SESA 3.1

Kurs Securing Email with Cisco Email Security Appliance (SESA) v3.1 pokazuje, jak wdrożyć i korzystać z Cisco® Email Security Appliance w celu zapewnienia ochrony systemów poczty e-mail przed phishingiem, naruszeniem bezpieczeństwa poczty biznesowej i oprogramowaniem ransomware, a także w celu usprawnienia zarządzania zasadami bezpieczeństwa poczty e-mail. Ten praktyczny kurs zapewnia wiedzę i umiejętności w zakresie wdrażania, rozwiązywania problemów i administrowania Cisco Email Security Appliance, w tym kluczowymi funkcjami, takimi jak zaawansowana ochrona przed złośliwym oprogramowaniem, blokowanie spamu, ochrona antywirusowa, filtrowanie epidemii, szyfrowanie, kwarantanny i zapobieganie utracie danych.

Kurs ten pomaga przygotować się do egzaminu Securing Email with Cisco Email Security Appliance (300-720 SESA), który prowadzi do uzyskania certyfikatów CCNP® Security i Certified Specialist – Email Content Security.

Kurs ten pozwala również uzyskać 24 punkty Continuing Education (CE) w ramach recertyfikacji.

How You’ll Benefit

This class will help you

• Deploy high-availability email protection against the dynamic, rapidly changing threats affecting your organization
• Gain leading-edge career skills focused on enterprise security
• Earn 24 Cisco CE credits toward recertification

 
Who Should Enroll

• Security engineers
• Security administrators
• Security architects
• Operations engineers
• Network engineers
• Network administrators
• Network or security technicians
• Network managers
• System designers
• Cisco integrators and partners

 
What to Expect in the Exam

The 300-720 SESA exam certifies your knowledge of Cisco Email Security Appliance, including administration, spam control and anti-spam, message filters, data loss prevention, Lightweight Directory Access Protocol (LDAP), email authentication and encryption, and system quarantines and delivery methods.

• After you pass 300-720 SESA:You earn the Cisco Certified Specialist – Email Content Security certification.
• You will have satisfied the concentration exam requirement for the new CCNP Security certification. To complete your CCNP Security certification, pass the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) exam or its equivalent.

 
Course Objectives

After taking this course, you should be able to:

• Describe and administer the Cisco Email Security Appliance (ESA)
• Control sender and recipient domains
• Control spam with Talos SenderBase and anti-spam
• Use anti-virus and outbreak filters
• Use mail policies
• Use content filters
• Use message filters to enforce email policies
• Prevent data loss
• Perform LDAP queries
• Authenticate Simple Mail Transfer Protocol (SMTP) sessions
• Authenticate email
• Encrypt email
• Use system quarantines and delivery methods
• Perform centralized management using clusters
• Test and troubleshoot

 
Course Prerequisites

To fully benefit from this course, you should have one or more of the following basic technical competencies:

• Cisco certification (Cisco CCENT^® certification or higher)
• Relevant industry certification, such as (ISC)2, CompTIA Security+, EC-Council, Global Information Assurance Certification (GIAC), and ISACA
• Cisco Networking Academy letter of completion (CCNA^® 1 and CCNA 2)
• Windows expertise: Microsoft [Microsoft Specialist, Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Systems Engineer (MCSE)], CompTIA (A+, Network+, Server+)

The knowledge and skills that a student must have before attending this course are:

• TCP/IP services, including Domain Name System (DNS), Secure Shell (SSH), FTP, Simple Network Management Protocol (SNMP), HTTP, and HTTPS
• Experience with IP routing

Cisco learning offerings that contribute to recommended skills and knowledge:

• Email Security Training resources at https://www.cisco.com/c/en/us/training-events/training-certifications/supplemental-training/email-and-web-security.html

