Curso McAfee Network Security Platform

  • Hackers | Kali | Pentest | Cyber

Curso McAfee Network Security Platform

32h
Visão Geral

Este curso proporciona um conhecimento profundo sobre a componente essencial da implementação de uma estratégia bem sucedida de prevenção de intrusões.

Através de uma mistura de laboratórios práticos e palestras interativas, aprenderá como implementar e configurar uma solução de Plataforma de Segurança de Rede para proteger contra ataques do mundo real.

Objetivo

Após concluir o Curso McAfee Network Security Platform, será capaz de fazer:

  • Planear a implantação.
  • Instalar e configurar o Gestor.
  • Gerir utilizadores e recursos.
  • Configurar e gerir políticas.
  • Analisar e responder a ameaças.
  • Ajustar as suas políticas de segurança para a máxima eficácia.
Publico Alvo
  • Administradores de Sistema e de Rede
  • Pessoal de Segurança
  • Auditores, e/ou Consultores preocupados com a Segurança de Redes e Sistemas
Pre-Requisitos
  • Recomenda-se que os estudantes tenham um conhecimento prático da administração do Microsoft Windows, conceitos de administração de sistemas, uma compreensão básica dos conceitos de segurança informática, e uma compreensão geral dos serviços da Internet.
Informações Gerais

Carga Horária: 32h

  • Se noturno este curso é ministrado de Segunda-feira à sexta-feira, das 19h às 23h
  • Se aos sábados este curso é ministrado das 9h às 18h
  • Se in-company por favor fazer contato para mais detalhes.

Formato de entrega:

  • 100% on-line ao vivo, via Microsoft Teams na presença de um instrutor/consultor ativo no mercado.
  • Nota: não é curso gravado.

Lab:

  • Laboratório + Exercícios práticos  
Materiais
Português | Inglês
Conteúdo Programatico

Welcome

  1. Course Logistics
  2. McAfee Product Training
  3. ServicePortal
  4. About the Course
  5. McAfee Foundstone Security Education
  6. Security Content Release Notes
  7. Acronyms and Terms
  8. Locating Resources on McAfee Business Website
  9. Helpful Links
  10. Business Community
  11. Product Enhancement Request
  12. Classroom Lab Topology

Introduction to Network Intrusion Preventio

  1. Attack Detection Framework
  2. Solution Components
  3. Types of Intrusion Prevention Systems
  4. Motivation and Contributing Factors for Attacks
  5. Comparing Intrusion Detection and Prevention
  6. Traffic Normalization
  7. Beyond Intrusion Prevention
  8. What are Threats and Attacks?
  9. Ten Steps to Using NSP
  10. Why a Network IPS is Important
  11. Common Attack Types
  12. Security Threats: The Increasing Risks
  13. Network Security Platform Overview

Planning a McAfee Network Security Platform Deployment

  1. NSP Server Ports
  2. NSP 8X Sensor Suppor
  3. Determining Sensor Placement
  4. Determining Database Requirements
  5. Desktop Firewall Requirements
  6. NSM Server Requirements
  7. Deployment Requirements and Recommendations
  8. Using Anti-virus Software with the NSM
  9. Virtual Machine Requirements
  10. NSM Client Requirements
  11. Virtual Server Minimum Requirements
  12. Windows Display and Browser Settings
  13. Sensor Deployments
  14. Determining Number of Sensors
  15. Single and Central NSM Deployment
  16. Wireshark
  17. Choosing a Deployment Option

Getting Started

  1. Central Manager Overview
  2. Setting up Basic Features
  3. Defining Trust with Central Manager Proxy Server
  4. Fault Notification Overview
  5. Configuring Common Settings for Fault
  6. Access Events Notification Overview
  7. Syslog Notification Overview
  8. Security Monitors
  9. Enabling GTI Integration
  10. Operational Monitors
  11. E-mail Server and Notification Overview
  12. GTI Integration Requirements
  13. Viewing Summary of IPS Events
  14. User Activity Overview
  15. Configuring E-mail Server and Notification
  16. Simple Network Management Protocol (SNMP) Overview
  17. Navigating Manager Interface
  18. Logging into Manager Interface
  19. Configuring User Activity: SNMP
  20. Configuring SNMP Notification
  21. Configuring MDR Pair
  22. Configuring Script Notification
  23. Global Threat Intelligence Overview
  24. Configuring Fault Notification
  25. Verifying Access to Manager Interface
  26. Configuring User Activity: Syslog
  27. Configuring Syslog Notification
  28. Configuring Proxy Server
  29. Manager Installation Wizard
  30. IPS Event Notification Overview
  31. Manager Disaster Recovery (MDR) Overview
  32. Managing Dashboard Monitors

