Cisco Network Security: Intrusion Detection and Prevention

Review the fundamentals of intrusion detection and intrusion prevention systems (IDS/IPS), how they detect and mitigate common attacks, and the practical applications of IDS/IPS.

Introduction

• Welcome
• What you need to know
• Packet Tracer and exercise files
• Prepare for the CCNA Security Exam (210-260)

1. IDS and IPS Overview

• Managing the threat landscape
• Overview and benefits of IDS and IPS
• IPS versus IDS
• Host-based versus network IDS
• Prerequisites and restrictions for IPS

2. Detection and Signature Engines

• Monitoring the network
• Signature-based IDS
• Sweep scan
• Anomaly-based IDS
• Reputation-based IDS
• Policy-based IDS

3. Decisions and Actions

• IDS signature files
• Trigger actions and responses
• Blacklist and whitelist
• Managing IPS alarms

4. Deploying an IOS-Based IPS

• Analyze the flow
• Implementing an IPS
• Configure an IPS

5. Practical Applications

• Monitoring and analyzing
• Syslog
• Using IDS and honeypots
• The EINSTEIN system

Conclusion

• Summary