Data Visualization

Demonstrate Data Visualization through Dashboards and Reporting
Discuss Performance Analytics
Lab 5.1 Dashboards and Reports

Vulnerability Response Paris Delta

Discuss the new features in the Paris release
Define the changed features in the Paris release

Vulnerability Response Implementation Capstone Project

In order to reinforce the various topics presented in the Vulnerability Response Implementation course, the final course component is a take-home five task capstone project

Course Overview

Learn how to effectively manage a Vendor Risk Management Implementation.

This two-day course covers the domain knowledge, common implementation technical aspects, and various processes needed to effectively manage a Vendor Risk Management (VRM) implementation.

Attendees will learn and practice various tactical skills and strategies that will better prepare them to implement VRM. Through lectures, group discussion, hands-on labs and demonstrations, participants build on existing knowledge and skills by applying implementation best practices.

Topics include: Vendor Risk Management Review, Core Configuration, Assessment Configuration, Vendor Risk Issues and Processes, Vendor Portal Configuration, Application Relationships, Dashboards and Reports

Course Objectives

After you complete this course you will be able to:

Define key concepts and roles related to Vendor Risk Management in ServiceNow and navigate the Vendor Risk Management application components
Configure vendor portfolio data and vendor process workflows
Develop Questionnaire Templates, Document Request Templates, and Assessment Templates, which are used to create vendor risk assessments
Access the Vendor Assessment Portal, manage vendor contacts, complete assessments, and interact with the Vendor Risk team
Create and manage Vendor Risk Assessment related issues and remediation
Translate assessment responses into Risk and Control Compliance using existing GRC applications
Analyze baseline VRM reports and dashboards
Examine solution features and implementation considerations
Discuss supported integrations and share best practices

Course Content

Vendor Risk Management Review

About VRM
VRM Process
Technical Details
Lab 1.1 Preparing to Implement ServiceNow Vendor Risk Management

Core Configuration

Vendor Portfolio Configuration
Lab 2.1 Vendor Setup
Vendor Contacts Configuration
Lab 2.2 Populate Vendor Contacts
Vendor Tiering Configuration
Lab 2.3 Vendor Tiering
Vendor Security Scoring Configuration
Lab 2.4 Vendor Hierarchy and Engagements

Assessment Configuration

Assessment Basics
Vendor Assessment Configuration
Vendor Risk Assessment Generation
Lab 3.1 Vendor Risk Assessment Templates
Lab 3.2 [CHALLENGE] Data Privacy Assessment
Vendor Risk Assessment Calculations
Vendor Risk Assessment Lifecyle
Lab 3.3 Vendor Risk Assessments

Risk Issues and Processes

Vendor Risk Issue Configuration
Lab 4.1 Configure Vendor Risk Issue Approval Workflow
Vendor Risk Task Configuration
Vendor Risk Process Workflows
Lab 4.2 Configure Vendor Assessment Reminders Workflow

Vendor Portal Configuration

Contact Configuration
Lab 5.1 Working in the Vendor Assessment Portal
Vendor Assessment Processing and Configuration
Lab 5.2 Vendor Risk Issues
Lab 5.3: Vendor Risk Areas and Criteria Affecting Engagements

Application Relationships

ServiceNow GRC Overview
Monitor Risk and Control Compliance
Other Application Relationships
Lab 6.1 GRC Integration

Dashboards and Reports

Course Overview

Learn about the Security Incident Response, Vulnerability Response, and Threat Intelligence applications.

This two-day course covers the foundational topics of the ServiceNow Security Operation suite. The Security Operations Suite includes the Security Incident Response, Vulnerability Response, and Threat Intelligence applications. The Security Operations Suite provides the tools needed to manage the identification of threats and vulnerabilities within your organization as well as specific tools to assist in the management of Security Incidents.