User Management

  1. Role Assignment Overview
  2. LDAP External Authentication
  3. Minimum Account Configuration
  4. Creating a Custom Role
  5. Configuring RADIUS External Authentication
  6. Managing GUI Access
  7. Verifying User Credentials
  8. Editing the Default Root Admin User
  9. Viewing User Activity
  10. Managing My Account
  11. Summary of Authentication Configuration
  12. Specifying Audit Settings
  13. Assigning LDAP Authentication
  14. Configuring LDAP (Up to 4 Servers)
  15. Assigning Domains and Roles
  16. Adding, Editing, and Deleting Users
  17. Configuring Session Controls
  18. User Management Overview
  19. Configuring Banner Text and Image
  20. Viewing Roles and Privileges
  21. RADIUS External Authentication
  22. Assigning RADIUS Authentication

Administrative Domains

  1. Admin Domain’s Hierarchical Structure
  2. Adding Users to a Child Domain
  3. Administrative Domains Overview
  4. Adding a Child Admin Domain
  5. Managing Admin Domains
  6. How Admin Domains Work
  7. Editing the Root Admin Domain

Network Security Sensor Overview

  1. Inspect
  2. Operating Modes
  3. Acceleration and Operation
  4. NS-Series Sensor Portfolio
  5. Multi-Port Monitoring
  6. Primary Function of Sensor
  7. Respond
  8. Virtualization (Sub-Interfaces)
  9. M-Series Sensor Portfolio
  10. Classify
  11. Secure Socket Layer (SSL) Decryption
  12. Capture
  13. Fail-close and Fail-Open (In-line Only)
  14. Virtual IPS-series Sensor Portfolio
  15. Large Networks: Perimeter, Core, Internal Placement
  16. Interface Groups (Port Clustering)

Network Security Sensor Overview

  1. Reviewing Device Summary
  2. Devices Page: Global Tab
  3. CLI Logging
  4. Activity Reports and Logs Review
  5. IPS Event Logging
  6. Installing Physical Sensors
  7. Deploying Pending Changes
  8. Special Configurations
  9. Alerting Options
  10. Managing Sensors
  11. Devices Page: Device Tab
  12. ATD Integration Overview
  13. Installing Sensors in Manager
  14. Remote Access: TACACS+
  15. Customizing Logon Banner
  16. Network Time Protocol (NTP)
  17. Port Types
  18. Downloading Signature Sets
  19. Installing Virtual Sensor
  20. Deploying Device Software
  21. Viewing/Editing Physical Ports
  22. DXL Integration Overview
  23. Remote Access: NMS Users and Devices
  24. Establishing Trust

Virtualization

  1. Configuring CDIR Virtual Interface
  2. CDIR Sub-Interface Configuration
  3. CIDR Block Options
  4. Virtualization (Sub-interfaces) Overview
  5. Configuring VLAN Virtual Interface
  6. Valid interface Types
  7. Determining Direction
  8. Double-VLAN Tagging
  9. VLAN and CIDR Logical Configuration
  10. Configuring Bridge VLAN Virtual Interface
  11. Bridge VLAN
  12. Before and After
  13. VLAN Sub-Interface Configuration
  14. Policy Application

Policies Configuraion

  1. Adding IPS Policy for Interface
  2. Defining Properties
  3. Viewing Attack Definitions
  4. Types IPS Policies
  5. Managing Policy Versions
  6. Managing Legacy Reconnaissance Policies
  7. Policy Management Overview
  8. Adding IPS Policy for Admin Domain
  9. Using Policy Manager
  10. Deleting IPS Policy for Admin Domain
  11. What are Policies?
  12. Policy Assignment
  13. Policy Terms and Concepts
  14. Policy Import and Export
  15. How Policies are Applied
  16. Interfaces Tab
  17. Attack Definitions
  18. Deploying Changes
  19. Editing IPS Policy for Interface
  20. Copying or Editing IPS Policy for Admin Domain
  21. Assigning Policies
  22. Deleting Policy
  23. Using IPS Policies Page
  24. Reconnaissance Attack Settings Merge Utility

