McAfee Network Security Platform (NSP) Administration Course Overview

Enroll for our 4-day McAfee Network Security Platform (NSP) Administration course from Koenig Solutions. This course provides an in-depth knowledge on essential component of implementing a successful intrusion prevention strategy.

Through a blend of hands-on labs and interactive lectures, you will learn how to deploy and configure a Network Security Platform solution to protect against real-world attacks.

Target Audience:

  • System and Network Administrators
  • Security Personnel
  • Auditors, and/or Consultants concerned with Network and System Security

Learning Objectives:

After completing this course, you will be able to:

  • Planning the deployment.
  • Installing and configuring the Manager.
  • Managing users and resources.
  • Configuring and managing policies.
  • Analyzing and responding to threats.
  • Tuning your security policies for maximum effectiveness.


This is a Rare Course and it can be take up to 3 weeks to arrange the training.

The 1-on-1 Advantage


Flexible Dates

  • • Choose Start Date
  • • Reschedule After Booking
  • • Weekend / Evening Option

4-Hour Sessions

You will learn:

Module 1: Welcome
  • Course Logistics
  • McAfee Product Training
  • ServicePortal
  • About the Course
  • McAfee Foundstone Security Education
  • Security Content Release Notes
  • Acronyms and Terms
  • Locating Resources on McAfee Business Website
  • Helpful Links
  • Business Community
  • Product Enhancement Request
  • Classroom Lab Topology
  • Attack Detection Framework
  • Solution Components
  • Types of Intrusion Prevention Systems
  • Motivation and Contributing Factors for Attacks
  • Comparing Intrusion Detection and Prevention
  • Traffic Normalization
  • Beyond Intrusion Prevention
  • What are Threats and Attacks?
  • Ten Steps to Using NSP
  • Why a Network IPS is Important
  • Common Attack Types
  • Security Threats: The Increasing Risks
  • Network Security Platform Overview
  • NSP Server Ports
  • NSP 8X Sensor Suppor
  • Determining Sensor Placement
  • Determining Database Requirements
  • Desktop Firewall Requirements
  • NSM Server Requirements
  • Deployment Requirements and Recommendations
  • Using Anti-virus Software with the NSM
  • Virtual Machine Requirements
  • NSM Client Requirements
  • Virtual Server Minimum Requirements
  • Windows Display and Browser Settings
  • Sensor Deployments
  • Determining Number of Sensors
  • Single and Central NSM Deployment
  • Wireshark
  • Choosing a Deployment Option
  • Central Manager Overview
  • Setting up Basic Features
  • Defining Trust with Central Manager Proxy Server
  • Fault Notification Overview
  • Configuring Common Settings for Fault
  • Access Events Notification Overview
  • Syslog Notification Overview
  • Security Monitors
  • Enabling GTI Integration
  • Operational Monitors
  • E-mail Server and Notification Overview
  • GTI Integration Requirements
  • Viewing Summary of IPS Events
  • User Activity Overview
  • Configuring E-mail Server and Notification
  • Simple Network Management Protocol (SNMP) Overview
  • Navigating Manager Interface
  • Logging into Manager Interface
  • Configuring User Activity: SNMP
  • Configuring SNMP Notification
  • Configuring MDR Pair
  • Configuring Script Notification
  • Global Threat Intelligence Overview
  • Configuring Fault Notification
  • Verifying Access to Manager Interface
  • Configuring User Activity: Syslog
  • Configuring Syslog Notification
  • Configuring Proxy Server
  • Manager Installation Wizard
  • IPS Event Notification Overview
  • Manager Disaster Recovery (MDR) Overview
  • Managing Dashboard Monitors
  • Role Assignment Overview
  • LDAP External Authentication
  • Minimum Account Configuration
  • Creating a Custom Role
  • Configuring RADIUS External Authentication
  • Managing GUI Access
  • Verifying User Credentials
  • Editing the Default Root Admin User
  • Viewing User Activity
  • Managing My Account
  • Summary of Authentication Configuration
  • Specifying Audit Settings
  • Assigning LDAP Authentication
  • Configuring LDAP (Up to 4 Servers)
  • Assigning Domains and Roles
  • Adding, Editing, and Deleting Users
  • Configuring Session Controls
  • User Management Overview
  • Configuring Banner Text and Image
  • Viewing Roles and Privileges
  • RADIUS External Authentication
  • Assigning RADIUS Authentication
  • Admin Domain’s Hierarchical Structure
  • Adding Users to a Child Domain
  • Administrative Domains Overview
  • Adding a Child Admin Domain
  • Managing Admin Domains
  • How Admin Domains Work
  • Editing the Root Admin Domain
  • Inspect
  • Operating Modes
  • Acceleration and Operation
  • NS-Series Sensor Portfolio
  • Multi-Port Monitoring
  • Primary Function of Sensor
  • Respond
  • Virtualization (Sub-Interfaces)
  • M-Series Sensor Portfolio
  • Classify
  • Secure Socket Layer (SSL) Decryption
  • Capture
