McAfee Network Security Platform Administration Course



Similar documents
McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Network Security Platform 8.2

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

McAfee VirusScan and epolicy Orchestrator Administration Course

McAfee Network Data Loss Prevention Administration Intel Security Education Services Administration Course

Network Security Platform 7.5

Managing Latency in IPS Networks

Data Center Connector for vsphere 3.0.0

McAfee Next Generation Firewall (NGFW) Administration Course

Release Notes 7.5 [formerly IntruShield]

HP TippingPoint Security Management System User Guide

IBM Security QRadar SIEM Version MR1. Administration Guide

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

How To Fix A Fault Notification On A Network Security Platform (Xc) (Xcus) (Network) (Networks) (Manual) (Manager) (Powerpoint) (Cisco) (Permanent

Deploying F5 to Replace Microsoft TMG or ISA Server

McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Data Center Connector for OpenStack

Forcepoint Stonesoft Management Center

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

IBM Security QRadar Vulnerability Manager Version User Guide

HP IMC Firewall Manager

Cisco IPS Tuning Overview

NMS300 Network Management System

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

STRM Log Manager Administration Guide

Addendum I to 7.1 Documentation. McAfee Network Security Platform 7.1

McAfee Public Cloud Server Security Suite

IINS Implementing Cisco Network Security 3.0 (IINS)

McAfee Security. Management Client

McAfee Asset Manager Console

Sophos for Microsoft SharePoint startup guide

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Introduction to Junos Space Network Director

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Deploy Remote Desktop Gateway on the AWS Cloud

VMware vcenter Log Insight Getting Started Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

IBM Security SiteProtector System Configuration Guide

Network Security Platform 8.1

NETWRIX EVENT LOG MANAGER

GFI Product Manual. Deployment Guide

Introduction to Endpoint Security

Web Application Firewall

Implementing Cisco IOS Network Security

CTERA Agent for Linux

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Configuring PA Firewalls for a Layer 3 Deployment

Administration Guide NetIQ Privileged Account Manager 3.0.1

SevOne NMS Download Installation and Implementation Guide

Implementing Cisco IOS Network Security v2.0 (IINS)

Extreme Networks Security Log Manager Administration Guide

NETWRIX EVENT LOG MANAGER

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Configuration Guide. Websense Web Security Solutions Version 7.8.1

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

FortiWeb 5.0, Web Application Firewall Course #251

Citrix XenServer Workload Balancing Quick Start. Published February Edition

F-Secure Messaging Security Gateway. Deployment Guide

LifeSize Control Installation Guide

McAfee Data Loss Prevention 9.3.0

McAfee Database Activity Monitoring 5.0.0

McAfee Enterprise Security Manager 9.3.2

For Active Directory Installation Guide

Netwrix Auditor for Windows Server

HP A-IMC Firewall Manager

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Netwrix Auditor. Administrator's Guide. Version: /30/2015

TABLE OF CONTENTS NETWORK SECURITY 1...1

Copyright 2013 Trend Micro Incorporated. All rights reserved.

Course Syllabus. 2553A: Administering Microsoft SharePoint Portal Server Key Data. Audience. At Course Completion.

IBM. Vulnerability scanning and best practices

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

CTERA Agent for Mac OS-X

Product Manual. Administration and Configuration Manual

McAfee Network Security Platform A uniquely intelligent approach to network security

FileMaker Server 14. FileMaker Server Help

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Netwrix Auditor for Exchange

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Deployment Guide for Citrix XenDesktop

icrosoft TMG Replacement with NetScaler

Symantec Endpoint Protection Getting Started Guide

COORDINATED THREAT CONTROL

User Guide Secure Configuration Manager

McAfee Advanced Threat Defense 3.6.0

Administering Cisco ISE

74% 96 Action Items. Compliance

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Version 4.61 or Later. Copyright 2013 Interactive Financial Solutions, Inc. All Rights Reserved. ProviderPro Network Administration Guide.

