© 2001, Cisco Systems, Inc. CSIDS 2.0—1-1 Cisco Secure Intrusion Detection System 2.0
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-2 Chapter 1 Course Introduction
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-3 Course Objectives Upon completion of this course, you will be able to perform the following tasks: Install and configure CSPM and the CSIDS Sensor in multiple network configurations. Use CSPM to centrally manage and configure multiple Sensors. Configure the CSIDS Sensor to detect, respond to, and report intrusion activity. Use CSPM to translate intrusion data into intuitive and effective graphical displays.
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-4 Course Objectives (cont.) Use the CSIDS NSDB to view signature and network security vulnerability information. Develop and implement customized intrusion detection signatures. Configure the CSIDS Sensor in device management mode to interface with a Cisco IOS router to stop network attacks. Configure the Catalyst 6000 IDS Module for the Catalyst 6000 family of switches to perform intrusion detection in multiple VLANs. Understand the CSIDS architecture and the relationship between configuration files and tokens.
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-5 Course Agenda Chapter 1—Course Introduction Chapter 2—Introduction to Network Security Chapter 3—Intrusion Detection and the Cisco Secure IDS Environment Chapter 4—Cisco Secure Policy Manager Installation Chapter 5—Cisco Secure IDS Sensor Installation Chapter 6—Alarm Management Chapter 7—Cisco Secure IDS Signatures
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-6 Course Agenda (cont.) Chapter 8 — Sensor Configuration Chapter 9 — Signature and Intrusion Detection Configuration Chapter 10 — IP Blocking Configuration Chapter 11 — Catalyst 6000 IDS Module Configuration Chapter 12 — Cisco Secure IDS Architecture
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-7 Student Responsibilities Complete prerequisites Participate in lab exercises Ask questions Provide feedback Participant Responsibilities
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-8 General Administration Class-related Sign-in sheet Length and times Break and lunch room locations Attire Facilities-related Participant materials Site emergency procedures Restrooms Telephones/faxes
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-9 Ethernet link Router PIX Firewall CSIDS Sensor Internet Server Student Workstation/Server CSIDS Director CSPM Graphic Symbols
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-10 Your name Your company Pre-req skills Brief history Objective Participant Introductions
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-11 Lab Topology
© 2001, Cisco Systems, Inc. CSIDS 2.0—1-12 Pod P Your Pod Pod Q Peer Pod CSPM Lab Visual Objective rP e0/0 e0/ P.0 /24.P.1.4 rQ e0/0 e0/1.Q Q.0 / / P.3CSPM10.0.Q.3 Host ID = 3, Org ID = P Host Name = cspm P, Org Name = pod P Host ID = 3, Org ID = Q Host Name = cspm Q, Org Name = pod Q.6 sensorP idsmP sensorQ idsmQ