Download PDF
of this course

SESA - Securing Email with Cisco Email Security Appliance Part 1 and 2 V2.1 (SESA)

  • Overview
  • Who Should Attend
  • Certifications
  • Prerequisites
  • Objectives
  • Content
  • Schedule
Course Overview

Course Duration: 3 days

In this hands-on course, you will learn to install, configure, operate, and maintain the C-Series. You will receive in-depth instruction on the most commonly used product features with an emphasis on administration best practices for configuration and operation including clustering, management of email through Cisco Email Security Appliances, configuration of access control policies to eliminate threats at the perimeter, as well as the creation and application of Data Loss Prevention (DLP) polices. You will see how Advanced Malware Protection (AMP) integrates with Email Security Appliance and you will learn how to configure Cisco Email Security Appliances to detect and handle unwanted spam and viruses. You will cover message tracking and reporting to document email traffic trends on the C-Series. You will also learn the fundamental concepts of tracking, reporting, and quarantining on the M-Series. This is formally an IronPort email and web security gateway and management products, currently referred to as Cisco Email Security and Cisco Web Security.

Who Should Attend

  • Enterprise messaging managers and system administrators

  • Email system designers and architects

  • Network managers responsible for messaging implementation

Course Certifications

This course is part of the following Certifications:

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • Basic computer literacy, including the use of general office software such as Microsoft Office

  • Basic Microsoft Windows navigation and keyboard proficiency skills

  • Basic Internet usage skills, including use of a browser and search tools

  • Basic email usage skills

  • Moderate knowledge of TCP/IP fundamentals

  • Experience with Internet-based messaging, including SMTP, Internet message formats, and MIME message formats

Course Objectives

  • Integrate with a directory server via LDAP

  • Use message filters to redirect and modify messages

  • How web reputation filters are used to control SPAM

  • Integration AMP with Email Security Appliance

  • Safely deploy and debug message filters

  • Configure TLS and Guaranteed Secure Delivery

  • Authenticate email with SPF, SIDF and DMARC

  • How to manage high volume of emails

  • Configure ESA cluster for central administration

Course Content

Module 1: Reviewing the Cisco Email Security Appliance

Objective: Articulate the Cisco Email Security Appliance product, including management series, SMTP conversation, terms and definitions, pipeline, and licensing

  • Lesson 1: Reviewing the Cisco Security Management Appliance

  • Objective: Review the Cisco Security Management Appliance

    • This lesson includes these topics:

      • The Cisco Security Management Appliance

      • Features and Benefits of the Cisco Security Management Appliance

      • Centralized Reporting

      • Advanced Message Tracking

      • Cisco Security Management Appliance Benefits

      • Model Specifications

      • Cisco Security Management Appliance Deployment

  • Lesson 2: Defining an SMTP Conversation

  • Objective: Define how an SMTP conversation takes place

    • This lesson includes these topics:

      • SMTP Conversation Overview

      • Example: SMTP Conversation

  • Lesson 3: Identifying Terms and Definitions

  • Objective: Identify key terms and definitions

    • This lesson includes these topics:

      • Terms and Definitions

  • Lesson 4: Examining the Pipeline

  • Objective: Examine the email pipeline and how incoming and outgoing email is processed

    • This lesson includes these topics:

      • Processing Incoming Mail

      • Process Outgoing Mail

      • The Email Pipeline

      • Cisco Email Pipeline

  • Lesson 5: Describing Cisco Email Security Appliance Models and Licensing

  • Objective: Describe Cisco Email Security Appliance packaging and licensing options

    • This lesson includes these topics:

      • Model Specifications for Large Enterprises

      • Model Specifications for Midsize Enterprises and Small-to-Midsize Enterprises or Branch Offices

      • Cisco Email Security Appliance Model Specifications for Virtual Appliances

      • Packages and Licenses

  • Lesson 6: Installing and Verifying the Cisco Email Security Appliance

  • Objective: Describe the Email Security Appliance installation process

    • This lesson includes these topics:

      • AsyncOS Architecture

      • Describing the Listener

      • One-Armed Deployment with Private Address

      • Multiple Listeners

      • Initial Cisco Email Security Appliance Configuration

      • NIC Pairing

      • Describing VLANs

      • Cisco Email Security Appliance Management

        • Hardware Challenge Lab 1: Access the Cisco Remote Lab

    • This activity includes these tasks:

      • Connect to the Remote Lab

      • Hardware Challenge Lab 2: Install Your Cisco Email Security Appliance

    • This activity includes these tasks:

      • Install Your Cisco Email Security Appliance

Module 2: Administering the Cisco Email Security Appliance

Objective: Administer the Cisco Email Security Appliance

  • Lesson 1: Configuring Localized Message Tracking and Reporting

  • Objective: Configure and use localized message tracking and reporting

    • This lesson includes these topics:

      • Localized Message Tracking and Reporting

      • Local Message Tracking

      • Using Local Message Tracking

      • Search for Email with Message Tracking

      • Message Tracking

      • Localized Reporting

      • Scheduling CSV or PDF Reports via Email

      • Change Locale for Web GUI

      • Choose Language for Generated Report

  • Lesson 2: Configuring Centralized Tracking and Reporting

  • Objective: Configure and use centralized email tracking and reporting

    • This lesson includes these topics:

      • Addressing the Need for Multiple Cisco Email Security Appliances

      • Centralizing Reporting and Tracking Data

      • Place the Cisco Security Management Appliance in Your Network

      • Access Centralized Reporting Data

      • DLP Incident Summary

      • Report Details on Large Enterprises: Domain-Based Overview Report

      • Domain-Based Executive Summary

      • Reporting Traffic in a Global Enterprise: Reporting by Appliance Groups

      • Report by Appliance Groups

      • Message Tracking with Cisco Security Management Appliance

  • Lesson 3: Tracking and Reporting Messages

  • Objective: Configure the Cisco Content Security Management Appliance to track and report messages

    • This lesson includes these topics:

      • Configuring the Cisco Security Management Appliance for Email Applications

  • Lesson 4: Administering the Cisco Email Security Appliance

  • Objective: Administer the Cisco Email Security Appliance

    • This lesson includes these topics:

      • System Administration Overview

      • Upgrading the System

      • Configuring Upgrade Settings

      • Suspend and Resume Listeners

      • Suspending and Resuming Listeners Using the GUI

      • Display System Status over the Web

      • Monitor System Status with SNMP

      • Monitor System Status with the Web User Interface

  • Lesson 5: Managing Log Files

  • Objective: Manage log files

    • This lesson includes these topics:

      • Access Logs

      • Review Commit Comments in the System Log

      • Sample Error Logs

  • Lesson 6: Creating and Using Administrator Accounts

  • Objective: Create and use administrator accounts

    • This lesson includes these topics:

      • Predefined Administrative Users

      • Administrator Password Controls

      • Local User Account and Password Settings Page

      • Account Locking

      • The Basics of Custom User Roles

      • User Role Creation

      • Assigning a User to a Role

      • Hardware Challenge Lab 3: Perform Administration

    • This activity includes these tasks:

      • Set Up Administration for the Cisco Email Security Appliance

Module 3: Controlling Sender and Recipient Domains

Objective: Explain the differences between the HAT and the RAT.

  • Lesson 1: Configuring Public and Private Listeners

  • Objective: Configure public and private listeners

    • This lesson includes these topics:

      • Public and Private Listeners

  • Lesson 2: Describing the HAT

  • Objective: Describe the HAT

    • This lesson includes these topics:

      • Classifying Senders in the HAT

      • Controlling the SMTP Connection (Two Listeners)

      • Controlling the SMTP Connection (One Listener)

      • Define Mail Flow Policies for Each Listener

      • Sample Mail Flow Policies

      • Edit the HAT

      • Edit the HAT on the Public Listener

      • Edit the HAT on the Private Listener

  • Lesson 3: Describing the RAT

  • Objective: Describe RAT

    • This lesson includes these topics:

      • Adding New Domains in the RAT

      • Adding Internal Domains to the RAT

      • SMTP Routes Overview

      • Configuring SMTP Routes

      • Configure Prioritized SMTP Routes

      • Configuring IP Routes

  • Lesson 4: Describing Email Authentication Methods

  • Objective: Describe email authentication methods

    • This lesson includes these topics:

      • DomainKeys and DKIM

      • Email Authentication with DomainKeys and DKIM

      • Configuring DomainKeys and DKIM

      • Enabling DKIM for Mail Flow Policies

      • SPF and SIDF Verification

      • Enabling SPF and SDIF for Mail Flow Policies

      • SPF and SDIF Results in Message and Content Filters

  • Lesson 5: Defining Domain-Based Message Authentication

  • Objective: Define domain-based message authentication

    • This lesson includes these topics:

      • What Is DMARC?