Course Objectives

After you complete this course you will be able to:

Discuss the Current State of Security
Explain the Security Operations Maturity levels
Describe Security Incident Response Components and Configuration
Demonstrate the Baseline Security Incident Response Lifecycle
Identify Security Incident Response Workflow-Based Responses
Configure Vulnerability Assessment and Management Response tools
Explore the ServiceNow Threat Intelligence application
Employ Threat Sources and Explore Attack Modes and Methods
Define Observables, Indicators of Compromise (IOC) and IoC Look Ups
Discuss Security Operations Common Functionality
Use Security Operations Integrations
Demonstrate how to view and analyze Security Operations data

Course Content

Security Operations Overview

Current State of Security and Security Operations Maturity Levels
Introducing ServiceNow Security Operations
Essential Platform and Security Administration Concepts
Security Operations Common Functionality
Lab 1.3 Security Operations User Administration
Lab 1.4.1 Security Operations Common Functionality
Lab 1.4.2 Email Parser

Vulnerability Response

Vulnerability Response Overview
Vulnerability Classification and Assignment
Vulnerability Management
Configuration Compliance
Lab 2.1 Explore the Vulnerability Response Application
Lab 2.2 Explore Vulnerable Items and Vulnerability Groups
Lab 2.3 Vulnerability Groups (for Grouping Vulnerable Items)
Lab 2.4 Vulnerability Remediation

Security Incident Response

Security Incident Response Overview
Security Incident Response Components and Configuration
Baseline Security Incident Response Lifecycle
Security Incident Response Workflow-Based Responses
Lab 3.2 Security Incident Response Configuration
Lab 3.3 Creating Security Incidents

Threat Intelligence

Threat Intelligence Definition
Threat Intelligence Terminology
Threat Intelligence Toolsets
Trusted Security Circles
Lab 4.3.1 Review and Update an Existing Attack Mode or Method
Lab 4.3.2 Working with Indicators of Compromise (IOC) Lookups
Lab 4.3.3 Automated Lookups in Security Incidents

Security Operations Integrations

Work with Security Operations
Lab 5.1 Navigating Security Operations Integrations

Data Visualization

Course Overview

Learn the domain knowledge, technical aspects, and various processes needed to effectively manage a Security Incident Response implementation (SIRI).

This two-day course covers the domain knowledge, common implementation technical aspects, and various processes needed to effectively manage a Security Incident Response implementation (SIRI).

Attendees will learn and practice various tactical skills and strategies that will better prepare them to implement Security Incident Response (SIR). Through lectures, group discussion, hands-on labs and simulations, participants build on existing knowledge and skills by applying implementation best practices.

Course Objectives

After you complete this course you will be able to:

Security Incident Response Overview
Create Security Incidents
Security Incident and Threat Intelligence Integrations
Security Incident Response Management
Risk Calculations and Post Incident Response
Security Incident Automation
Data Visualization
Family Delta Module
Capstone Project

Course Content

Security Incident Response Overview

Identify the goals of Security Incident Response (SIR)
Discuss the importance of understanding customers and their goals, and discuss how Security Incident Response meets customer expectations

Create Security Incidents

Determine how to create Security Incident Response incidents: Setup Assistant, Using the Service Catalog, Manual Creation, and Via Email Parsing

Security Incident and Threat Intelligence Integrations

Discuss different integration capabilities
Describe the Three Key Security Incident Response Integrations: Custom, Platform, Store & Share.

Security Incident Response Management

Describe the Security Incident Response Management process and components: Assignment Options, Escalation Paths, Security Tags, Process Definitions and Selection.

Risk Calculations Post Incident Response

Identify Calculators and Risk Scores
Be able to post Incident Reviews.

Security Incident Automation

Discuss the Security Incident Response Automation processes available on the ServiceNow Platform: Workflows, Flow Designer, and Playbooks.

Data Visualization

Explain the different Security Incident Response Dashboards and Reports available in the ServiceNow platform: Data Visualization, Dashboards and Reporting, Performance Analytics.

Security Incident Response Family Release DELTA

Learn about the new, enhanced, and/or deprecated features of the current Security Incident Response family release.

Capstone Project

There is a final take-home Capstone project where participants provision a Developer instance and complete directed tasks to reinforce the concepts learned in class.

Course Overview

The Securing the Web with Cisco Web Security Appliance (SWSA) course shows you how to implement, use, and maintain Cisco® Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you’ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution’s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more.

