Global Knowledge-Cisco - (Page 50)

Updated MARS - Cisco Security Monitoring,Analysis, and Response System v3.0 Course 5731 Cisco Course v3.0 | MARS v4.3.4 | Prepares you for Cisco Exam 642-545 MARS. Course Description Cisco Security Monitoring, Analysis, and Response System (CS-MARS) is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. With CS-MARS solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance. Hands-On Labs Lab 1: Remote Lab Familiarization You will have access to: • Three Microsoft Windows desktop PCs • Six Windows 2003/2000 servers • An ASA 5520 firewall • A Catalyst 3560 L2/L3 switch • Two 2811 IOS routers • The MARS appliance (not virtual) Lab 2: Bootstrapping the MARS • Perform initial login, basic configurations, and command line options • Explore several newer commands available in versions 4.3.4 Lab 3: Importing Hardware Devices into MARS • Exclusive – Use version 4.3.4 of code • Exclusive – Use live Cisco equipment • Perform a manual device entry • Auto Discover devices • Use a Seed File to import devices Lab 4: Generating Summary Reports • Exclusive – Configure the Netflow on the IOS routers • Maneuvering the GUI • Reviewing queries Lab 5: Exploring Rules • Create a basic rule • Investigate an incident to mark as a false positive, creating a drop rule Lab 6: Generating Queries & Reports • Enter appropriate logging commands on an IOS device • Explore newer IOS commands to allow command logging to MARS • Run queries with different search parameters Lab 7: Case Management and Rule Actions • Create a case and have the case e-mailed to a user • Modify the action on a rule to automatically generate an e-mail when the incident is created Lab 8: Incident Handling and Mitigation • Launch an attack against your DMZ from the outside of the network • Investigate the incident and attack vector graphs • Review the recommended mitigation response from MARS Lab 9: Tuning the MARS • Tune networking devices from generating incidents • Investigate an Incident and create a False Positive rule • Explore device-side tuning and appliance-side tuning Lab 10: Creating a Custom Parser • Use tool to provide custom syslog messages so you do not have to fail/penetrate production equipment • Create a custom parser to parse a Barracuda WebFilter log Lab 11: CSM and MARS Interaction • Exclusive – Configure CSM with a Cisco IPS • Add a CSM Server to MARS • Generate an event and have the IPS report the event to MARS • Investigate the event by querying CSM directly from MARS • Review the IPS signature that caused the event directly from MARS Lab 12: IPS and MARS Integration • Load the baseline config into the IPS • Exclusive – Work with IPS version 6.x code directly on a live working IPS Sensor (not a virtual device) • Configure the IPS for SNMP support • Create a MARS account in the IPS • Add the IPS to MARS • Configure Dynamic Signature Updates • Use Command Line options in the IPS to verify MARS is configured correctly Lab 13: Adding a Software Reporting Device • Exclusive – Install the latest SNARE software and configure it • Add a Windows Server as a reporting device using SNARE and RPC • An IIS Server as a reporting device • Exclusive – Add a Symantec AV Server as a reporting device and trigger an event with a virus infection Lab 14: Adding an AAA Reporting Device • Exclusive – Install and configure PNLOGAGENT on the ACS Server • Configure the ACS Server as a reporting device in MARS • Log into an IOS device and see the event in MARS Exclusive – Lab 15: Maintaining the MARS Appliance • Extract raw messages from MARS • Archive Data to a Windows NFS share • Set up NFS on Windows using a Microsoft Utility • Explore newer commands available only in newer versions of MARS code • Configure MARS to authenticate to a Cisco Secure ACS using RADIUS Why Take MARS from Global Knowledge? We’ve enhanced our labs well beyond what you’ll find in the standard Cisco MARS training course, and