Implementing Cisco Intrusion Prevention System 7.0 (IPS)

Setting up Microsoft Office 365

Transcription:

McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential component of implementing a successful intrusion prevention strategy. In hands-on lab sessions, you ll learn how to deploy and configure a Network Security Platform solution to protect against real-world attacks. You can immediately apply your new skills to improve protection for your business and take full advantage of your investment in our Network Security Platform. Course Goals Planning the deployment. Installing and configuring the Manager. Managing users and resources. Configuring and managing policies. Analyzing and responding to threats. Tuning your security policies for maximum effectiveness. Agenda At A Glance Day 1 Welcome Introduction to Network Intrusion Prevention Planning Getting Started User Management Administrative Domains Network Security Sensor Basic Sensor Management Audience System and network administrators, security personnel, auditors, and/or consultants concerned with network and system security should take this course. Register Now for Training

Agenda At A Glance Continued Day 2 Virtualization (Sub-interfaces) Policy Configuration Policy Customization Threat Explorer Advanced Malware Protection Day 3 Advanced Botnet Detection Denial of Service Attacks Endpoint Reputation Web Server Protection Day 4 Threat Analyzer Firewall Policy Configuration Policy Tuning Report Generation Operational Status Database Maintenance Recommended Pre-Work It is recommended that students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services. Course Outline Module 1: Welcome About the Course Acronyms and Terms Course Logistics Locating Resources on McAfee Business Website McAfee Product Training McAfee Foundstone Security Education ServicePortal Security Content Release Notes Product Enhancement Request Business Community Helpful Links Classroom Lab Topology Module 2: Introduction to Network Intrusion Prevention Security Threats: The Increasing Risks What are Threats and Attacks? Common Attack Types Motivation and Contributing Factors for Attacks Comparing Intrusion Detection and Prevention Types of Intrusion Prevention Systems Why a Network IPS is Important Network Security Platform New This Release Solution Components Attack Detection Framework Traffic Normalization Ten Steps to Using NSP Beyond Intrusion Prevention

Module 3: Planning a McAfee Network Security Platform Deployment Choosing a Deployment Option Deployment Requirements and Recommendations NSM Server Requirements NSM Client Requirements Windows Display and Browser Settings Virtual Server Minimum Requirements Virtual Machine Requirements NSP 8X Sensor Support NSP Server Ports Desktop Firewall Requirements Using Anti-virus Software with the NSM Wireshark Single and Central NSM Deployment Determining Database Requirements Sensor Deployments Determining Sensor Placement Determining Number of Sensors High Availability and Disaster Recovery Implementation Process Checklist Module 4: Getting Started Logging into Manager Interface Manager Installation Wizard Verifying Access to Manager Interface Operational Monitors Security Monitors Navigating Manager Interface Managing Dashboard Monitors Setting up Basic Features Manager Disaster Recovery (MDR) Configuring MDR Pair Central Manager Defining Trust with Central Manager Proxy Server Configuring Proxy Server IPS Event Notification Viewing Summary of IPS Events Simple Network Management Protocol (SNMP) Configuring SNMP Notification Syslog Notification Configuring Syslog Notification E-mail Server and Notification Configuring E-mail Server and Notification Configuring Script Notification Fault Notification Configuring Fault Notification Configuring Common Settings for Faults Access Events Notification User Activity Configuring User Activity: SNMP Configuring User Activity: Syslog Global Threat Intelligence GTI Integration Requirements Enabling GTI Integration

Module 5: User Management User Management Minimum Account Configuration Role Assignment Viewing Roles and Privileges Editing the Default Root Admin User Adding, Editing, and Deleting Users Verifying User Credentials Creating a Custom Role Assigning Domains and Roles Managing My Account Managing GUI Access Viewing User Activity Configuring Banner Text and Image Configuring Session Controls Configuring Password Controls Specifying Audit Settings Authentication Summary of Authentication Configuration LDAP External Authentication Configuring LDAP (Up to 4 Servers) Assigning LDAP Authentication RADIUS External Authentication Configuring RADIUS External Authentication Assigning RADIUS Authentication Module 6: Administrative Domains Administrative Domains Admin Domain s Hierarchical Structure How Admin Domains Work Managing Admin Domains Editing the Root Admin Domain Adding a Child Admin Domain Adding Users to a Child Domain Module 7: Network Security Sensor M-Series Sensor Portfolio NS-Series Sensor Portfolio Virtual IPS-series Sensor Portfolio Primary Function of Sensor Respond Inspect Classify Capture Virtualization (Sub-Interfaces) Secure Socket Layer (SSL) Decryption Acceleration and Operation Operating Modes Fail-close and Fail-Open (In-line Only) Multi-Port Monitoring Interface Groups (Port Clustering) High Availability Large Networks: Perimeter, Core, Internal Placement Best Practices Module 8: Network Security Sensor Installing Physical Sensors Installing Virtual Sensor Managing Sensors Devices Page: Global Tab Devices Page: Device Tab Installing Sensors in Manager Establishing Trust Downloading Signature Sets Reviewing Device Summary Viewing/Editing Physical Ports Port Types Name Resolution Network Time Protocol (NTP) Proxy Server

