Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Evaluate the ways IPS sensors are used to mitigate network attacks
   • Evaluate system requirements of the network according to industry standards for inline operations
   • Compare inline to promiscuous mode sensor operations and evaluate how IPS protects network devices from attacks
   • Evaluate the evasive techniques used by hackers and determine ways IPS can defeat those techniques in the network
   • Evaluate the considerations necessary for selection, placement, and deployment of a network IPS, including using features of IPS signature
2. Select and install IPS sensors and configure essential system parameters
   • Install and initialise the sensor for configuration of sensor interfaces, interface pairs, virtual local area network (VLAN) pairs and VLAN groups
   • Configure management access to the sensor appliance and create user accounts to comply with different user roles
   • Set up sensor communications with external management and monitoring systems
   • Manage and monitor sensor operation using built-in tools
   • Upgrade and maintain IPS sensor parameters and licensing requirements to maintain network integrity
   • Plan the mitigation of specific network vulnerabilities and exploits
3. Tune IPS sensor advanced system parameters to optimise attack mitigation performance
   • Tune sensor signatures to provide optimal protection of the network
   • Create custom signatures and a meta signature to meet mitigation performance configurations for given test scenarios while disabling alert production for the component signatures
   • Configure gateway for passive operating system (OS) fingerprinting
   • Configure the external product interface to receive and process information from external security and management products to automatically enhance the sensor configuration information
   • Configure a virtual sensor and anomaly detection
   • Monitor the IPS advanced features for optimal performance
4. Manage security and response of the IPS to network attacks
   • Monitor IPS events using network tools to determine appropriate response to network attacks
   • Use network management tools to assess and manage IPS effectiveness against security intrusion

Performance Evidence

Evidence of the ability to:

evaluate intrusion prevention system (IPS) requirements and configure IPS sensors

tune up IPS sensors to optimise attack mitigation

use network tools and network management tools to monitor and manage security sensor events

upgrade and maintain IPS sensors.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

---

Knowledge Evidence

To complete the unit requirements safely and effectively, the individual must:

explain configuration, verification and troubleshooting procedures to undertake a switch and router operation and routing protocol

outline deployment schemes

summarise setting up and securing firewalls

summarise internetwork operating system (IOS) and internet protocol (IP) networking models

explain IP addressing and detailed understanding of the transmission control protocol (TCP) or IP stack

outline IPS and intrusion detection system (IDS) strategies

explain IPS sensor technologies and licensing requirements

outline local area network or wide area network (LAN/WAN) implementations and design

summarise network topologies, architectures and elements

outline networking standards and protocols

explain signatures and meta signatures

explain threat mitigation strategies

explain virtual local area network (VLAN) concepts and functionality

outline virtual private network (VPN) technologies

identify and describe legislation, regulations, standards and codes of practice relevant to network security.

---