  • Fail-close and Fail-Open (In-line Only)
  • Virtual IPS-series Sensor Portfolio
  • Large Networks: Perimeter, Core, Internal Placement
  • Interface Groups (Port Clustering)
  • Reviewing Device Summary
  • Devices Page: Global Tab
  • CLI Logging
  • Activity Reports and Logs Review
  • IPS Event Logging
  • Installing Physical Sensors
  • Deploying Pending Changes
  • Special Configurations
  • Alerting Options
  • Managing Sensors
  • Devices Page: Device Tab
  • ATD Integration Overview
  • Installing Sensors in Manager
  • Remote Access: TACACS+
  • Customizing Logon Banner
  • Network Time Protocol (NTP)
  • Port Types
  • Downloading Signature Sets
  • Installing Virtual Sensor
  • Deploying Device Software
  • Viewing/Editing Physical Ports
  • DXL Integration Overview
  • Remote Access: NMS Users and Devices
  • Establishing Trust
  • Configuring CDIR Virtual Interface
  • CDIR Sub-Interface Configuration
  • CIDR Block Options
  • Virtualization (Sub-interfaces) Overview
  • Configuring VLAN Virtual Interface
  • Valid interface Types
  • Determining Direction
  • Double-VLAN Tagging
  • VLAN and CIDR Logical Configuration
  • Configuring Bridge VLAN Virtual Interface
  • Bridge VLAN
  • Before and After
  • VLAN Sub-Interface Configuration
  • Policy Application
  • Adding IPS Policy for Interface
  • Defining Properties
  • Viewing Attack Definitions
  • Types IPS Policies
  • Managing Policy Versions
  • Managing Legacy Reconnaissance Policies
  • Policy Management Overview
  • Adding IPS Policy for Admin Domain
  • Using Policy Manager
  • Deleting IPS Policy for Admin Domain
  • What are Policies?
  • Policy Assignment
  • Policy Terms and Concepts
  • Policy Import and Export
  • How Policies are Applied
  • Interfaces Tab
  • Attack Definitions
  • Deploying Changes
  • Editing IPS Policy for Interface
  • Copying or Editing IPS Policy for Admin Domain
  • Assigning Policies
  • Deleting Policy
  • Using IPS Policies Page
  • Reconnaissance Attack Settings Merge Utility
  • Traffic Processing and Analysis
  • Attack Definitions Tab
  • How Attacks Definitions Work
  • Attacks Detail Pane: Description
  • Managing Policy Groups
  • Attack Definitions Tab: Quick Search, Sort, Columns, Groups, Filters, and Detail
  • Benign Trigger Probability (BTP)
  • Attack Protection Categories
  • Attack Categories and Severity
  • Attacks Detail Pane: Settings Tab
  • Attack Definitions Tab: Customizing Your View
  • Top Malware
  • Analyzing Source and Destination IP Addresses
  • Top Attackers
  • Analyzing Threats
  • Top Applications
  • Customizing Threat Analyzer View
  • Top Targets
  • Top Attacks
  • Top Attack Executables
  • Gateway Anti-Malware Engine
  • Using Advanced Malware Policies Page
  • Confidence Level
  • Advanced Malware Policies Configuration Overview
  • PDF and Flash Analysis Engines
  • Top Malware Detections Monitor
  • ATD Engine
  • TIE/GTI File Reputation Engine
  • McAfee Cloud Engine
  • Malware Engine Analysis Sequence
  • Archiving Malware Files
  • File Types
  • Malware Analysis Overview
  • Blacklist/Whitelist Engine
  • Analyzing Malware
  • Malware Detections Page
  • Malware Engines
  • Advanced Malware Detection Overview
  • Malware Policy Parameters
  • Action Thresholds
  • Examples of Implemented Heuristics
  • Zero-day and Targeted Botnet Detection
  • Inspection Options Policies Configuration Overview
  • Assigning Policies to Sensor Resources
  • How Inspection Option Policies Work
  • Inspection Options Policies
  • Active Botnets Page: Organization
  • Analyzing Botnets
  • Heuristics
  • Advanced Botnet Detection Overview
  • Example: Blacklist Domain Detection
  • Properties Tab
  • Legacy Malware Detection Options
  • Configuring Advanced Botnet Detection
  • Top Active Botnets Monitor
  • DNS Response Packet Inspection
  • Whitelisted and Blacklisted Domains Detection
  • Advanced Botnet Detection Options
  • Inspection Options Tab
  • Configuring Traffic Inspection
  • C&C Server/Callback Detection
  • Known Botnet Detection
  • Configuring Protocol Settings
  • Configuring Rate Limiting Rules
  • Rate Limiting (QoS Policies)
  • Connection Limiting Policies
  • Protocol Settings
  • DoS Learning Mode
  • Anti-Spoofing
  • DoS Threshold Mode
  • Configuring Thresholds for Volumebased Attacks
  • Managing DoS Learning Profiles
  • DoS Learning Attacks
  • Types of DoS Attacks
  • Adding Connection Limiting Policy
  • Adding QoS Policy
  • Evolution of DoS Attacks
  • Customizing DoS Learning Attack
  • QoS and Rate Limiting Configuration Overvie
  • DNS Protection Command
  • Volume-based Attacks
  • Stateful TCP Engine
  • IP Reputation Configuration Overview
  • Global Threat Intelligence Review
  • Endpoint Reputation Analysis Options
  • How Web Server Heuristic Analysis Works
  • Private SSL certificates
  • Prerequisite: Required Attacks
  • DoS Protection for Web Servers
  • Heuristic Web Application Server Inspection Configuration Overview