we incorporate more real-world labs, network devices, and software applications. The standard Cisco MARS course uses preconfigured virtual devices where we use real equipment to prepare you for real-world scenarios. You’ll benefit from the expertise of our skilled instructors, who have experience deploying this appliance in the field going back to the days when this was a Perfigo™ appliance. With our approach to MARS training, you’ll gain confidence in your familiarity with the MARS appliance as well as its integration with most Cisco equipment, Windows Servers, and other common software applications. Our enhanced labs provide access to the latest MARS software, while the standard course is based on the older 4.3.1 code. Also, our course includes a lab on configuring Cisco Security Manager (CSM) with a Cisco IPS and performing an attack scenario to cross-launch the incident from MARS to CSM. What You’ll Learn in Class • MARS design solutions, features, and functions as they relate to security incidents and security information in an enterprise network • Basic physical installation process • Add Cisco and non-Cisco security and network devices into the MARS appliance • Configure network devices to generate events that constitute an attack scenario and have MARS collect the events for incident investigation • Attack mitigation and false positive confirmation • Perform Incident Investigation and Mitigation • Create, view, and save a long-duration query and reports • Configure the MARS appliance to send alerts • Configure rules that detect interesting patterns of network activity • Use Case Management features in the MARS appliance to assign incidents to specific MARS users for follow up • Configure hardware maintenance chores • MARS Global Controller and Log Parser Templates • Distributed Threat Mitigation using the Cisco IOS IPS • Configure antivirus software to report a live virus • MARS Interaction with Cisco Security Manager • Basic configuration of a Cisco IPS in Cisco Security Manager • Configure various Windows Servers (2003 and 2000) to use SNARE and RPC to report log events to MARS Classroom Learning 4 days $2,895 29 CLCs On-Site Learning Call for info. Classroom Learning CA Los Angeles CA Sacramento CA San Jose DC Washington DC Washington FL Orlando GA Atlanta Jun 23-26 May 19-22 Mar 17-20 Mar 10-13 Jun 9-12 Jan 6-9 Dec 9-12 GA Atlanta GA Atlanta IL Chicago IL Chicago MA Boston NC Raleigh NC Raleigh NJ Morristown Feb 10-13 May 26-29 Mar 31-Apr 3 Jun 29-Jul 2 Feb 24-27 Jan 27-30 Jun 2-5 Apr 14-17 NY NY OH ON ON TX TX TX New York New York Columbus Toronto Toronto Dallas Dallas Houston Jan 20-23 Apr 21-24 Jun 16-19 Jan 12-14 Apr 20-23 Feb 3-6 May 5-8 Jan 13-16 50 REGISTER NOW 1-800-COURSES www.globalknowledge.com/cisco http://www.globalknowledge.com/cisco Table of Contents for the Digital Edition of Global Knowledge-CiscoGlobal Knowledge-CiscoContentsCCENT e-CampCCNA CertificationCCNA Boot CampICND1/CCENT - Interconnecting Cisco Network Devices 1ICND2 - Interconnecting Cisco Network Devices 2BSCI - Building Scalable Cisco Internetworks v3.0BCMSN - Building Cisco Multilayer Switched NetworksONT - Optimizing Converged Cisco NetworksISCW - Implementing Secure Converged Wide Area NetworksTCN - Troubleshooting Cisco NetworksCCDA Boot CampMPLS - Implementing Cisco MPLS v2.2MPLS ENT - Enterprise Networks Over Service Provider MPLSMPLST - MPLS Traffic Engineering and Other FeaturesBGP - Configuring BGP on Cisco RoutersCCIE Training Curriculum Preview New!ACESM - Implementing the Application Control Engine Service Module New!ACEAP - Implementing the Cisco ACE�Application Control Engine Appliance New!AXGOC - ACE�XML Gateway Operation &�Configuration New! WAAS - Wide Area Application Services v4.9.13 Updated!ICMI - Implementing a Cisco Multicast InfrastructureICSNS - Implementing Cisco Storage Networking Solutions v3.0CWLMS - Implementing CiscoWorks LMS 3.0IUWNE�- Implementing