IBM Security

IS671G: IBM Security Network Protection

Administration and Configuration


             Recommended Duration: 3 Days
Skill Level: Intermediate
Cost: $3,800 (b/GST)

IBM Security Network Prevention is a next-generation intrusion prevention system. This course provides the processes, procedures, and practice necessary to configure the Network Protection (XGS) appliance to protect your network. Students learn through hands-on labs how to configure the appliance, configure management and protection policies, and block a variety of common attacks.


Audience


This course is designed for network and security professionals who evaluate, implement, manage, or monitor the IBM Security Network Protection appliance.

Minimum Pax To Run:

  • 2 Students

Prerequisites


Student must have:

  • Basic knowledge of information security concepts
  • Familiarity with networking concepts, such as switching, routing, and firewalls, and tools, such as network sniffers and FTP clients
  • Solid knowledge of the TCP/IP protocol and IPv4 networking
  • Use the IBM Security SiteProtector™ console to manage agents. Students should attend IS604G: IBM Security SiteProtector System: Basic Implementation and Administration or an equivalent course before attending this class.

Course Agenda


Describe the characteristics and architecture of the IBM Security Network Protection appliance
Connect the appliance to your network
Configure initial settings on the appliance and register it with SiteProtector
Use network objects and network access rules to configure the Network Access Policy
Use IPS objects to configure the Intrusion Prevention Policy
Describe different alert types and configure SNMP alerts generated by response objects and system alerts
Use objects and policies to tune your security policy
Capture network packets
Configure local, remote, and passive user authentication
Inspect outbound and inbound SSL traffic
Use the SNORT syntax to incorporate rules in the appliance
Use advanced threat protection and quarantine rules to block events
Integrate the appliance with IBM Security QRadar SIEM
Monitor events on the appliance


Course Overview


Day 1

  • Unit 1: Introduction to IBM Security Network Protection
  • Unit 2: Setting up the appliance
  • Unit 3: Managing the appliance
  • Unit 4: Configuring the Network Access Policy
  • Unit 5: Configuring the Intrusion Prevention Policy

Day 2

  • Unit 6: Using alerts and events
  • Unit 7: Tuning Network Access Policy rules and Intrusion Prevention behavior
  • Unit 8: Capturing network traffic
  • Unit 9: Controlling user access
  • Unit 10: Inspecting SSL-encrypted traffic

Day 3

  • Unit 11: Implementing S.N.O.R.T rules
  • Unit 12: Configuring advanced threat protection
  • Unit 13: Integrating with QRadar SIEM
  • Unit 14: Monitoring event data