Cisco Security Manager is an enterprise-class management application designed to configure firewall, VPN, and intrusion prevention (IPS) security services on Cisco network and security devices. Cisco Security Manager can be used in networks of all sizes-from small networks to large networks consisting of thousands of devices-by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (MARS). Training on these core management systems is a vital part of any Security Operations Center.
Labs
Lab 1: Remote Lab Familiarity
Get an introduction to the Global Knowledge Remote Lab Environment used for this class in this lab. You will have access to three Microsoft Windows XP PC system desktops, four Windows 2003 Servers, one Windows 2000 Server, one Windows 2000 Workstation, an ASA 5520 firewall, a Catalyst 3560 L3 switch, 1841 IOS router, a Cisco 4200 series IPS, a PIX 515, three 2600/2800 IOS routers and a MARS 20. This lab will demonstrate how to access the various pieces of equipment, what features are available with them, and how they are connected in the topology.
Lab 2: Bootstrapping Network Devices
Learn to bootstrap all your network devices in the lab topology. You will login to each individual network device and configure the required settings to allow Cisco Security Manager to access your network equipment. You will also perform a restore on the Cisco MARS database in order to get the correct configuration that we preconfigured back into the appliance. At the end of this lab, you will test device access.
Lab 3: Device Import
In this lab, you will access the Cisco Security Manager interface for the first time. Create Location groupings for the devices in the lab, and add physical network devices to CSM. Explore various methods of importing these devices into the CSM database, including adding static devices, adding devices from the network, and importing devices from a pre-built configuration file. You will also explore the credential requirements for device import.
Lab 4: Creating Policy Objects
Investigate Policy Objects and their role in CSM. Review an Access List policy on an ASA firewall and add editing the ACL via the CSM interface. At the same time, you will build Policy Objects directly from the ACL workspace window and from the Policy Object Manager. To paint a complete picture, we will explore Interface Roles, reviewing the default CSM Interface Roles and making modifications to these default settings using the override feature.
Lab 5: Managing Policies
This lab is the heart of CSM. You will create new lines in an access list called an ACE (Access Control Entry). You will share this ACL policy among different devices in a common region. You'll then modify the policy on two different devices to see the behavior of policy locking. You will create local policies on certain devices to have different policies than the parent-assigned policy. Finally, you will investigate Policy Inheritance and compare the differences between Assigning polices and Inheriting policies.
Lab 6: Authentication and Locking
Explore the ACS-to-CSM integration, allowing you to control user access to CSM based on their ACS credentials. After confirming authentication, you will walk through the Authorization configuration on the ACS. This role-based assignment allows you to control what devices and policies a user can access. You will investigate the locking feature available for policy control.
Lab 7: Discovering Map View
This lab is all about the maps. Walk through configuring several layers of network maps and examine the "drill-down" capabilities within the CSM. Import images into map view including a VISIO-created map that you will assign as wallpaper. You will layout your imported devices on top of the layered maps to offer the Security Operations Center an accurate logical view of our network. After the devices are laid out accordingly, examine the device discovery features directly from map view.
Lab 8: Exploring VPNs in CSM
Go deep inside the VPN policies and get familiar with the VPN Manager feature within CSM to create site-to-site VPN tunnels. You will walk through modifying IKE Proposals as well as some feature-rich configuration options such as automatic Pre-Shared Key regeneration. You will then view your VPN Map and examine how to share policies to create a Remote Access VPN. After all is configured and deployed, you will test the tunnels for connectivity.
Lab 9: Configuring SSL VPNs in CSM
Building off previous labs, you will add the SSL VPN functionality to your already created group policy. Examine how to modify policies to support the SSL VPN feature and how to apply the policy. In this lab, you will support the Cisco AnyConnect client utilizing version 8.0(4) of code on your ASA. At the end of the lab, you will test the VPN function to see what your users will experience in a production environment.
Lab 10: CSM, IPS, and MARS
There is a newer feature available in CSM and MARS that allows a cross-launch function. This lab will expose the new feature. You will configure a Cisco IPS and its signatures from within CSM. You will investigate signatures, signature actions, and signature event counts in the CSM interface for the IPS. You will walk through the configuration of the Cisco MARS in CSM and configuring CSM in Cisco MARS. Once the devices are bootstrapped for communication, you will create an event on the network that the IPS will report to the MARS appliance. During investigation, you will review the incident in MARS and review the cross-launch feature from MARS to the CSM server.
Lab 11: ACL Policy Investigation
In this follow-up lab to access list policy investigation, you will examine the Analysis Reporting feature in CSM. The report feature will identify any duplicate ACLs in the CSM database and allow you to combine particular rules. The remaining time in the lab will be spent on management access to a remote site firewall and verifying access.
Lab 12: Workflow and Administrative Tasks
This lab focuses on management tasks as you work through workflow mode and non-workflow mode configuration. Configure CiscoWorks Common Services for SMTP. You will create a new activity and have the activity approved by an administrator in CiscoWorks. You'll see the contents of the e-mail as the admin receives it and the response the admin will need to complete in order to approve the job. Towards the end of the lab, you will examine the proper steps to export the devices you added in an earlier lab for backup purposes. Of course, steps are not complete until you perform a backup of the CSM database. You will perform a manual backup and see the status e-mail sent to the admin after the backup has successfully completed.
