Home > Store

Cisco Firepower Threat Defense (FTD): Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP)

eBook

  • Your Price: $53.59
  • List Price: $66.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Also available in other formats.

Register your product to gain access to bonus material or receive a coupon.

Description

  • Copyright 2018
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 800
  • Edition: 1st
  • eBook
  • ISBN-10: 0-13-467951-2
  • ISBN-13: 978-0-13-467951-8

The authoritative visual guide to Cisco Firepower Threat Defense (FTD)


This is the definitive guide to best practices and advanced troubleshooting techniques for the Cisco flagship Firepower Threat Defense (FTD) system running on Cisco ASA platforms, Cisco Firepower security appliances, Firepower eXtensible Operating System (FXOS), and VMware virtual appliances.


Senior Cisco engineer Nazmul Rajib draws on unsurpassed experience supporting and training Cisco Firepower engineers worldwide, and presenting detailed knowledge of Cisco Firepower deployment, tuning, and troubleshooting. Writing for cybersecurity consultants, service providers, channel partners, and enterprise or government security professionals, he shows how to deploy the Cisco Firepower next-generation security technologies to protect your network from potential cyber threats, and how to use Firepower’s robust command-line tools to investigate a wide variety of technical issues.


Each consistently organized chapter contains definitions of keywords, operational flowcharts, architectural diagrams, best practices, configuration steps (with detailed screenshots), verification tools, troubleshooting techniques, and FAQs drawn directly from issues raised by Cisco customers at the Global Technical Assistance Center (TAC). Covering key Firepower materials on the CCNA Security, CCNP Security, and CCIE Security exams, this guide also includes end-of-chapter quizzes to help candidates prepare.


·        Understand the operational architecture of the Cisco Firepower NGFW, NGIPS, and AMP technologies

·         Deploy FTD on ASA platform and Firepower appliance running FXOS

·         Configure and troubleshoot Firepower Management Center (FMC)

·         Plan and deploy FMC and FTD on VMware virtual appliance

·         Design and implement the Firepower management network on FMC and FTD

·         Understand and apply Firepower licenses, and register FTD with FMC

·         Deploy FTD in Routed, Transparent, Inline, Inline Tap, and Passive Modes

·         Manage traffic flow with detect-only, block, trust, and bypass operations

·         Implement rate limiting and analyze quality of service (QoS)

·         Blacklist suspicious IP addresses via Security Intelligence

·         Block DNS queries to the malicious domains

·         Filter URLs based on category, risk, and reputation

·         Discover a network and implement application visibility and control (AVC)

·         Control file transfers and block malicious files using advanced malware protection (AMP)

·         Halt cyber attacks using Snort-based intrusion rule

·         Masquerade an internal host’s original IP address using Network Address Translation (NAT)

·         Capture traffic and obtain troubleshooting files for advanced analysis

·         Use command-line tools to identify status, trace packet flows, analyze logs, and debug messages

