Elements and Performance Criteria
- Evaluate the ways IPS sensors are used to mitigate network attacks
- Evaluate system requirements of the network according to industry standards for inline operations
- Compare inline to promiscuous mode sensor operations and evaluate how IPS protects network devices from attacks
- Evaluate the evasive techniques used by hackers and determine ways IPS can defeat those techniques in the network
- Evaluate the considerations necessary for selection, placement, and deployment of a network IPS, including using features of IPS signature
- Select and install IPS sensors and configure essential system parameters
- Install and initialise the sensor for configuration of sensor interfaces, interface pairs, virtual local area network (VLAN) pairs and VLAN groups
- Configure management access to the sensor appliance and create user accounts to comply with different user roles
- Set up sensor communications with external management and monitoring systems
- Manage and monitor sensor operation using built-in tools
- Upgrade and maintain IPS sensor parameters and licensing requirements to maintain network integrity
- Plan the mitigation of specific network vulnerabilities and exploits
- Tune IPS sensor advanced system parameters to optimise attack mitigation performance
- Tune sensor signatures to provide optimal protection of the network
- Create custom signatures and a meta signature to meet mitigation performance configurations for given test scenarios while disabling alert production for the component signatures
- Configure gateway for passive operating system (OS) fingerprinting
- Configure the external product interface to receive and process information from external security and management products to automatically enhance the sensor configuration information
- Configure a virtual sensor and anomaly detection
- Monitor the IPS advanced features for optimal performance
- Manage security and response of the IPS to network attacks