Curso presencial
Miguel Hidalgo (México)
Duración : 2 Días
2 days course teaches advanced skills to configure and manage Check Point IPS. You will créate and monitor a client profile, monitor an attack, cutomize a protection and learn basic troubleshooting techniques
Emagister S.L. (responsable) tratará tus datos personales con la finalidad de gestionar el envío de solicitudes de información y comunicaciones promocionales de formación con tu consentimiento. Ejerce tus derechos de acceso, supresión, rectificación, limitación, portabilidad y otros, según se indica en nuestra política de privacidad.
Sedes
Localización
Fecha inicio
Objetivos
Al tomar este curso aprenderán a identificar la mejor estrategia de implementación de IPS para su entorno, Aplicar la prevención de amenaza de día cero, identificar los principales eventos de seguridad y protecciones.
A quién va dirigido
Personas técnicas que implementen o administren los productos de Check Point, administradores de Sistemas, Administradores de seguridad e Ingenieros de Red.
Requisitos
Introduction to Check Point IPS Software Blade training Working knowledge of Windows and/or Unix Basic networking knowledge Experience with TCP/IP and the internet
Temario completo de este curso
Preface: Advanced IPS
Advanced IPS Overview
Check Point 3D Security
Chapter: 1 IPS Management
Check Point IPS
o Learning Objectives:
o Check Point IPS Overview
o IPS in SmartDashboard
o IPS Profiles
o Activating Protections
o Protection Browser
o IPS Updates
o Network Exceptions
o Tracking Protections Using Follow Up
o Geo Protection
o Bypass Under Load
o Chapter Review
Lab 1: Deploying IPS
Configuring the IPS Blade
o Test the Security Policy and Demonstration Tool
Testing IPS Functionality
Changing IPS Policy Enforcement
Lab 2: Deploying Geo Protection in IPS
Modifying Anti‐Spoofing Settings
Test IPS Geo Protection
Chapter: 2 IPS Monitoring
Introducing IPS Event Analysis
o Learning Objectives:
o IPS Event Analysis
o IPS Event Analysis Architecture
Chapter Review
Lab 3: Using Profiles in IPS
Testing the Default_Protection Profile
o Define a New Profile
o Identifying Attacks with SmartEvent
Chapter: 3 IPS Architecture
Introducing IPS Architecture
o Learning Objectives:
o Key IPS Architecture Design Elements
o Performance — Accelerated Integrated IPS
COURSE DESCRIPTION
3
o Secure — Multi‐threat Detection Engine
o Passive Streaming Library
o Protocol Parsers .
o Context Management Infrastructure
o Compound Signature Identification
o INSPECTv2
o How the Architecture Runs IPS
Chapter Review
Lab 4: Manually Updating IPS Protections (Optional)
Downloading and Installing IPS Protections
o Follow Up with IPS Protection Review
Lab 5: IPS Troubleshooting Features
Configuring and Testing IPS Troubleshooting Mode
Configure and Test the IPS Bypass Settings
Chapter: 4 IPS Tuning
Optimizing IPS
o Learning Objectives:
o Managing Performance Impact
o Tuning Protections
o Enhancing System Performance
o Configure Servers
o Engine Settings
Chapter Review
Lab 6: Tuning IPS Performance
Configuring Protection Engine Settings
o Configuring Server Objects
o Identifying Top Events and Protections
o Modifying Protections to Defend Against Common Attacks
o Debugging the Logging Mechanism
Chapter: 5 IPS Debugging
IPS Debugging
o Learning Objectives:
o IPS Debug Tools
o SmartView Tracker Modes
o Packet Capture
o Kernel Debugging
IPS Debugging Scenarios
o False Positives
o Performance Issues
o Logging Issues
o Pattern Match Debug
o Packet Dump Buffer
COURSE DESCRIPTION
4
o Debug Flags Overview
Chapter Review
Lab 7: Advanced IPS Troubleshooting
Using Debug to Gather IPS Statistics
o Using tcpdump to Identify the Source of an Attack
o Modifying Protection to Prevent Attack Source
o Viewing Gateway Messages
Appendix: Chapter Questions and Answers
Chapter 1 ‐ IPS Management
Chapter 2 ‐ IPS Monitoring
Chapter 3 ‐ IPS Architecture
Chapter 4 ‐ IPS Tuning
Chapter 5 ‐ IPS Debugging