Sample Content

Table of Contents

Introduction xxv

Part I Troubleshooting and Administration of Hardware Platform

Chapter 1 Introduction to the Cisco Firepower Technology 1

History of Sourcefire 1

    Evolution of Firepower 2

    FirePOWER Versus Firepower 3

Firepower Threat Defense (FTD) 6

    FirePOWER Service Versus Firepower Threat Defense (FTD) 6

    Firepower System Software Components 7

    Firepower System Hardware Platforms 9

    Firepower Accessories 10

Summary 11

Chapter 2 FTD on ASA 5500-X Series Hardware 13

ASA Reimaging Essentials 13

Best Practices for FTD Installation on ASA Hardware 14

Installing and Configuring FTD 16

    Fulfilling Prerequisites 16

    Upgrading Firmware 18

    Installing the Boot Image 26

    Installing the System Software 32

Verification and Troubleshooting Tools 44

    Navigating to the FTD CLI 44

    Determining the Version of Installed Software 46

    Determining the Free Disk Space on ASA Hardware 47

    Deleting a File from a Storage Device 48

    Determining the Availability of Any Storage Device or SSD 48

    Determining the Version of the ROMMON Software or Firmware 50

Summary 52

Quiz 52

Chapter 3 FTD on the Firepower eXtensible Operating System (FXOS) 55

Firepower 9300 and 4100 Series Essentials 55

    Architecture 57

    Software Images 58

        Firepower Extensible Operating System (FXOS) 59

        FTD Software 60

        Firmware 60

    Web User Interfaces 61

Best Practices for FTD Installation on Firepower Hardware 62

Installing and Configuring FTD 64

    Fulfilling Prerequisites 64

        Deleting Any Existing Logical Devices 64

        Upgrading the FXOS Software 65

        Enabling Interfaces 67

    Installing FTD 71

        Uploading the FTD Software Image 72

        Adding a Logical Device for FTD 73

        Completing the Initialization of FTD 77

Verification and Troubleshooting Tools 79

    Navigating to the FTD CLI 79

    Verifying the FXOS Software 81

    Verifying the Status of a Security Application 82

    Verifying the Security Modules, Adapters, and Switch Fabric 84

    Verifying the Hardware Chassis 87

    Verifying the Power Supply Unit (PSU) Modules 90

    Verifying the Fan Modules 92

Summary 94

Quiz 94

Chapter 4 Firepower Management Center (FMC) Hardware 97

FMC Component Essentials 97

    On-Box Managers 98

    Off-Box Managers 99

    Cisco Integrated Management Controller (CIMC) 101

    Internal USB Storage for the System_Restore Image 104

    User Interfaces 104

Best Practices for FMC Reimage 105

    Pre-installation Best Practices 105

    Post-installation Best Practices 108

Installing and Configuring the FMC 109

    Fulfilling Prerequisites 109

    Configuration Steps 110

        Step 1: Load the System_Restore Image 111

        Step 2: Configure the Network Settings 114

        Step 3: Choose a Transport Protocol 114

        Step 4: Download and Mount an ISO File 116

        Step 5: Run the Installation 117

        Step 6: Initialize the System 120

Verification and Troubleshooting Tools 122

    Identifying the FMC on a Rack 122

    Determining the Hardware and Software Details of the FMC 124

    Determining the RAID Battery Status 124

    Determining the Status of a Power Supply Unit (PSU) 125

        Checking Logs on the CLI 125

        Enabling Alerts on the GUI 127

        Performing a Complete Power Cycle 129

        PSU Checklist 129

    Verifying the Fans 129

Summary 132

Quiz 132

Chapter 5 Firepower System Virtual on VMware 135

FMC and FTD Virtual Essentials 135

    Supported Virtual Environments 135

    ESXi Versus VI 136

    VMware Installation Package in a Tarball 136

    Disk Provisioning Options 137

Best Practices for Firepower Virtual Appliance Deployment 138

    Pre-deployment Best Practices 138

    Post-deployment Best Practices 140

Installing and Configuring a Firepower Virtual Appliance 141

    Fulfilling Prerequisites 142

    Creating a Virtual Network 144

        Creating a Network for FMC Virtual 145

        Creating a Network for FTD Virtual 148

        Using Promiscuous Mode 152

    Deploying an OVF Template 154

    Initializing an Appliance 160

        Initializing an FMC Virtual Appliance 161

        Initializing an FTD Virtual Appliance 162

Verification and Troubleshooting Tools 163

    Determining the Status of Allocated Resources 164

    Determining the Status of a Network Adapter 165

    Upgrading a Network Adapter 166

Summary 170

Quiz 170