Course Objectives

After completing this course you should be able to:

Describe Cisco WSA
Deploy proxy services
Utilize authentication
Describe decryption policies to control HTTPS traffic
Understand differentiated traffic access policies and identification profiles
Enforce acceptable use control settings
Defend against malware
Describe data security and data loss prevention
Perform administration and troubleshooting

Course Content

Cisco WSA Overview

Technology Use Case
Cisco WSA Solution
Cisco WSA Features
Cisco WSA Architecture
Proxy Service
Integrated Layer 4 Traffic Monitor
Data Loss Prevention
Cisco Cognitive Intelligence
Management Tools
Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration
Cisco Content Security Management Appliance (SMA)

Proxy Services

Explicit Forward Mode vs.Transparent Mode
Transparent Mode Traffic Redirection
Web Cache Control Protocol
Web Cache Communication Protocol
WCCP Upstream and Downstream Flow
Proxy Bypass
Proxy Caching
Proxy Auto-Config (PAC) Files
FTP Proxy
Socket Secure (SOCKS) Proxy
Proxy Access Log and HTTP Headers
Customizing Error Notifications with End User Notification (EUN) Pages

Cisco WSA Authentication

Authentication Protocols
Authentication Realms
Tracking User Credentials
Explicit (Forward) and Transparent Proxy Mode
Bypassing Authentication with Problematic Agents
Reporting and Authentication
Re-Authentication
FTP Proxy Authentication
Troubleshooting Joining Domains and Test Authentication
Integration with Cisco Identity Services Engine (ISE)

Administration and Troubleshooting

Monitor the Cisco Web Security Appliance
Cisco WSA Reports
Monitoring System Activity Through Logs
System Administration Tasks
Troubleshooting
Command Line Interface

Decryption Policies

Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview
Certificate Overview
Overview of HTTPS Decryption Policies
Activating HTTPS Proxy Function
Access Control List (ACL) Tags for HTTPS Inspection
Access Log Examples

Differentiated Traffic Access Policies and Identification Profiles

Overview of Access Policies
Access Policy Groups
Overview of Identification Profiles
Identification Profiles and Authentication
Access Policy and Identification Profiles Processing Order
Other Policy Types
Access Log Examples
ACL Decision Tags and Policy Groups
Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications

Defending Against Malware

Web Reputation Filters
Anti-Malware Scanning
Scanning Outbound Traffic
Anti-Malware and Reputation in Policies
File Reputation Filtering and File Analysis
Cisco Advanced Malware Protection
File Reputation and Analysis Features
Integration with Cisco Cognitive Intelligence

Acceptable Use Control Settings

Controlling Web Usage
URL Filtering
URL Category Solutions
Dynamic Content Analysis Engine
Web Application Visibility and Control
Enforcing Media Bandwidth Limits
Software as a Service (SaaS) Access Control
Filtering Adult Content

Data Security and Data Loss Prevention

Data Security
Cisco Data Security Solution
Data Security Policy Definitions
Data Security Logs

Labs:

Discovery Lab 1: Configure the Cisco Web Security Appliance
Discovery Lab 2: Configure Proxy Authentication
Discovery Lab 3: Configure Reporting Services and Web Tracking
Discovery Lab 4: Configure the Cisco Secure Emial and Web Manager for Tracking and Reporting
Discovery Lab 5: Configure HTTPS Inspection
Discovery Lab 6: Create and Enforce a Time/Date-Based Acceptable Use Policy
Discovery Lab 7: Configure Advanced Malware Protection
Discovery Lab 8: Configure Referrer Header Exceptions
Discovery Lab 9: Utilize Third-Party Security Feeds and MS Office 365 External Feed
Discovery Lab 10: Validate an Intermediate Certificate

Course Overview

The Securing Cloud Deployments with Cisco Technologies course shows you how to implement Cisco cloud security solutions to secure access to the cloud, workloads in the cloud, and software as a service (SaaS) user accounts, applications, and data. Through expert instruction and hands-on labs, you’ll learn a comprehensive set of skills and technologies including: how to use key Cisco cloud security solutions; detect suspicious traffic flows, policy violations, and compromised devices; implement security controls for cloud environments; and implement cloud security management. This course covers usage of Cisco Cloudlock, Cisco Umbrella, Cisco Cloud Email Security, Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Stealthwatch Cloud and Enterprise, Cisco Firepower NGFW (next-generation firewall), and more.

