Organization of This Book

Organization of This Book

The book is organized into five major parts, an answers appendix, and a CD-ROM. Each part explains an aspect of Cisco IPS and helps you prepare for the exam. The parts are divided into chapters and subjects, described in the following paragraphs.

Part I: Cisco IPS Overview

This section provides a good overview of intrusion prevention systems. If you are unfamiliar with intrusion prevention (or intrusion detection), this section of the book is an excellent place to begin. It introduces the basic concepts you need to understand as you read other sections in the book. If you are familiar with intrusion prevention, you can probably skim this section. The only chapter in this section is Chapter 1, "Cisco Intrusion Prevention System (IPS) Overview."

Part II: Cisco IPS Configuration

This section explains the tasks necessary to configure your Cisco IPS devices. The first step is initializing your sensor. Then you need to configure the basic operational parameters. Finally, you can tune your sensor and the Cisco IPS signatures to match your operating environment. Except for the initialization task, the configuration operations can be performed using either the sensor's command line interface (CLI) or the Cisco IPS Device Manager (IDM). The chapters in this section include the following:

  • Chapter 2, "IPS Command-Line Interface"

  • Chapter 3, "Cisco IPS Device Manager (IDM)"

  • Chapter 4, "Basic Sensor Configuration"

  • Chapter 5, "Basic Cisco IPS Signature Configuration"

  • Chapter 6, "Cisco IPS Signature Engines"

  • Chapter 7, "Advanced Signature Configuration"

  • Chapter 8, "Sensor Tuning"

Part III: Cisco IPS Response Configuration

Correctly configuring the response that your Cisco IPS devices provide during and after detecting intrusive traffic is vital to protecting your network from attack. This section explains the various signature responses that you can use when protecting your network (including the inline options introduced in Cisco IPS 5.0). The only chapter in this section is Chapter 9, "Cisco IPS Response Configuration."

Part IV: Cisco IPS Event Monitoring

Effectively monitoring the alerts generated by your Cisco IPS devices is crucial to protecting your network from attack. The Cisco Security Monitor is the graphical tool you can use to monitor the events being generated by your various Cisco IPS devices. The section explains how to configure Security Monitor. The only chapter in this section is Chapter 10, "Alarm Monitoring and Management."

Part V: Cisco IPS Maintenance and Tuning

Regularly updating your intrusion protection system and troubleshooting problems is vital to maintaining a high level of security on your network. This section contains the following chapters that explain how to update your Cisco IDS software. The chapters also highlight some common troubleshooting, maintenance, and tuning techniques.

  • Chapter 11, "Sensor Maintenance"

  • Chapter 12, "Verifying System Configuration"

  • Chapter 13, "Cisco IDS Module (IDSM)"

  • Chapter 14, "Cisco IDS Network Module for Access Routers"

  • Chapter 15, "Capturing Network Traffic"

Answers Appendix

The "Answers to the "Do I Know This Already?' Quizzes and Q&A Questions" appendix provides the answers to the questions that appear in each chapter. This appendix is available in printable format from the main menu of the CD-ROM.


The CD-ROM contains a database of questions to help you prepare for the actual CCSP IPS exam. You can take a simulated exam or focus on topic areas where you feel you need more practice. There is also an electronic copy of the book on the CD-ROM.