Part II Troubleshooting and Administration of Initial Deployment

Chapter 6 The Firepower Management Network 173

Firepower System Management Network Essentials 173

    The FTD Management Interface 173

    Designing a Firepower Management Network 176

Best Practices for Management Interface Configuration 180

    Configuring a Management Network on FMC Hardware 180

    Configuration Options 180

        Using the GUI During the First Login 180

        Using the GUI On Demand 182

        Using the Command-Line Interface 183

    Verification and Troubleshooting Tools 184

Configuring a Management Network on ASA Hardware 186

    Configuration 186

    Verification and Troubleshooting Tools 187

Configuring a Management Network on a Firepower Security Appliance 190

    Configuring the FXOS Management Interface 190

    Verification of the FXOS Management Interface Configuration 191

    Configuring the FTD Management Interface 192

    Verification of the FTD Management Interface Configuration 194

Summary 197

Quiz 197

Chapter 7 Firepower Licensing and Registration 199

Licensing Essentials 199

    The Smart Licensing Architecture 199

        Cisco Smart Software Manager (CSSM) 200

        CSSM Satellite 201

    Firepower Licenses 202

Best Practices for Licensing and Registration 203

Licensing a Firepower System 203

    Licensing Configuration 204

        Evaluation Mode 205

        Registering with the CSSM 206

    Verifying a Smart License Issue 209

Registering a Firepower System 211

    Registration Configuration 211

        Setting Up FTD 211

        Setting Up the FMC 212

    Verifying the Registration and Connection 215

    Analyzing the Encrypted SFTunnel 221

Summary 229

Quiz 230

Chapter 8 Firepower Deployment in Routed Mode 231

Routed Mode Essentials 231

Best Practices for Routed Mode Configuration 233

Configuring Routed Mode 233

    Fulfilling Prerequisites 234

    Configuring the Firewall Mode 234

    Configuring the Routed Interface 235

        Configuring an Interface with a Static IP Address 235

        DHCP Services 238

    FTD as a DHCP Server 240

    FTD as a DHCP Client 241

Verification and Troubleshooting Tools 243

    Verifying the Interface Configuration 243

    Verifying DHCP Settings 246

Summary 249

Quiz 249

Chapter 9 Firepower Deployment in Transparent Mode 251

Transparent Mode Essentials 251

Best Practices for Transparent Mode 252

Configuring Transparent Mode 253

    Fulfilling Prerequisites 254

    Changing the Firewall Mode 254

    Deploying Transparent Mode in a Layer 2 Network 255

        Configuring the Physical and Virtual Interfaces 256

        Verifying the Interface Status 261

        Verifying Basic Connectivity and Operations 264

    Deploying an FTD Device Between Layer 3 Networks 267

        Selecting the Default Action 268

        Adding an Access Rule 269

    Creating an Access Rule for SSH 272

        Verifying Access Control Lists 274

Summary 276

Quiz 276

Part III Troubleshooting and Administration of Traffic Control

Chapter 10 Capturing Traffic for Advanced Analysis 277

Traffic Capture Essentials 277

Best Practices for Capturing Traffic 278

Configuring Firepower System for Traffic Analysis 278

    Capturing Traffic from a Firepower Engine 279

        tcpdump Options 280

        Downloading a .pcap File Generated by Firepower Engine 285

    Capturing Traffic from the Firewall Engine 288

        Downloading a .pcap File Generated by Firewall Engine 291

        Enabling HTTP Service in FTD 293

    Capturing Traffic from the FMC 298

        Downloading a .pcap File Generated by FMC 299

Verification and Troubleshooting Tools 302

    Adding an Access Rule to Block ICMP Traffic 302

    Analyzing the Traffic Flow by Using a Block Rule 303

    Packet Processing by an Interface 306

Summary 309

Quiz 309

Chapter 11 Blocking Traffic Using Inline Interface Mode 311

Inline Mode Essentials 311

    Inline Mode Versus Passive Mode 312

    Inline Mode Versus Transparent Mode 314

    Tracing a Packet Drop 314

Best Practices for Inline Mode Configuration 316

Configuring Inline Mode 316

    Fulfilling Prerequisites 317

    Creating an Inline Set 317

        Verifying the Configuration 321

        Verifying Packet Flow by Using packet-tracer 324

        Verifying Packet Flow by Using Real Packet Capture 328

    Enabling Fault Tolerance Features 333

        Configuring Fault Tolerance Features 334

        Verifying Fault Tolerance Features 335

    Blocking a Specific Port 336