Course Objectives

After completing this course you should be able to:

Contrast the various cloud service and deployment models.
Implement the Cisco Security Solution for SaaS using Cisco Cloudlock Micro Services.
Deploy cloud security solutions using Cisco AMP for Endpoints, Cisco Umbrella, and Cisco Cloud Email Security.
Define Cisco cloud security solutions for protection and visibility using Cisco virtual appliances and Cisco Stealthwatch Cloud.
Describe the network as a sensor and enforcer using Cisco Identity Services Engine (ISE), Cisco Stealthwatch Enterprise, and Cisco TrustSec.
Implement Cisco Firepower NGFW Virtual (NGFWv) and Cisco Stealthwatch Cloud to provide protection and visibility in AWS environments.
Explain how to protect the cloud management infrastructure by using specific examples, defined best practices, and AWS reporting capabilities.

Course Content

Introducing the Cloud and Cloud Security

Describe the Evolution of Cloud Computing
Explain the Cloud Service Models
Explore the Security Responsibilities Within the Infrastructure as a Service (IaaS) Service Model
Explore the Security Responsibilities Within the Platform as a Service (PaaS) Service Model
Explore the Security Responsibilities Within the SaaS Service Model
Describe Cloud Deployment Models
Describe Cloud Security Basics

Implementing the Cisco Security Solution for SaaS Access Control

Explore Security Challenges for Customers Using SaaS
Describe User and Entity Behavior Analytics, Data Loss Prevention (DLP), and Apps Firewall
Describe Cloud Access Security Broker (CASB)
Describe Cisco CloudLock as the CASB
Describe OAuth and OAuth Attacks

Deploying Cisco Cloud-Based Security Solutions for Endpoints and Content Security

Describe Cisco Cloud Security Solutions for Endpoints
Describe AMP for Endpoints Architecture
Describe Cisco Umbrella
Describe Cisco Cloud Email Security
Design Comprehensive Endpoint Security

Introducing Cisco Security Solutions for Cloud Protection and Visibility

Describe Network Function Virtualization (NFV)
Describe Cisco Secure Architectures for Enterprises (Cisco SAFE)
Describe Cisco NGFWv/Cisco Firepower Management Center Virtual
Describe Cisco ASAv
Describe Cisco Services Router 1000V
Describe Cisco Stealthwatch Cloud
Describe Cisco Tetration Cloud Zero-Trust Model

Describing the Network as the Sensor and Enforcer

Describe Cisco Stealthwatch Enterprise
Describe Cisco ISE Functions and Personas
Describe Cisco TrustSec
Describe Cisco Stealthwatch and Cisco ISE Integration
Describe Cisco Encrypted Traffic Analytics (ETA)

Implementing Cisco Security Solutions in AWS

Explain AWS Security Offerings
Describe AWS Elastic Compute Cloud (EC2) and Virtual Private Cloud (VPC)
Discover Cisco Security Solutions in AWS
Explain Cisco Stealthwatch Cloud in AWS

Describing Cloud Security Management

Describe Cloud Management and APIs
Explain API Protection
Illustrate an API Example: Integrate to ISE Using pxGrid
Identify SecDevOps Best Practices
Illustrate a Cisco Cloud Security Management Tool Example: Cisco Defense Orchestrator
Illustrate a Cisco Cloud Security Management Tool Example: Cisco CloudCenter™
Describe Cisco Application Centric Infrastructure (ACI)
Describe AWS Reporting Tools