  • Configuring Web Server – DoS Prevention
  • Web Server – DoS Prevention Configuration Overview
  • Layer 7 DoS Protection for Web Servers
  • Prerequisite: SSL Decryption
  • Web Server Protection Overview
  • Configuring Web Server Heuristic Analysis
  • Firewall Access Logging
  • Firewall Policy Definitions Configuration Report
  • Firewall Access Events
  • Rule Objects Overview
  • Stateless Access Rules
  • User-based Access Rules
  • Policy Export and Policy Import
  • Using Firewall Policies Page
  • Application Identification
  • Adding Rule Object
  • Managing Firewall Policies
  • Firewall Policy Overview
  • Threat Analyzer Overview
  • Alerts Page
  • Viewing Alert Detail
  • Preferences Page
  • Adding a Dashboard
  • Viewing Details for Pie Slice
  • Viewing Details for Pie Slice
  • Endpoints Page
  • Launching Threat Analyzer
  • Adding a Monitor
  • Viewing Consolidated Attacks
  • Example Ignore Rule
  • NTBA Dashboard
  • Customizing the Dashboard Tabs
  • Forensics Page
  • Dashboard Page
  • Right-click Options
  • Adding Dashboards and Monitors
  • Viewing Attacks Over Time
  • Applications and GTI View Dashboard
  • IPS Dashboard
  • NSP Health Dashboard
  • Sorting by Attack Name
  • Steps for Reducing False Positives
  • Adding Low Severity Attacks to Process
  • High-Level Bottom-up Approach
  • Identifying False Positives
  • Prior to Tuning
  • Preventing False Positives
  • Preventing Future False Positives
  • False Positives and Noise
  • Two Phases of Policy Tuning
  • Disabling Attacks and Alerts
  • Start with High-Volume Attacks
  • What is Tuning?
  • Why Implement Tuning?
  • Excessive Alerts
  • Analyzing Event
  • Looking for Patterns
  • Next Generation Reports Overview
  • Role Assignment
  • Reporting Preferences
  • Configuration Reports Overview
  • Traditional Reports Overview
  • Running a Traditional Report
  • Running Configuration Report
  • Reports Overview
  • Adding User Defined Report
  • Configuring Report Automation
  • Running Default Next Generation Report
  • Adding, Duplicating, Editing Next Generation Report
  • Viewing Automatically-Generated Reports
  • Alert Relevance
  • Running Tasks
  • Messages from McAfee Monitor
  • Manager Summary
  • Device Summary Monitor
  • System Log
  • Viewing Faults from Manage Page
  • Viewing Device Faults from Dashboard
  • Exporting System Log
  • Running Tasks Monitor
  • Operational Monitors Overview
  • Viewing Manager Faults from Dashboard
  • System Health Monitor
  • Managing Faults
  • Viewing Alert Relevance
  • Viewing User Activity Log
  • Viewing System Log
  • Deleting Backup Files
  • Database Tuning Overview
  • Export Archives
  • Automating Database Backup
  • Tuning Now
  • Calculating Maximum Alert Quantity
  • Automating Tuning
  • Configuring File and Database Pruning
  • Viewing Scheduler Detail
  • Enabling and Defining Alert Pruning
  • Exporting Backup Files
  • Archiving Data Now
  • Automating Archiving Data
  • Restoring Archive
Live Online Training (Duration : 32 Hours) Fee On Request
We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.

4 Hours
8 Hours
Week Days

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Group Training
Date On Request
Course Prerequisites

It is recommended that students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services.


Request More Information

Add Name and Email Address of participant (If different from you)


In both, you choose the schedule. In public, other participants can join, Private other participants want to join.
Yes, course requiring practical include hands-on labs.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment method on payment options page.
Yes, you can pay from the course page and flexi page.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
After you submit your payment, you will land on the payment confirmation screen.It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however,it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes.You can access courseware for most vendors.
Buy-Now. Pay-Later option is available using credit card in USA and India only.
You will receive the digital certificate post training completion via learning enhancement tool after registration.
Yes you can.
Yes, we do. For details go to flexi
You can pay through debit/credit card or bank wire transfer.
Dubai, Goa, Delhi, Bangalore.
Yes you can request your customer experience manager for the same.
Yes, fee excludes local taxes.
Yes, we do.
The Fee includes:
  • Courseware
Schedule for Group Training is decided by Koenig. Schedule for 1-on-1 is decided by you.
In 1-on-1 you can select your own schedule, other students can be merged but you select the schedule. Choose 1-on-1 if published schedule do not meet your requirement. If you also want a private session, opt for 1-on-1 Public.
No, it is not included.

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages



Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.