        Configuring Blocking a Specific Port 337

        Verifying Blocking of a Specific Port 339

        Analyzing a Packet Drop by Using a Simulated Packet 340

        Analyzing a Packet Drop by Using a Real Packet 342

Summary 344

Quiz 345

Chapter 12 Inspecting Traffic Without Blocking It 347

Traffic Inspection Essentials 347

    Passive Monitoring Technology 347

    Inline Versus Inline Tap Versus Passive 350

Best Practices for Detection-Only Deployment 352

Fulfilling Prerequisites 352

Inline Tap Mode 352

    Configuring Inline Tap Mode 353

    Verifying an Inline Tap Mode Configuration 354

Passive Interface Mode 357

    Configuring Passive Interface Mode 357

        Configuring Passive Interface Mode on an FTD Device 357

        Configuring a SPAN Port on a Switch 359

    Verifying a Passive Interface Mode Configuration 359

Analyzing Traffic Inspection Operation 362

    Analyzing a Connection Event with a Block Action 362

        Analyzing Live Traffic 362

        Analyzing a Simulated Packet 364

    Analyzing an Intrusion Event with an Inline Result 366

Summary 370

Quiz 371

Chapter 13 Handling Encapsulated Traffic 373

Encapsulation and Prefilter Policy Essentials 373

Best Practices for Adding a Prefilter Rule 375

Fulfilling Prerequisites 375

    Transferring and Capturing Traffic on the Firewall Engine 377

Scenario 1: Analyzing Encapsulated Traffic 379

    Configuring Policies to Analyze Encapsulated Traffic 379

        Prefilter Policy Settings 379

        Access Control Policy Settings 381

    Verifying the Configuration and Connection 382

    Analyzing Packet Flows 385

Scenario 2: Blocking Encapsulated Traffic 391

    Configuring Policies to Block Encapsulated Traffic 391

    Verifying the Configuration and Connection 392

    Analyzing Packet Flows 395

Scenario 3: Bypassing Inspection 397

    Configuring Policies to Bypass Inspection 397

        Custom Prefilter Policy 397

        Access Control Policy Settings 401

    Verifying the Configuration and Connection 403

    Analyzing Packet Flows 405

Summary 407

Quiz 407

Chapter 14 Bypassing Inspection and Trusting Traffic 409

Bypassing Inspection and Trusting Traffic Essentials 409

    The Fastpath Rule 409

    The Trust Rule 410

Best Practices for Bypassing Inspection 412

Fulfilling Prerequisites 412

Implementing Fastpath Through a Prefilter Policy 413

    Configuring Traffic Bypassing 413

        Configuring a Prefilter Policy 413

        Invoking a Prefilter Policy in an Access Control Policy 418

    Verifying the Prefilter Rule Configuration 420

    Enabling Tools for Advanced Analysis 421

    Analyzing the Fastpath Action 422

Establishing Trust Through an Access Policy 427

    Configuring Trust with an Access Policy 427

    Verifying the Trust Rule Configuration 429

    Enabling Tools for Advanced Analysis 430

    Analyzing the Trust Action 432

    Using the Allow Action for Comparison 440

Summary 442

Quiz 442

Chapter 15 Rate Limiting Traffic 445

Rate Limiting Essentials 445

Best Practices for QoS Rules 447

Fulfilling Prerequisites 448

Configuring Rate Limiting 449

Verifying the Rate Limit of a File Transfer 454

Analyzing QoS Events and Statistics 458

Summary 462

Quiz 462

Part IV Troubleshooting and Administration of Next-Generation Security Features

Chapter 16 Blacklisting Suspicious Addresses by Using Security Intelligence 463

Security Intelligence Essentials 463

    Input Methods 466

Best Practices for Blacklisting 468

Fulfilling Prerequisites 468

Configuring Blacklisting 468

    Automatic Blacklist Using Cisco Intelligence Feed 468

    Manual Blacklisting Using a Custom Intelligence List 472

    Immediate Blacklisting Using a Connection Event 477

        Adding an Address to a Blacklist 477

        Deleting an Address from a Blacklist 479

    Monitoring a Blacklist 480

    Bypassing a Blacklist 482

        Adding an Address to a Whitelist 483

        Deleting an Address from a Whitelist 484

Verification and Troubleshooting Tools 485

    Verifying the Download of the Latest Files 486

    Verifying the Loading of Addresses into Memory 489

    Finding a Specific Address in a List 491

    Verifying URL-Based Security Intelligence Rules 491

Summary 494

Quiz 494

Chapter 17 Blocking a Domain Name System (DNS) Query 497

Firepower DNS Policy Essentials 497

    Domain Name System (DNS) 497

    Blocking of a DNS Query Using a Firepower System 499

    DNS Rule Actions 500

        Actions That Can Interrupt a DNS Query 500