Module 8 (Continued) Activity Reports and Logs Review CLI Logging IPS Event Logging Alerting Options Remote Access: TACACS+ Remote Access: NMS Users and Devices Customizing Logon Banner Special Configurations High Availability ATD Integration DXL Integration Maintenance Deploying Pending Changes Deploying Device Software Troubleshooting Performance Monitoring Module 9: Virtualization Virtualization (Sub-interfaces) Valid interface Types Before and After VLAN and CIDR Logical Configuration Bridge VLAN Policy Application Determining Direction VLAN Tagging Double-VLAN Tagging CIDR Block Options Configuring VLAN Virtual Interface Configuring CDIR Virtual Interface Configuring Bridge VLAN Virtual Interface VLAN Sub-Interface Configuration CDIR Sub-Interface Configuration Module 10: Policies Configuraion Intrusion Prevention What are Policies? Policy Terms and Concepts Signatures Attack Definitions Types IPS Policies Policy Assignment Inheritance How Policies are Applied Policy Management Adding IPS Policy for Admin Domain Copying or Editing IPS Policy for Admin Domain Deleting IPS Policy for Admin Domain Adding IPS Policy for Interface Editing IPS Policy for Interface Using IPS Policies Page Defining Properties Viewing Attack Definitions Assigning Policies Using Policy Manager Interfaces Tab Deploying Changes Managing Policy Versions Deleting Policy Policy Import and Export Managing Legacy Reconnaissance Policies Reconnaissance Attack Settings Merge Utility

Module 11: Policy Customization How Attacks Definitions Work Traffic Processing and Analysis Attack Definitions Tab Attack Categories and Severity Attack Protection Categories Attack Definitions Tab: Customizing Your View Attack Definitions Tab: Quick Search, Sort, Columns, Groups, Filters, and Detail Attacks Detail Pane: Description Benign Trigger Probability (BTP) Attacks Detail Pane: Settings Tab Managing Policy Groups Module 12: Threat Explorer Analyzing Threats Customizing Threat Analyzer View Analyzing Source and Destination IP Addresses Top Attacks Top Attackers Top Targets Top Applications Top Attack Executables Top Malware Guidelines Module 13: Advanced Malware Protection Advanced Malware Detection Malware Engines Policy Management Advanced Malware Policies Configuration Using Advanced Malware Policies Page Using Policy Manager Malware Policy Parameters File Types Blacklist/Whitelist Engine TIE/GTI File Reputation Engine PDF and Flash Analysis Engines Gateway Anti-Malware Engine ATD Engine McAfee Cloud Engine Malware Engine Analysis Sequence Confidence Level Action Thresholds Analyzing Malware Malware Analysis Top Malware Detections Monitor Malware Detections Page Archiving Malware Files Best Practices Module 14: Advanced Botnet Detection Advanced Botnet Detection Zero-day and Targeted Botnet Detection Heuristics Examples of Implemented Heuristics Known Botnet Detection C&C Server/Callback Detection DNS Response Packet Inspection Whitelisted and Blacklisted Domains Detection Example: Blacklist Domain Detection Inspection Options Policies How Inspection Option Policies Work Policy Management Inspection Options Policies Configuration Properties Tab Inspection Options Tab

