Home     Business Solutions    eLearning     Room Rentals    Resources     About Us    Careers    Directions    Contact Us     
Search Courses:



Download our
current catalog!









New Horizons Computer Learning Center
410-597-9722

MARS v3.0 - Cisco Security Monitoring, Analysis and Response System

Description

The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Use CS-MARS to monitor security and host application devices.
  • Know CS-MARS architecture and how CS-MARS process events.
  • Know how to use archive and restore features.
  • Use CS-MARS to run / create / customize reports
  • Use CS-MARS to investigate an incident and mitigate the security threats.
  • Use CS-MARS to do customer parser for unknown devices in CS-MARS.
  • Use CS-MARS to create / customize rules that detects dark net through best practices example.
  • Know how to tune signature / log level on device side and CS-MARS side.

Prerequisites

  • Cisco CCSP certified or equivalent knowledge
  • Passage of the Securing Cisco IOS Networks (SECUR) exam (642-501), the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502), or both
  • At least six months of practical experience configuring Cisco routers and security products
  • Familiarity with implementing network security policies and these networking components and concepts:
    • Perimeter security system components: Perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host
    • Servers: Cisco Security Manager; syslog; authentication, authorization, and accounting (AAA); Cisco Secure Access Control Server (Cisco Secure ACS); and FTP
    • Protocols: syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet

Who Should Attend

  • Engineers who support sales of Cisco security product solutions
  • Cisco channel partners who sell, implement, and maintain secure networks
  • Cisco customers who implement and maintain secure networks

 

Course Outline

  • Lesson 1:Introducing Cisco Security Monitoring, Analysis, and Response System

    • Effective Security Monitoring and Management
    • Cisco Self-Defending Network and the Role of Cisco Security MARS
    • Cisco Security MARS
    • Cisco Security MARS Terminology
    • Cisco Security MARS Technologies
    • Cisco Security MARS User Interface
    • Cisco Security MARS Product Portfolio

  • Lesson 2:Understanding the System Architecture

    • Cisco Security MARS Software Components
    • Cisco Security MARS Process Flow Details

  • Lesson 3:Configuring a Cisco Security MARS Appliance

     
    • Initial Cisco Configuration Overview
    • Scenario: Configuration Tasks
    • Deployment Planning Guidelines

  • Lesson 4:Adding Reporting and Mitigation Devices

    • Overview of Reporting and Mitigation Devices
    • Scenario: Adding a Cisco Reporting Device and Enabling NetFlow
    • Data-Enabling Features of Cisco Security MARS
    • Integrating Cisco Security MARS with Third-Party Applications

  • Lesson 5:Viewing the Summary Page

    • Summary Page Overview
    • Dashboard
    • Network Status
    • My Reports
    • Scenario: Getting Information from the Summary Page

  • Lesson 6:Managing Rules

    • Rules Overview
    • Working with System and User Inspection Rules o:p>
    • Working with Drop Rules
    • RRule Groups Overview

  • Lesson 7:Understanding Queries and Reports

    • Query Page o:p>
    • Scenario: Configuring a Query
    • Reports Page
    • SScenario: Configuring a System Report

  • Lesson 8:Investigating and Mitigating Incidents

    • Incidents Overview o:p>
    • Incidents
    • Scenario: Role of Cisco Security MARS in Your Network
    • False Positives
    • Case Management
    • Scenario: Configuring a Case to Track an Incident
    • Configuring Notifications
    • CCase Study: Preventing the W32 Blaster Worm

  • Lesson 9:Working with User-Defined Log Parser Templates

    • Overview of User-Defined Log Parser Templates o:p>
    • SScenario: Configuring a Customer Parser

  • Lesson 10:Integrating with Cisco Security Manager

    • Overview of Cisco Security Manager Policy Table Lookup o:p>
    • SScenario: Invoking Cisco Security Manager Policy Table Lookup from Cisco Security MARS

  • Lesson 11:Managing and Administering the System

    • Management Overview o:p>
    • Overview of System Maintenance Tasks
    • IPS Signature Dynamic Update Settings
    • Upgrading the Cisco Security MARS Appliance Software
    • MMigrating Data from Cisco Security MARS 4.3.x to 5.3.x

  • Lesson 12:Troubleshooting and Optimizing Cisco Security MARS

     
    • Hardware Installation Issues o:p>
    • Device Configuration Issues
    • Global Controller-to-Local Controller Communications
    • Sizing Cisco Security MARS Deployment
    • Tuning Cisco Security MARS
    • SSecuring Cisco Security MARS

  • Lesson 13:Using the Cisco Security MARS Global Controller

    • Cisco Security MARS Global Controller Overview o:p>
    • Configuring the Cisco Security MARS Global Controller
    • Summary Tab
    • Incidents Tab
    • Queries and Reports
    • Rules Tab
    • Management Tab
    • SSystem Maintenance Tab

  • Lesson 14:Course Review: Cisco Security MARS at Work

    • Cisco Security MARS At Work o:p>

Lab Outline

  • Pre-Lab Activity: Accessing the Remote Lab
  • Lab 3: Accessing the Cisco Security MARS Appliance
  • Lab 4-1: Adding Reporting Devices and Enabling NetFlow
  • Lab 4-2: Configuring the Syslog Forwarding Feature
  • Lab 5: Generating Summary Reports
  • Lab 6-1: Configuring Cisco Security MARS Event Types
  • Lab 6-2: Configuring an Inspection Rule
  • Lab 7: Performing a Query and Creating a Custom Report
  • Lab 8: Performing Incident Investigation and Mitigation
  • Lab 9: Configuring the Custom Parser
  • Lab 10: Performing Cisco Security Manager Policy Lookup
  • Lab 11-1: Reviewing the CLI and Upgrading the Device Version
  • Lab 11-2: Configuring IPS Auto Signature Download
  • Lab 11-3: Configuring AAA RADIUS Authentication and Working with the Account Locking and Session Timeout Menu
  • Lab 11-4: Retrieving Raw Messages

 

 

 

 

6940 Tudsbury Road, Baltimore, MD 21244.nhbaltimore.com
Home     Search     Site Map    Privacy Policy    Contact     Maps/Directions

New Horizons Computer Learning Centers
6940 Tudsbury Road, Baltimore, MD 21244   (410) 597-9722
Copyright © 2005 New Horizons Computer Learning Centers of Baltimore. All rights reserved.