 Policy Customization

  1. Traffic Processing and Analysis
  2. Attack Definitions Tab
  3. How Attacks Definitions Work
  4. Attacks Detail Pane: Description
  5. Managing Policy Groups
  6. Attack Definitions Tab: Quick Search, Sort, Columns, Groups, Filters, and Detail
  7. Benign Trigger Probability (BTP)
  8. Attack Protection Categories
  9. Attack Categories and Severity
  10. Attacks Detail Pane: Settings Tab
  11. Attack Definitions Tab: Customizing Your View

Threat Explorer

  1. Top Malware
  2. Analyzing Source and Destination IP Addresses
  3. Top Attackers
  4. Analyzing Threats
  5. Top Applications
  6. Customizing Threat Analyzer View
  7. Top Targets
  8. Top Attacks
  9. Top Attack Executables

Advanced Malware Protection

  1. Gateway Anti-Malware Engine
  2. Using Advanced Malware Policies Page
  3. Confidence Level
  4. Advanced Malware Policies Configuration Overview
  5. PDF and Flash Analysis Engines
  6. Top Malware Detections Monitor
  7. ATD Engine
  8. TIE/GTI File Reputation Engine
  9. McAfee Cloud Engine
  10. Malware Engine Analysis Sequence
  11. Archiving Malware Files
  12. File Types
  13. Malware Analysis Overview
  14. Blacklist/Whitelist Engine
  15. Analyzing Malware
  16. Malware Detections Page
  17. Malware Engines
  18. Advanced Malware Detection Overview
  19. Malware Policy Parameters
  20. Action Thresholds

Advanced Botnet Detection

  1. Examples of Implemented Heuristics
  2. Zero-day and Targeted Botnet Detection
  3. Inspection Options Policies Configuration Overview
  4. Assigning Policies to Sensor Resources
  5. How Inspection Option Policies Work
  6. Inspection Options Policies
  7. Active Botnets Page: Organization
  8. Analyzing Botnets
  9. Heuristics
  10. Advanced Botnet Detection Overview
  11. Example: Blacklist Domain Detection
  12. Properties Tab
  13. Legacy Malware Detection Options
  14. Configuring Advanced Botnet Detection
  15. Top Active Botnets Monitor
  16. DNS Response Packet Inspection
  17. Whitelisted and Blacklisted Domains Detection
  18. Advanced Botnet Detection Options
  19. Inspection Options Tab
  20. Configuring Traffic Inspection
  21. C&C Server/Callback Detection
  22. Known Botnet Detection

Denial of Service Configuration

  1. Configuring Protocol Settings
  2. Configuring Rate Limiting Rules
  3. Rate Limiting (QoS Policies)
  4. Connection Limiting Policies
  5. Protocol Settings
  6. DoS Learning Mode
  7. Anti-Spoofing
  8. DoS Threshold Mode
  9. Configuring Thresholds for Volumebased Attacks
  10. Managing DoS Learning Profiles
  11. DoS Learning Attacks
  12. Types of DoS Attacks
  13. Adding Connection Limiting Policy
  14. Adding QoS Policy
  15. Evolution of DoS Attacks
  16. Customizing DoS Learning Attack
  17. QoS and Rate Limiting Configuration Overvie
  18. DNS Protection Command
  19. Volume-based Attacks
  20. Stateful TCP Engine

Endpoint Reputation

  1. IP Reputation Configuration Overview
  2. Global Threat Intelligence Review
  3. Endpoint Reputation Analysis Options

Web Server Protection

  1. How Web Server Heuristic Analysis Works
  2. Private SSL certificates
  3. Prerequisite: Required Attacks
  4. DoS Protection for Web Servers
  5. Heuristic Web Application Server Inspection Configuration Overview
  6. Configuring Web Server – DoS Prevention
  7. Web Server – DoS Prevention Configuration Overview
  8. Layer 7 DoS Protection for Web Servers
  9. Prerequisite: SSL Decryption
  10. Web Server Protection Overview
  11. Configuring Web Server Heuristic Analysis