Module 14 (Continued) Configuring Traffic Inspection Configuring Advanced Botnet Detection Advanced Botnet Detection Options Legacy Malware Detection Options Assigning Policies to Sensor Resources Deploying Changes Analyzing Botnets Top Active Botnets Monitor Active Botnets Page: Organization Module 15: Denial of Service Configuration Module 15: Denial of Service Attacks Evolution of DoS Attacks Types of DoS Attacks Volume-based Attacks DoS Learning Mode DoS Learning Attacks Customizing DoS Learning Attack Managing DoS Learning Profiles DoS Threshold Mode Configuring Thresholds for Volumebased Attacks Connection Limiting Policies Adding Connection Limiting Policy Rate Limiting (QoS Policies) QoS and Rate Limiting Configuration Adding QoS Policy Configuring Rate Limiting Rules Protocol Settings Configuring Protocol Settings Anti-Spoofing Stateful TCP Engine DNS Protection Command Case Studies Module 16: Endpoint Reputation Global Threat Intelligence Review IP Reputation Policy Management IP Reputation Configuration Endpoint Reputation Analysis Options Deploying Changes Module 17: Web Server Protection Web Server Protection How Web Server Heuristic Analysis Works Policy Management Heuristic Web Application Server Inspection Configuration Prerequisite: SSL Decryption Private SSL certificates Prerequisite: Required Attacks Configuring Web Server Heuristic Analysis DoS Protection for Web Servers Layer 7 DoS Protection for Web Servers Web Server - DoS Prevention Configuration Configuring Web Server DoS Prevention Assigning Policies to Sensor Resources Module 18: Firewall Policy Configuration Firewall Policy Managing Firewall Policies Prerequisite: SSL Decryption Using Firewall Policies Page Using Policy Manager Rule Objects Adding Rule Object

Module 18 (Continued) Stateless Access Rules User-based Access Rules Application Identification Policy Export and Policy Import Firewall Access Logging Firewall Access Events Firewall Policy Definitions Configuration Report Module 19: Threat Analyzer Threat Analyzer Launching Threat Analyzer Menu Bar Dashboard Page NSP Health Dashboard Viewing Details for Pie Slice Deploying Pending Changes IPS Dashboard Viewing Details for Pie Slice Viewing Attacks Over Time Viewing Consolidated Attacks NTBA Dashboard Applications and GTI View Dashboard Adding Dashboards and Monitors Customizing the Dashboard Tabs Adding a Dashboard Adding a Monitor Alerts Page Viewing Alert Detail Managing Alerts Right-click Options Example Ignore Rule Endpoints Page Forensics Page Preferences Page Module 20: Policy Tuning What is Tuning? Why Implement Tuning? Prior to Tuning Two Phases of Policy Tuning False Positives and Noise Identifying False Positives Steps for Reducing False Positives Preventing False Positives Start with High-Volume Attacks Looking for Patterns Preventing Future False Positives Disabling Attacks and Alerts Adding Low Severity Attacks to Process Excessive Alerts High-Level Bottom-up Approach Analyzing Event Sorting by Attack Name Case Studies Module 21: Report Generation Reports Role Assignment Reporting Preferences Configuration Reports Running Configuration Report Next Generation Reports Running Default Next Generation Report Adding, Duplicating, Editing Next Generation Report Traditional Reports Running a Traditional Report Adding User Defined Report Configuring Report Automation Viewing Automatically-Generated Reports

Module 22: Operational Status Operational Monitors Device Summary Monitor Manager Summary Messages from McAfee Monitor Running Tasks Monitor System Health Monitor Managing Faults Viewing Manager Faults from Dashboard Viewing Device Faults from Dashboard Viewing Faults from Manage Page Alert Relevance Viewing Alert Relevance System Log Viewing System Log Exporting System Log Running Tasks Viewing User Activity Log Module 23: Database Maintenance Maintenance Archiving Malware Files Backing Up Data Automating Database Backup Viewing Scheduler Detail Exporting Backup Files Deleting Backup Files Database Tuning Tuning Now Automating Tuning Enabling and Defining Alert Pruning Calculating Maximum Alert Quantity Configuring File and Database Pruning Data Archiving Archiving Data Now Automating Archiving Data Export Archives Restoring Archive Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2015 McAfee, Inc. To order, or for further information, please contact McAfee Education at: 1-866-210-2715. NA, LTAM, and APAC: education@mcafee.com EMEA: proserv@mcafee.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information