Cisco Unified Wireless Networking Essentials v1.0 New!CUWN - Cisco Unified Wireless Network v4.1CWLAT - Cisco Wireless LAN�Advanced Topics v2.0IIUC - Implementing Cisco IOS Unified Communications New!CVOICE - Cisco Voice Over IP v6.0 New!CVOICE v6.0/QOS Mini Camp Updated!ACCMU�v6.1 - Administering Cisco Unified Communications Manager v6.1 and Cisco Unity v5.0 Updated!ACCMU v4.1 - Administering Cisco CallManager v4.1 and Unity v5.0PRSDI - Cisco UNified Presence Design and Implemention New!CIPTI v6.0 - Implementing Cisco Unified Communications IP�Telephony Part 1 New!CIPT2 v6.0 - Implementing Cisco Unified Communications IP�Telephony Part 2 New!CUCBC v6.1 - Cisco Unified Communications Manager Boot Camp v6.1 Updated!AIUM - Administering and Implementing Unified Messaging New!CIPT1 v4.1 - Cisco IP�Telephony Part 1CIPT2 v4.1 - Cisco IP�Telephony Part 2GWGK - Implementing Cisco Voice Gateways &�GatekeepersTUC - Troubleshooting Cisco Unified Communications SystemsGWGK/TUC Mini�CampQOS - Implementing Cisco Quality of ServiceAQOS - Advanced Cisco Quality of ServiceUCCXD - Cisco Contact Center Express/Unified IP�IVR DeploymentUCCXA - Cisco Unified Contact Center Express AdvancedIICU2 - Implementing Cisco IOS�Unified Communications Part 2 New!IINS - Implementing Cisco IOS Network Security New!SNAF - Securing Networks with ASA�Fundamentals New!SNAA�- Securing Networks with ASA�Advanced New!ASACAMP - ASA�Lab Camp New!SNRS�- Securing Networks with Cisco Routers &�Switches v3.0 New!IPS - Implementing Cisco Intrusion Prevention System v6.0CANAC - Implementing NAC�Appliance (formerly Cisco Clean Access)MARS - Cisco Security Monitoring, Analysis, and Response System v3.0 Updated!SMN�- Implementing Security Manager for Cisco Networks v1.1OMSTPB - Cisco ONS 15454 Multiservice Transport Platform (MSTP)�Basic Training v8.5OMSTPD - Cisco ONS 15454 Multiservice Transport Platform (MSTP)�Implementing Data Over DWDM v8.5OMSTPA�- ONS 15454 Multiservice Transport Platform (MSTP)�Advanced v8.5OCTPO�- ONS SONET 15454 Turn Up, Test, Provisioning, Basic ML, and Operation Training v7.0BCN - Building Core Networks with OSPF, IS-IS, BGP, and MPLS�Boot Camp v6AMPLS - Advanced Implementing and Troubleshooting MPLS�VPN�NetworksImplementing Cisco Advanced Storage Networking Solutions v3.2.3SEDCA - Securing Enterprise Data Center Architectures with Catalyst 6500 FWSM, IDSM-2, Cisco Guard and DetectorCWNSS - Cisco Wireless Networking Site Survey v1.0CWLF - Cisco Wireless LAN�Fundamentals v2.0IPCCE - Cisco IP�Contact Center Enterprise v1.0ICMBC - Intelligent Contact Manager Boot Camp v7.0CUDN - Cisco Unity Design and Networking UCAD - Unified Communications Architecture and DesignCUCMBC v4.1 - Cisco Unified Communications Manager Boot Camp v4.1CMBA - CallManager Basic Administration v6.1DMPS - Design Cisco Unified MeetingPlace Solutions v1.0 New!IMPS� - Implementing Cisco Unified MeetingPlace Solutions v1.0 New!CVPI - Cisco Unified Voice Portal Implementation v7.0 New!VMware Infrastructure 3: Install and Configure v3.5 New!VMware Infrastructure 3: Deploy, Secure, and Analyze v3.5 New!VMware Infrastructure 3:�Fast Track v3.5 New!Global Knowledge-CiscoGlobal Knowledge-Cisco - Global Knowledge-Cisco (Page Cover1)Global Knowledge-Cisco - Contents (Page 2)Global Knowledge-Cisco - CCENT e-Camp (Page 3)Global Knowledge-Cisco - CCNA Certification (Page 4)Global Knowledge-Cisco - CCNA Boot Camp (Page 5)Global Knowledge-Cisco - ICND1/CCENT - Interconnecting Cisco Network Devices 1 (Page 6)Global Knowledge-Cisco - ICND2 - Interconnecting Cisco Network Devices 2 (Page 7)Global Knowledge-Cisco - BSCI - Building Scalable Cisco Internetworks v3.0 (Page 8)Global Knowledge-Cisco - BCMSN - Building Cisco Multilayer Switched Networks (Page 9)Global Knowledge-Cisco - ONT - Optimizing Converged Cisco Networks (Page 10)Global Knowledge-Cisco - ISCW - Implementing Secure Converged Wide Area Networks (Page 11)Global Knowledge-Cisco - TCN - Troubleshooting Cisco Networks (Page 12)Global Knowledge-Cisco - CCDA Boot Camp (Page 13)Global Knowledge-Cisco - MPLS - Implementing Cisco MPLS v2.2 (Page 14)Global Knowledge-Cisco - MPLST - MPLS Traffic Engineering and Other Features (Page 15)Global Knowledge-Cisco - BGP - Configuring BGP on Cisco Routers (Page 16)Global Knowledge-Cisco - CCIE Training Curriculum Preview New! (Page 17)Global Knowledge-Cisco - AXGOC - ACE�XML Gateway Operation &�Configuration New! (Page 18)Global Knowledge-Cisco - WAAS - Wide Area Application Services v4.9.13 Updated! (Page 19)Global Knowledge-Cisco - ICMI - Implementing a Cisco Multicast Infrastructure (Page 20)Global Knowledge-Cisco - ICSNS - Implementing Cisco Storage Networking Solutions v3.0 (Page 21)Global Knowledge-Cisco - CWLMS - Implementing CiscoWorks LMS 3.0 (Page 22)Global Knowledge-Cisco - IUWNE�- Implementing Cisco Unified Wireless Networking Essentials v1.0 New! (Page 23)Global Knowledge-Cisco - CUWN - Cisco Unified Wireless Network v4.1 (Page 24)Global Knowledge-Cisco - CWLAT - Cisco Wireless LAN�Advanced Topics v2.0 (Page 25)Global Knowledge-Cisco - IIUC - Implementing Cisco IOS Unified Communications New! (Page 26)Global Knowledge-Cisco - CVOICE v6.0/QOS Mini Camp Updated! (Page 27)Global Knowledge-Cisco - ACCMU v4.1 - Administering Cisco CallManager v4.1 and Unity v5.0 (Page 28)Global Knowledge-Cisco - PRSDI - Cisco UNified Presence Design and Implemention New! (Page 29)Global Knowledge-Cisco - CIPTI v6.0 - Implementing Cisco Unified Communications IP�Telephony Part 1 New! (Page 30)Global Knowledge-Cisco - CIPT2 v6.0 - Implementing Cisco Unified Communications IP�Telephony Part 2 New! (Page 31)Global Knowledge-Cisco - CUCBC v6.1 - Cisco Unified Communications Manager Boot Camp v6.1 Updated! (Page 32)Global Knowledge-Cisco - AIUM - Administering and Implementing Unified Messaging New! (Page 33)Global Knowledge-Cisco - CIPT1 v4.1 - Cisco IP�Telephony Part 1 (Page 34)Global Knowledge-Cisco - CIPT2 v4.1 - Cisco IP�Telephony Part 2 (Page 35)Global Knowledge-Cisco - GWGK - Implementing Cisco Voice Gateways &�Gatekeepers (Page 36)Global Knowledge-Cisco - GWGK/TUC Mini�Camp (Page 37)Global Knowledge-Cisco - QOS - Implementing Cisco Quality of Service (Page 38)Global Knowledge-Cisco - AQOS - Advanced Cisco Quality of Service (Page 39)Global Knowledge-Cisco - UCCXD - Cisco Contact Center Express/Unified IP�IVR Deployment (Page 40)Global Knowledge-Cisco - UCCXA - Cisco Unified Contact Center Express Advanced (Page 41)Global Knowledge-Cisco - IICU2 - Implementing Cisco IOS�Unified Communications Part 2 New! (Page 42)Global Knowledge-Cisco - IINS - Implementing Cisco IOS Network Security New! (Page 43)Global Knowledge-Cisco - SNAF - Securing Networks with ASA�Fundamentals New! (Page 44)Global Knowledge-Cisco - SNAA�- Securing Networks with ASA�Advanced New! (Page 45)Global Knowledge-Cisco - ASACAMP - ASA�Lab Camp New! (Page 46)Global Knowledge-Cisco - SNRS�- Securing Networks with Cisco Routers &�Switches v3.0 New! (Page 47)Global Knowledge-Cisco - IPS - Implementing Cisco Intrusion Prevention System v6.0 (Page 48)Global Knowledge-Cisco - CANAC - Implementing NAC�Appliance (formerly Cisco Clean Access) (Page 49)Global Knowledge-Cisco - MARS - Cisco Security Monitoring, Analysis, and Response System v3.0 Updated! (Page 50)Global Knowledge-Cisco - SMN�- Implementing Security Manager for Cisco Networks v1.1 (Page 51)Global Knowledge-Cisco - OCTPO�- ONS SONET 15454 Turn Up, Test, Provisioning, Basic ML, and Operation Training v7.0 (Page 52)Global Knowledge-Cisco - CVPI - Cisco Unified Voice Portal Implementation v7.0 New! (Page 53)Global Knowledge-Cisco - VMware Infrastructure 3: Install and Configure v3.5 New! (Page 54)Global Knowledge-Cisco - VMware Infrastructure 3:�Fast Track v3.5 New! (Page 55)Global Knowledge-Cisco - VMware Infrastructure 3:�Fast Track v3.5 New! (Page Cover4)http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.