Preface: Advanced IPS

 Advanced IPS Overview

 Check Point 3D Security

Chapter: 1 IPS Management

 Check Point IPS

o Learning Objectives:

o Check Point IPS Overview

o IPS in SmartDashboard

o IPS Profiles

o Activating Protections

o Protection Browser

o IPS Updates

o Network Exceptions

o Tracking Protections Using Follow Up

o Geo Protection

o Bypass Under Load

o Chapter Review

Lab 1: Deploying IPS

 Configuring the IPS Blade

o Test the Security Policy and Demonstration Tool

 Testing IPS Functionality

 Changing IPS Policy Enforcement

Lab 2: Deploying Geo Protection in IPS

 Modifying Anti‐Spoofing Settings

 Test IPS Geo Protection

Chapter: 2 IPS Monitoring

 Introducing IPS Event Analysis

o Learning Objectives:

o IPS Event Analysis

o IPS Event Analysis Architecture

 Chapter Review

Lab 3: Using Profiles in IPS

 Testing the Default_Protection Profile

o Define a New Profile

o Identifying Attacks with SmartEvent

Chapter: 3 IPS Architecture

 Introducing IPS Architecture

o Learning Objectives:

o Key IPS Architecture Design Elements

o Performance — Accelerated Integrated IPS

COURSE DESCRIPTION

3

o Secure — Multi‐threat Detection Engine

o Passive Streaming Library

o Protocol Parsers .

o Context Management Infrastructure

o Compound Signature Identification

o INSPECTv2

o How the Architecture Runs IPS

 Chapter Review

Lab 4: Manually Updating IPS Protections (Optional)

 Downloading and Installing IPS Protections

o Follow Up with IPS Protection Review

Lab 5: IPS Troubleshooting Features

 Configuring and Testing IPS Troubleshooting Mode

 Configure and Test the IPS Bypass Settings

Chapter: 4 IPS Tuning

 Optimizing IPS

o Learning Objectives:

o Managing Performance Impact

o Tuning Protections

o Enhancing System Performance

o Configure Servers

o Engine Settings

 Chapter Review

Lab 6: Tuning IPS Performance

 Configuring Protection Engine Settings

o Configuring Server Objects

o Identifying Top Events and Protections

o Modifying Protections to Defend Against Common Attacks

o Debugging the Logging Mechanism

Chapter: 5 IPS Debugging

 IPS Debugging

o Learning Objectives:

o IPS Debug Tools

o SmartView Tracker Modes

o Packet Capture

o Kernel Debugging

 IPS Debugging Scenarios

o False Positives

o Performance Issues

o Logging Issues

o Pattern Match Debug

o Packet Dump Buffer

COURSE DESCRIPTION

4

o Debug Flags Overview

 Chapter Review

Lab 7: Advanced IPS Troubleshooting

 Using Debug to Gather IPS Statistics

o Using tcpdump to Identify the Source of an Attack

o Modifying Protection to Prevent Attack Source

o Viewing Gateway Messages

Appendix: Chapter Questions and Answers

 Chapter 1 ‐ IPS Management

 Chapter 2 ‐ IPS Monitoring

 Chapter 3 ‐ IPS Architecture

 Chapter 4 ‐ IPS Tuning

 Chapter 5 ‐ IPS Debugging