      • DMARC Verification

      • DMARC Resource Records

      • DMARC Verification Profiles

      • Configuring DMARC Verification Profiles

      • Applying DMARC Profiles to Mail Flows

      • Configuring DMARC Global Settings

      • DMARC Reporting Options

      • DMARC Reporting

  • Lesson 6: Troubleshooting with Mail Logs

  • Objective: Use troubleshooting tools to monitor mail that is sent through the Cisco Email Security Appliance

    • This lesson includes these topics:

      • Using Debugging Tools

      • Troubleshoot with Log Files

      • Using Mail Logs

      • Tracking Mail Messages with the tail mail_logs Command

      • Use the findevent Command

      • Use the grep Command

        • Hardware Challenge Lab 4: Test Your Listener Settings

    • This activity includes these tasks:

      • Test Your Listener Settings

      • Hardware Challenge Lab 5: Prevent Domain Spoofing with DMARC

    • This activity includes these tasks:

      • Prevent Domain Spoofing with DMARC

Module 4: Controlling Spam with Cisco SensorBase and Antispam

Objective: Discuss SensorBase and the antispam engine, make adjustments to the HAT, and the anti-spam policies, manage the spam quarantine both locally or using the management series

  • Lesson 1: Describing SensorBase

  • Objective: Describe the SensorBase network

    • This lesson includes these topics:

      • Antispam Overview

      • SensorBase Network

      • Interpret SensorBase Scores

      • Reputation Score Ranges per Sender Group (Default)

      • Assigning SBRS Ranges per Sender Group

  • Lesson 2: Configuring Antispam

  • Objective: Configure and use antispam settings

    • This lesson includes these topics:

      • Controlling Antispam Behavior in the Pipeline

      • Spam Analysis by CASE

      • Best Practices for Managing Spam

      • Configure Mail Policy Spam Settings

      • Marketing Message Detection: The Problem

      • Detecting and Reporting Marketing Messages

      • Detecting and Reporting Spam

      • Microsoft Outlook

      • Lotus Notes

      • Outlook Express 6

      • Entourage (Apple Mac)

      • Apple Mail.app

      • Mozilla Thunderbird

      • Netscape Messenger

      • Windows Live Mail

      • Antispam Best Practices

  • Lesson 3: Quarantining Spam on the Cisco Email Security Appliance

  • Objective: Quarantine spam on the Cisco Email Security Appliance

    • This lesson includes these topics:

      • Configure Spam Quarantine

      • Accessing Quarantined Spam on the Cisco Email Security Appliance

      • Configuring End-User Authentication

      • Configuring Spam Notification Messages

  • Lesson 4: Describing Safelist and Blocklist

  • Objective: Describe and use safelist and blocklist

    • This lesson includes these topics:

      • Overview of Safelists and Blocklists

      • Configuring Safelists and Blocklists

      • End-User List Management

      • Safelist and Blocklist Deployment Details

      • Use Headers to Track and Test Spam

  • Lesson 5: Quarantining Spam on the Cisco Security Management Appliance

  • Objective: Quarantine spam on the Cisco Content Security Management Appliance

    • This lesson includes these topics:

      • External Spam Quarantine

      • Configure the Spam Quarantine on the Cisco Security Management Appliance

      • Accessing the Spam Quarantine

      • Configuring the Cisco Security Management Appliance External Spam Quarantine

  • Lesson 6: Configuring Bounce Verification

  • Objective: Configure bounce verification

    • This lesson includes these topics:

      • Bounce Verification

      • Configuring Bounce Verification Address Tagging

  • Lesson 7: Describing Web Reputation Filters

  • Objective: Describe the function of web reputation filters

    • This lesson includes these topics:

      • Web Reputation Applications

      • Web Reputation in the Mail Flow

      • Antispam Configuration

      • Web Reputation Content Filter Conditions

      • Web Reputation Content Filter Actions

      • Web Reputation Message Filters

  • Lesson 8: Defining Outbreak Filters

  • Objective: Define outbreak filters

    • This lesson includes these topics:

      • Outbreak Filters

      • Configure Outbreak Filters

      • Outbreak Filters Applied to Mail Policies

      • Outbreak Filter Features

      • Customize Outbreak Filters

      • Monitor Outbreak Filters

      • Monitor Outbreak Quarantines

        • Hardware Challenge Lab 6: Defend Against Spam with SensorBase and Antispam

    • This activity includes these tasks:

      • Defend Against Spam

Module 5: Using Antivirus, Virus Outbreak Filters, and Advanced Malware Protection

Objective: Enable one or both antivirus engines, use one or both antivirus engines in mail policies, and identify best practices for managing antivirus

  • Lesson 1: Enabling Antivirus Engines

  • Objective: Enable one or both antivirus engines, use one or both antivirus engines in mail policies, and identify best practices for managing antivirus

    • This lesson includes these topics:

      • Antivirus Overview

      • Configuring Global Antivirus Settings (Enabling Sophos or McAfee)

      • Dual Antivirus Scanning

      • Recommended Antivirus Practices

      • Configuring Antivirus Behavior on a Mail Policy

      • Configuring the Antivirus Settings Page

      • Track Virus Activity in the Mail Logs

      • Check Logs for Virus Updates

      • Control Antivirus Behavior in the Pipeline

      • Virus Type Reports

  • Lesson 2: Using Outbreak Filters

  • Objective: Use outbreak filters to preemptively drop traffic and provide zero-hour protection

    • This lesson includes these topics:

      • Outbreak Filters Overview

      • Outbreak Rules vs. Adaptive Rules

      • Taking Action with Outbreak Filters

      • Working with Outbreak Filter Updates

      • Listing and Updating Outbreak Filter Rules

      • Configuring Outbreak Filters for a Mail Policy

      • Managing an Outbreak Quarantine

      • Creating Outbreak Reports

  • Lesson 3: Using Advanced Malware Protection

  • Objective: Configure Cisco SourceFire Advanced Malware Protection integration using file reputation and analysis services

    • This lesson includes these topics:

      • Cisco SourceFire Advanced Malware Protection

      • Advanced Malware Protection Enhances Cisco Email Security

      • Cisco Zero-Hour Malware Protection

      • File Reputation and Analysis

      • File Processing Overview

      • Enabling Advanced Malware Protection

      • File Reputation and Analysis Settings

      • Advanced Malware Protection Mail Policy

      • File Analysis and Reputation Results as Conditions

      • Monitor Advanced Malware Protection

        • Hardware Challenge Lab 7: Defend Against Viruses

    • This activity includes these tasks:

      • Defend Against Viruses

        • Hardware Challenge Lab 8: Prevent Advanced Persistent Threats with Advanced Malware Protection

    • This activity includes these tasks:

      • Prevent Advanced Persistent Threats with Advanced Malware Protection

Module 6: Using Mail Policies

Objective: Separate enterprise groups with different filtering requirements

  • Lesson 1: Describing Email Security Manager

  • Objective: Describe the application of Cisco Email Security Manager

    • This lesson includes these topics:

      • Email Security Manager Overview

      • Email Security Manager

      • Mail Policies Overview

      • Separate Incoming and Outgoing Mail Policies

      • Match on Different Users with Mail Policies

  • Lesson 2: Creating User-Based Mail Policies

  • Objective: Create user-based mail policies

    • This lesson includes these topics:

      • Define User-Based Policies

      • Mail Policies Determine What Happens to Mail Messages

      • Use Email Security Manager to Maintain Mail Policies

      • Matching Users to a Policy

      • Build Mail Policies by Changing Defaults

  • Lesson 3: Using Message Splintering

  • Objective: Use message tracking to monitor message splintering

    • This lesson includes these topics:

      • Message Splintering Concepts

      • Track Splintered Messages<

Course ID: SESA

3 Days Course
SGD 4200.00
 
Singapore
3 Days Course
USD 1,500.00
or 15 CLC
India (USD)

Show Schedule for 1 Month  3 Months  All 
Date Country Location Register
17 Apr 2017 - 19 Apr 2017 Singapore Singapore
17 Apr 2017 - 19 Apr 2017 Singapore Singapore
05 Jun 2017 - 07 Jun 2017 Singapore Singapore
06 Mar 2017 - 08 Mar 2017 India (USD) Bangalore/Chennai
03 Apr 2017 - 05 Apr 2017 India (USD) Bangalore/Chennai
15 May 2017 - 17 May 2017 India (USD) Bangalore/Chennai
05 Jun 2017 - 07 Jun 2017 India (USD) Bangalore/Chennai