Associated Certifications: |
Enterasys Systems Engineer-Dragon (ESSE-D) |
Duration: |
4 Days |
Training Method: |
ILT: Instructor Led Training |
| Enterasys Facility (NA, UK): |
1 Enterasys Service Unit (PS-ESU-1) |
| On-site Deliveries: |
Please contact your local Enterasys representative for special pricing |
Course Overview: |
Within this course, students will learn methods to properly plan, deploy, configure, secure, and manage their Dragon Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) infrastructure. These techniques are reinforced by understanding the numerous security, forensics and reporting capabilities within the Enterasys Dragon product family. Within the Dragon Intrusion Defense course, students will gain hands on experience by performing real world tasks in a robust lab environment including installation, configuration, deployment and optimization of Dragon IDS and IPS, creating custom detection signatures, as well as integration of Dragon into a Dynamic Intrusion Response (DIR) solution |
| Who Should Attend: |
Security Managers, Network / Security Architects, Security Integrators |
Course Prerequisites: |
Students should possess an understanding of network fundamentals, traffic classifications, and general network management concepts, as well as network security concepts and technologies. |
| Course Objectives: |
Upon completion of this course, students will have gained the knowledge to best utilize all the existing capabilities within the Enterasys Dragon product family to both effectively and efficiently secure their enterprise network. |
Course Agenda: |
Area of focus within the class involves:
- Dragon Architecture – Introduction and overview of the Dragon Enterprise Management Server (EMS), Management Client, Configuration Channel, Agent Types, Network Sensors (NIDS), Host Sensors (HIDS), Event Flow Processor (EFP), hierarchical event flow architecture, Virtual Sensors, Web Intrusion Prevention Systems (IPS), NIDS IPS, Deployment models, Server and client configuration files
- Enterprise Management System and Client Installation – Discussions regarding methods and guidelines regarding installation of the EMS and Client.
- Device Configuration and Development – Deciphering the Management window including, Device, Network Policy and Alarm Tool configurations, adding devices utilizing the Configuration Channel, Event Channel and Cache Manager, as well as concepts on device deployment are discussed.
- Network Sensors and Agents – Introduction to the configuration and deployment process of agents and sensors including agent deployment, deployment status, agent directory structure, validation of the agent processes, addition of network sensors and monitoring devices.
- Virtual Sensors – Overview of Virtual Sensors and the steps regarding configuration for network traffic segregation.
- Host Sensors – Installation and deployment of Host Sensors including, adding a host sensor, associating host policies, deployment of host sensors and Windows host sensor installation techniques.
- Policies and Signatures – Introduction to the concepts of network policies, signatures and host policies. Network master policies, Network custom policies, Network master signature libraries, Network custom libraries; Host master policies and Host custom policies are also discussed.
- Analysis and Reporting Tools – Discussions focusing on the inherent analysis and reporting capability of the Dragon architecture including the real time console, filter management, forensics console, trending and overall reporting mechanisms.
- Alarm Tool – Overview of the Alarm Tool Agent including default policies, creation of custom policies, event groups, filters, time periods, thresholds, and notification and alarm rules.
- Dynamic Intrusion Response – Introduction and overview of the Dynamic Intrusion Response (DIR) solution with focus on interaction of the Dragon integration with Enterasys NetSightTM Automated Security Manager (ASM).
|
Recommended Next Courses: |
Dragon Security Command Console, Policy Enabled Networking |
Certification Training: |
Enterasys Dragon Intrusion Defense is recommended for the Enterasys Security Systems Engineer-Dragon (ESSE-D) examination. All courses listed are offered by Enterasys and our Enterasys Certified Instructor (ECI) partner network |
| Course Schedule: |
Classroom Training Schedule |
For Managers:
|
Dragon Intrusion Defense is a course for users that have a basic understanding of IDS and IPS technologies and now require a more detailed understanding of the Enterasys IDS/IPS solution in order to effectively perform their respective functions. Ideal candidates for the course are Security Administrators or Systems Integration Specialists who are tasked with the responsibility of installing, configuring and operating their Dragon IDS and or IPS environments. Upon completion of this course, your employees will have gained the ability to provide insight through real world lab exercises regarding the implementation, operation and management of a Dragon Security infrastructure. Upon completion of the Dragon Intrusion Defense course, students will have achieved 50% of the working knowledge to become Enterasys Security Systems Engineer-Dragon (ESSE-D) certified.
|
|
|