Firewall Policy Configuration

  1. Firewall Access Logging
  2. Firewall Policy Definitions Configuration Report
  3. Firewall Access Events
  4. Rule Objects Overview
  5. Stateless Access Rules
  6. User-based Access Rules
  7. Policy Export and Policy Import
  8. Using Firewall Policies Page
  9. Application Identification
  10. Adding Rule Object
  11. Managing Firewall Policies
  12. Firewall Policy Overview

Threat Analyzer

  1. Threat Analyzer Overview
  2. Alerts Page
  3. Viewing Alert Detail
  4. Preferences Page
  5. Adding a Dashboard
  6. Viewing Details for Pie Slice
  7. Viewing Details for Pie Slice
  8. Endpoints Page
  9. Launching Threat Analyzer
  10. Adding a Monitor
  11. Viewing Consolidated Attacks
  12. Example Ignore Rule
  13. NTBA Dashboard
  14. Customizing the Dashboard Tabs
  15. Forensics Page
  16. Dashboard Page
  17. Right-click Options
  18. Adding Dashboards and Monitors
  19. Viewing Attacks Over Time
  20. Applications and GTI View Dashboard
  21. IPS Dashboard
  22. NSP Health Dashboard

Policy Tuning

  1. Sorting by Attack Name
  2. Steps for Reducing False Positives
  3. Adding Low Severity Attacks to Process
  4. High-Level Bottom-up Approach
  5. Identifying False Positives
  6. Prior to Tuning
  7. Preventing False Positives
  8. Preventing Future False Positives
  9. False Positives and Noise
  10. Two Phases of Policy Tuning
  11. Disabling Attacks and Alerts
  12. Start with High-Volume Attacks
  13. What is Tuning?
  14. Why Implement Tuning?
  15. Excessive Alerts
  16. Analyzing Event
  17. Looking for Patterns

Report Generation

  1. Next Generation Reports Overview
  2. Role Assignment
  3. Reporting Preferences
  4. Configuration Reports Overview
  5. Traditional Reports Overview
  6. Running a Traditional Report
  7. Running Configuration Report
  8. Reports Overview
  9. Adding User Defined Report
  10. Configuring Report Automation
  11. Running Default Next Generation Report
  12. Adding, Duplicating, Editing Next Generation Report
  13. Viewing Automatically-Generated Reports

Operational Status

  1. Alert Relevance
  2. Running Tasks
  3. Messages from McAfee Monitor
  4. Manager Summary
  5. Device Summary Monitor
  6. System Log
  7. Viewing Faults from Manage Page
  8. Viewing Device Faults from Dashboard
  9. Exporting System Log
  10. Running Tasks Monitor
  11. Operational Monitors Overview
  12. Viewing Manager Faults from Dashboard
  13. System Health Monitor
  14. Managing Faults
  15. Viewing Alert Relevance
  16. Viewing User Activity Log
  17. Viewing System Log

Database Maintenance

  1. Deleting Backup Files
  2. Database Tuning Overview
  3. Export Archives
  4. Automating Database Backup
  5. Tuning Now
  6. Calculating Maximum Alert Quantity
  7. Automating Tuning
  8. Configuring File and Database Pruning
  9. Viewing Scheduler Detail
  10. Enabling and Defining Alert Pruning
  11. Exporting Backup Files
  12. Archiving Data Now
  13. Automating Archiving Data
  14. Restoring Archive
TENHO INTERESSE

Ficha do Curso

  • Investimento
    R$ consulte-nos
  • Formato de Entrega
    Presencial & Online Ao Vivo
  • Nível
    Foundation

Calendário

ÍNICIO
TÉRMINO
PERÍODO

Receba todas informações

Cursos Relacionados

Curso Cybersecurity Foundations

32 horas

Ver Curso

Curso CISSP - Certified Information Systems Security

40 horas

Ver Curso

Curso Cissp Workshop - Gerenciamento de Indenidade e Acesso Operações

Ver Curso

Curso Fundamentos de Sistemas de Informação de Segurança

32 horas

Ver Curso

Curso CHFI - Computer Hacking Forensics Investigator

40 horas

Ver Curso

Curso Cisco Cybersecurity segurança de redes com detecção de ameaças

32 Horas

Ver Curso

Curso ISO / IEC 20000 Introdução

16 horas

Ver Curso

Curso ISO IEC 27002 Fundamentos

16 horas

Ver Curso