        Actions That Allow a DNS Query 502

    Sources of Intelligence 504

Best Practices for Blocking DNS Query 506

Fulfilling Prerequisites 507

Configuring DNS Query Blocking 508

    Adding a New DNS Rule 508

    Invoking a DNS Policy 510

Verification and Troubleshooting Tools 511

    Verifying the Configuration of a DNS Policy 511

    Verifying the Operation of a DNS Policy 515

Summary 520

Quiz 520

Chapter 18 Filtering URLs Based on Category, Risk, and Reputation 523

URL Filtering Essentials 523

    Reputation Index 523

    Operational Architecture 525

Fulfilling Prerequisites 526

Best Practices for URL Filtering Configuration 529

Blocking URLs of a Certain Category 532

    Configuring an Access Rule for URL Filtering 532

    Verification and Troubleshooting Tools 534

Allowing a Specific URL 537

    Configuring FTD to Allow a Specific URL 538

    Verification and Troubleshooting Tools 540

Querying the Cloud for Uncategorized URLs 543

    Configuring FMC to Perform a Query 544

    Verification and Troubleshooting Tools 546

Summary 550

Quiz 550

Chapter 19 Discovering Network Applications and Controlling Application Traffic 553

Application Discovery Essentials 553

    Application Detectors 553

    Operational Architecture 555

Best Practices for Network Discovery Configuration 557

Fulfilling Prerequisites 558

Discovering Applications 560

    Configuring a Network Discovery Policy 561

    Verification and Troubleshooting Tools 564

        Analyzing Application Discovery 564

        Analyzing Host Discovery 566

        Undiscovered New Hosts 567

Blocking Applications 570

    Configuring Blocking of Applications 570

    Verification and Troubleshooting Tools 572

Summary 575

Quiz 576

Chapter 20 Controlling File Transfer and Blocking the Spread of Malware 577

File Policy Essentials 577

    File Type Detection Technology 579

    Malware Analysis Technology 579

    Licensing Capability 582

Best Practices for File Policy Deployment 583

Fulfilling Prerequisites 584

Configuring a File Policy 586

    Creating a File Policy 586

    Applying a File Policy 592

Verification and Troubleshooting Tools 593

    Analyzing File Events 594

    Analyzing Malware Events 599

        The FMC Is Unable to Communicate with the Cloud 599

        The FMC Performs a Cloud Lookup 603

        FTD Blocks Malware 607

    Overriding a Malware Disposition 610

Summary 615

Quiz 615

Chapter 21 Preventing Cyber Attacks by Blocking Intrusion Attempts 617

Firepower NGIPS Essentials 617

    Network Analysis Policy and Preprocessor 619

    Intrusion Policy and Snort Rules 621

    System-Provided Variables 624

    System-Provided Policies 626

Best Practices for Intrusion Policy Deployment 632

NGIPS Configuration 637

    Configuring a Network Analysis Policy 637

        Creating a New NAP with Default Settings 637

        Modifying the Default Settings of a NAP 639

    Configuring an Intrusion Policy 641

        Creating a Policy with a Default Ruleset 641

        Incorporating Firepower Recommendations 642

        Enabling or Disabling an Intrusion Rule 646

        Setting Up a Variable Set 648

    Configuring an Access Control Policy 650

Verification and Troubleshooting Tools 654

Summary 665

Quiz 665

Chapter 22 Masquerading the Original IP Address of an Internal Network Host 667

NAT Essentials 667

    NAT Techniques 669

    NAT Rule Types 670

Best Practices for NAT Deployment 672

Fulfilling Prerequisites 673

Configuring NAT 676

    Masquerading a Source Address (Source NAT for Outbound Connection) 676

        Configuring a Dynamic NAT Rule 677

        Verifying the Configuration 681

        Verifying the Operation: Inside to Outside 683

        Verifying the Operation: Outside to Inside 690

    Connecting to a Masqueraded Destination (Destination NAT for Inbound Connection) 695

        Configuring a Static NAT Rule 695

        Verifying the Operation: Outside to DMZ 696

Summary 706

Quiz 706

Appendix A Answers to the Review Questions 707

Appendix B Generating and Collecting Troubleshooting Files Using the GUI 713

Generating Troubleshooting Files with the GUI 713

Appendix C Generating and Collecting Troubleshooting Files Using the CLI 717

Generating Troubleshooting Files at the FTD CLI 717

    Downloading a File by Using the GUI 718

    Copying a File by Using the CLI 719

Generating Troubleshooting Files at the FMC CLI 719

9781587144806    TOC    11/9/2017

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020