 
Course Outline

• Describing the Cisco Email Security Appliance
  • Cisco Email Security Appliance Overview
  • Technology Use Case
  • Cisco Email Security Appliance Data Sheet
  • SMTP Overview
  • Email Pipeline Overview
  • Installation Scenarios
  • Initial Cisco Email Security Appliance Configuration
  • Centralizing Services on a Cisco Content Security Management Appliance (SMA)
  • Release Notes for AsyncOS 11.x
• Administering the Cisco Email Security Appliance
  • Distributing Administrative Tasks
  • System Administration
  • Managing and Monitoring Using the Command Line Interface (CLI)
  • Other Tasks in the GUI
  • Advanced Network Configuration
  • Using Email Security Monitor
  • Tracking Messages
  • Logging
• Controlling Sender and Recipient Domains
  • Public and Private Listeners
  • Configuring the Gateway to Receive Email
  • Host Access Table Overview
  • Recipient Access Table Overview
  • Configuring Routing and Delivery Features
• Controlling Spam with Talos SenderBase and Anti-Spam
  • SenderBase Overview
  • Anti-Spam
  • Managing Graymail
  • Protecting Against Malicious or Undesirable URLs
  • File Reputation Filtering and File Analysis
  • Bounce Verification
• Using Anti-Virus and Outbreak Filters
  • Anti-Virus Scanning Overview
  • Sophos Anti-Virus Filtering
  • McAfee Anti-Virus Filtering
  • Configuring the Appliance to Scan for Viruses
  • Outbreak Filters
  • How the Outbreak Filters Feature Works
  • Managing Outbreak Filters
• Using Mail Policies
  • Email Security Manager Overview
  • Mail Policies Overview
  • Handling Incoming and Outgoing Messages Differently
  • Matching Users to a Mail Policy
  • Message Splintering
  • Configuring Mail Policies
• Using Content Filters
  • Content Filters Overview
  • Content Filter Conditions
  • Content Filter Actions
  • Filter Messages Based on Content
  • Text Resources Overview
  • Using and Testing the Content Dictionaries Filter Rules
  • Understanding Text Resources
  • Text Resource Management
  • Using Text Resources
• Using Message Filters to Enforce Email Policies
  • Message Filters Overview
  • Components of a Message Filter
  • Message Filter Processing
  • Message Filter Rules
  • Message Filter Actions
  • Attachment Scanning
  • Examples of Attachment Scanning Message Filters
  • Using the CLI to Manage Message Filters
  • Message Filter Examples
  • Configuring Scan Behavior
• Preventing Data Loss
  • Overview of the Data Loss Prevention (DLP) Scanning Process
  • Setting Up Data Loss Prevention
  • Policies for Data Loss Prevention
  • Message Actions
  • Updating the DLP Engine and Content Matching Classifiers
• Using LDAP
  • Overview of LDAP
  • Working with LDAP
  • Using LDAP Queries
  • Authenticating End-Users of the Spam Quarantine
  • Configuring External LDAP Authentication for Users
  • Testing Servers and Queries
  • Using LDAP for Directory Harvest Attack Prevention
  • Spam Quarantine Alias Consolidation Queries
  • Validating Recipients Using an SMTP Server
• SMTP Session Authentication
  • Configuring AsyncOS for SMTP Authentication
  • Authenticating SMTP Sessions Using Client Certificates
  • Checking the Validity of a Client Certificate
  • Authenticating User Using LDAP Directory
  • Authenticating SMTP Connection Over Transport Layer Security (TLS) Using a Client

 
Lab Outline

• Verify and Test Cisco ESA Configuration
• Perform Basic Administration
• Advanced Malware in Attachments (Macro Detection)
• Protect Against Malicious or Undesirable URLs Beneath Shortened URLs
• Protect Against Malicious or Undesirable URLs Inside Attachments
• Intelligently Handle Unscannable Messages
• Leverage AMP Cloud Intelligence Via Pre-Classification Enhancement
• Integrate Cisco ESA with AMP Console
• Prevent Threats with Anti-Virus Protection
• Applying Content and Outbreak Filters
• Configure Attachment Scanning
• Configure Outbound Data Loss Prevention
• Integrate Cisco ESA with LDAP and Enable the LDAP Accept Query
• Domain Keys Identified Mail (DKIM)
• Sender Policy Framework (SPF)
• Forged Email Detection
• Configure the Cisco SMA for Tracking and Reporting