Labs

Lab1: Explore the Cisco Cloudlock Dashboard and User Security
Lab 2: Explore Cisco Cloudlock Application and Data Security
Lab 3: Explore Cisco AMP Endpoints
Lab 4: Perform Endpoint Anaylsis Using the AMP Endpoint Console
Lab 5: Examine the Umbrella Dashboard
Lab 6: Examine Cisco Umbrella Investigate
Lab 7: Explore Email Ransomware Protection by Cisco Cloud Email Security
Lab 8: DNS Ransomware Protection by Cisco Umbrella
Lab 9: Explore File Ransomware Protection by Cisco AMP for Endpoints
Lab 10: Explore a Ransomware Execution Example
Lab 11: Implement Cisco ASAv in ESXi
Lab 12: Configure and Test Basic Cisco ASAv Network Address Translation (NAT)/Access Control List (ACL) Functions
Lab 13: Explore Cisco Stealthwatch Cloud
Lab 14: Explore Stealthwatch Cloud Alerts Settings, Watchlists, and Sensors
Lab 15: Explore the Network as the Sensor and Enforcer
Lab 16; Explore Cisco Stealthwatch Enterprise
Lab 17: Deploy NGFWv and FMCv in AWS
Lab 18: Troubleshoot FTD and FMC in AWS – Scenario 1
Lab 19: Troubleshoot FTD and FMC in AWS – Scenario 2
Lab 20: Troubleshoot FTD and FMC in AWS – Scenario 3
Lab 30: Explore AWS Reporting Capabilities

Course Overview

Securing Cisco Networks with Snort Rule Writing Best Practices is a lab-intensive course that introduces users of open source Snort or Sourcegire FIRESIGHT systems to the Snort rules language and rule-writing best practices. Users focus exclusively on the Snort rules language and rule writing. Starting from rule syntax and structure to advanced rule-option usage, you will analyze exploit packet captures and put the rule writing theories learned to work—implementing rule-language features to trigger alerts on the offending network traffic.This course also provides instruction and lab exercises on how to detect certain types of attacks, such as buffer overflows, utilizing various rule-writing techniques. You will test your rule-writing skills in two challenges: a theoretical challenge that tests knowledge of rule syntax and usage, and a practical challenge in which we present an exploit for you to analyze and research so you can defend your installations against the attack.This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand and implement open source rules.

Course Objectives

After completing this course, you should be able to:

Describe rule structure, rule syntax, rule options and their usage.
Configure and create Snort rules
Describe the rule optimization process to create efficient rules
Describe preprocessors and how data is presented to the rule engine
Create and implement functional Regular Expressions in Snort rules
Design and apply rules using byte_jump/test/extract rule options
Understand the concepts behind protocol modeling to write rules that perform better

Course Content

Module 1: Welcome to the Cisco and Sourcefire Virtual Network

Module 2: Basic Rule Syntax and Usage

Module 3: Rule Optimization

Module 4: Using Perl Compatible Regular Expressions (PCRE) in Rules

Module 5: Using Byte_Jump/Test/Extract Rule Options

Module 6: Protocol Modeling Concepts and Using Flowbits in Rule Writing

Module 7: Case Sudies in Rule Writing and Packet Analysis

Module 8: Rule Performance Monitoring

Module 9: Rule Writing Practiceal Labs, Exercises, and Challenges

Labs

Lab 1: Infrastructure Familarization
Lab 2: Writing Custom Rules
Lab 3: Drop Rules
Lab 4: Replacing Content
Lab 5: SSH Rule Scenerio
Lab 6: Optimizing Rules
Lab 7: Using PCREtest to Test Regex Options
Lab 8: Use PCREtest to Test Custom Regular Expressions
Lab 9: Writing Rules That Contain PCRE
Lab 10: Exploiting SADMIND Trust
Lab 11: Using the Bitwise AND Operation in Byte_Test Rule Option
Lab 12: Detecting ZenWorks Directory Traversal Using Byte_Extract
Lab 13: Writing a Flowbit Rule
Lab 14: Extra Flowbits Challenge
Lab 15: Strengthen Your Brute-Force Rule with Flowbits
Lab 16: Research and Packet Analysis
Lab 17: Revisiting the Kaminsky Vulnerability
Lab 18: Configuring Rule Profiling
Lab 19: Testing Rule Performance
Lab 20: Configure Rule Profiling to View PCRE Performance
Lab 21: Preventing User Access to a Restricted Site
Lab 22: SQL Injection
Lab 23: The SQL Attack Revisited