CSIDS (Cisco Secure Intrusion Detection System 3.0)

In this Global Knowledge-enhanced 5-day course, you will gain the skills required to deploy both network-based and host-based intrusion detection. You will be able to prepare for, install, configure, and maintain the right level of intrusion security based on your network's needs.

To register, 916-852-2570

This course can be delivered by the methods below:
Classroom Learning $2795 USD

You Learn...

Design, install, configure, and maintain the CSIDS Network-based and Host-based Intrusion Detection Systems
How to detect, respond to, and report unauthorized activity on networks, workstations, and servers
Use the Cisco Secure IDS Event Viewer to view alarms
Configure the CSIDS to interface with Cisco Access Control Lists
Use the CSIDS Network Security Database (NSDB) to access network security vulnerability information
Develop and implement customized Intrusion Detection Signatures
Configure Cisco IDS Management Center to centrally manage remote sensors
Install and configure the service packs and signature updates for the CSIDS sensor and the CHIDS console and agents
Configure the CHIDS for reporting and notification of alarms

Who Would Benefit

This course is designed for internetwork professionals wanting to ensure security on their network, or those seeking Cisco certification.


Course Outline

1. Network Security and Cisco

Need for Network Security
Network Security Threats
Attack Types and Methods
The Cisco Security Wheel

2. Intrusion Detection Overview

Intrusion Detection Terminology and technology
Host/Network Based IDS Overview
Intrusion Detection evasive techniques

3. Cisco Intrusion Protection Overview

Intrusion Protection
Network/Host Sensor Platforms
IDS communication Overview
Deploying Cisco IDS

4. Sensor Appliance Installation

Sensor Appliance Models and Usage
Sensor initialization
Basic Sensor Commands

5. Cisco IDS Device Manager and Event Viewer

IDS Device Manager Installation
IDS Device Manager Implementation
IDS Event Viewer Installation
IDS Event Viewer Implementation
Network Security Database

6. Sensor Configuration

Sensor Setup
Sensor Host communication
Sensor Logging

7. Cisco IDS Alarms and Signatures

Cisco IDS Alarms and Signature Descriptions
Cisco IDS micro-engines:
Atomic Signature Micro-engine description
Flood Signature Micro-engine description
Service Signature Micro-engine description
State Signature Micro-engine description
String Signature Micro-engine description
Sweep Signature Micro-engine description
Signature Signature Micro-engine selection

8. Sensing Configuration

Global sensing configuration
Signature configuration
Signature filtering
Custom signatures
Signature tuning

9. IP Blocking Configuration

ACL Considerations
IP Blocking Sensor configuration
Manual IP Blocking functions

10. Capturing Network Traffic for IDS

Network Devices and capture methods
Switch SPAN configuration
Catalyst 6500 Switch capture configuration
Advance traffic capturing

11. Intrusion Detection Module Configuration

IDSM Introduction
IDSM ports and traffic
IDSM initialization
Advanced IDSM configuration
IDSM commands
IDSM troubleshooting

12. Cisco Intrusion Detection System Maintenance

Software maintenance
Sensor updates
IDSM updates

13. Cisco IDS Architecture

Cisco IDS software architecture
Cisco IDS communication
Cisco IDS directory architecture
Cisco IDS service files

14. Enterprise IDS Management

IDS Management Center Introduction
IDS Management Center Installation
IDS Management Center Architecture directories and elements
IDS Management Center Setting up sensors and Sensor groups
IDS Management Center Sensor configuration
IDS Management Center Generating, approving, and deploying configuration files
IDS Management Center Server Administration

15. Enterprise IDS Monitoring and Reporting

Security Monitor Configuration
Event viewer

16. Cisco IDS Host Sensor Overview

Identify the components of Host Sensor products
Describe CHIDS Agent's components and capabilities

17. Installing Cisco IDS Host Sensor Software

Design and deploy Host Sensor solutions
Install the Host Sensor console
Identify the Host Sensor requirement

18. Event Monitoring

Monitoring the console and security events
Create the custom views using filters

19. Agent and Policy Management

Define different modes of operation of the CHIDS Agent
Create Agent Policies and define the properties
Create event exceptions
Assign new security levels

20. Notification and Reporting

Describe the host sensor notification methods
Configure notifications
Create custom Host Sensor reports

21. Cisco IDS Host Sensor Maintenance

Manage the console users
Update the CHIDS Sensor software and licenses
Manage the Agent Software versions
Manage the Host Sensor Database

22. Cisco IDS Host Sensor Architecture

Define the components of the Host Sensor
Identify the Host Sensor Console and Agent services
Describe the communication between the agents and the console.

Course Labs

Cisco Network Based IDS Labs

Lab 1: Install and initialize the CSIDS Platform.

Lab 2: Install and configure the CSIDS Device Manager.

Lab 3: Configure CSIDS Event Viewer for viewing alarms.

Lab 4: Configure Cisco Secure Scanner and use the tool to generate attacks against peer pods.

Lab 5: Use Network Sniffing software to analyze at the bit level the communication between the CSIDS and the IEV (Intrusion Event Viewer).

Lab 6: Secure the sensor by enabling Secure Shell access on the sensor.

Lab 7: Learn Alarm Management using CSIDS Event Viewer.

Lab 8: Learn and utilize basic UNIX commands to navigate through the sensor.

Lab 9: Configure the sensor for Alarm logging and notification.

Lab 10: Tune the CDIDS signatures to customize alarm levels and reactions.

Lab 11: Configure CSIDS signature filters to fine tune the sensor.

Lab 12: Configure the sensor to dynamically add an access list to block attacks at the Cisco router.

Lab 13: Upgrade the sensor to a new Service Pack.

Lab 14: Upgrade the sensor to a new Signature Update.

Lab 15: Install and configure the CSIDS Management Center.

Lab 16: Use the CSIDS Management Center to manage multiple sensors.

Cisco Host Based Intrusion Detection System Labs

Lab 17: Install Cisco Host Based IDS Software (CHIDS)

Lab 18: Configure the CHIDS Event Monitoring.

Lab 19: Configure the CHIDS Policies and Agent.

Lab 20: Event Notification and Reporting including SMTP.

Lab 21: Host Sensor Maintenance & Updates.

Lab 22: Use attacks test the CHIDS.


Suggested Prerequisites

A working knowledge of network security, and a solid grasp of TCP/IP, networking, and routed networks is required. Interconnecting Cisco® Network Devices (ICND) builds a strong foundation for this class.

ICND (Interconnecting Cisco Network Devices)


Suggested Follow-ons

Students followed up CSIDS (Cisco Secure Intrusion Detection System 3.0) by attending these popular classes:

CSPFA (Cisco Secure PIX™ Firewall Advanced 3.0)
CSVPN (Cisco Secure Virtual Private Networks)



CCSP® (Cisco® Certified Security Professional)
CCIE® (Cisco® Certified Internetwork Expert) Security
Cisco® IDS Specialist