larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Cisco Firepower Threat Defense (FTD): Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP)

Best Value Purchase

Book + eBook Bundle

  • Your Price: $79.44
  • List Price: $136.98
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Individual Purchases

Book

  • Your Price: $55.99
  • List Price: $69.99
  • Usually ships in 24 hours.

eBook (Watermarked)

  • Your Price: $53.59
  • List Price: $66.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • Description
  • Sample Content
  • Updates
  • Copyright 2018
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 800
  • Edition: 1st
  • Book
  • ISBN-10: 1-58714-480-8
  • ISBN-13: 978-1-58714-480-6

The authoritative visual guide to Cisco Firepower Threat Defense (FTD)

This is the definitive guide to best practices and advanced troubleshooting techniques for the Cisco flagship Firepower Threat Defense (FTD) system running on Cisco ASA platforms, Cisco Firepower security appliances, Firepower eXtensible Operating System (FXOS), and VMware virtual appliances.

Senior Cisco engineer Nazmul Rajib draws on unsurpassed experience supporting and training Cisco Firepower engineers worldwide, and presenting detailed knowledge of Cisco Firepower deployment, tuning, and troubleshooting. Writing for cybersecurity consultants, service providers, channel partners, and enterprise or government security professionals, he shows how to deploy the Cisco Firepower next-generation security technologies to protect your network from potential cyber threats, and how to use Firepower’s robust command-line tools to investigate a wide variety of technical issues.

Each consistently organized chapter contains definitions of keywords, operational flowcharts, architectural diagrams, best practices, configuration steps (with detailed screenshots), verification tools, troubleshooting techniques, and FAQs drawn directly from issues raised by Cisco customers at the Global Technical Assistance Center (TAC). Covering key Firepower materials on the CCNA Security, CCNP Security, and CCIE Security exams, this guide also includes end-of-chapter quizzes to help candidates prepare.

· Understand the operational architecture of the Cisco Firepower NGFW, NGIPS, and AMP technologies

· Deploy FTD on ASA platform and Firepower appliance running FXOS

· Configure and troubleshoot Firepower Management Center (FMC)

· Plan and deploy FMC and FTD on VMware virtual appliance

· Design and implement the Firepower management network on FMC and FTD

· Understand and apply Firepower licenses, and register FTD with FMC

· Deploy FTD in Routed, Transparent, Inline, Inline Tap, and Passive Modes

· Manage traffic flow with detect-only, block, trust, and bypass operations

· Implement rate limiting and analyze quality of service (QoS)

· Blacklist suspicious IP addresses via Security Intelligence

· Block DNS queries to the malicious domains

· Filter URLs based on category, risk, and reputation

· Discover a network and implement application visibility and control (AVC)

· Control file transfers and block malicious files using advanced malware protection (AMP)

· Halt cyber attacks using Snort-based intrusion rule

· Masquerade an internal host’s original IP address using Network Address Translation (NAT)

· Capture traffic and obtain troubleshooting files for advanced analysis

· Use command-line tools to identify status, trace packet flows, analyze logs, and debug messages

Online Sample Chapter

FTD on ASA 5500-X Series Hardware

Table of Contents

Introduction xxv

Part I Troubleshooting and Administration of Hardware Platform

Chapter 1 Introduction to the Cisco Firepower Technology 1

History of Sourcefire 1

Evolution of Firepower 2

FirePOWER Versus Firepower 3

Firepower Threat Defense (FTD) 6

FirePOWER Service Versus Firepower Threat Defense (FTD) 6

Firepower System Software Components 7

Firepower System Hardware Platforms 9

Firepower Accessories 10

Summary 11

Chapter 2 FTD on ASA 5500-X Series Hardware 13

ASA Reimaging Essentials 13

Best Practices for FTD Installation on ASA Hardware 14

Installing and Configuring FTD 16

Fulfilling Prerequisites 16

Upgrading Firmware 18

Installing the Boot Image 26

Installing the System Software 32

Verification and Troubleshooting Tools 44

Navigating to the FTD CLI 44

Determining the Version of Installed Software 46

Determining the Free Disk Space on ASA Hardware 47

Deleting a File from a Storage Device 48

Determining the Availability of Any Storage Device or SSD 48

Determining the Version of the ROMMON Software or Firmware 50

Summary 52

Quiz 52

Chapter 3 FTD on the Firepower eXtensible Operating System (FXOS) 55

Firepower 9300 and 4100 Series Essentials 55

Architecture 57

Software Images 58

Firepower Extensible Operating System (FXOS) 59

FTD Software 60

Firmware 60

Web User Interfaces 61

Best Practices for FTD Installation on Firepower Hardware 62

Installing and Configuring FTD 64

Fulfilling Prerequisites 64

Deleting Any Existing Logical Devices 64

Upgrading the FXOS Software 65

Enabling Interfaces 67

Installing FTD 71

Uploading the FTD Software Image 72

Adding a Logical Device for FTD 73

Completing the Initialization of FTD 77

Verification and Troubleshooting Tools 79

Navigating to the FTD CLI 79

Verifying the FXOS Software 81

Verifying the Status of a Security Application 82

Verifying the Security Modules, Adapters, and Switch Fabric 84

Verifying the Hardware Chassis 87

Verifying the Power Supply Unit (PSU) Modules 90

Verifying the Fan Modules 92

Summary 94

Quiz 94

Chapter 4 Firepower Management Center (FMC) Hardware 97

FMC Component Essentials 97

On-Box Managers 98

Off-Box Managers 99

Cisco Integrated Management Controller (CIMC) 101

Internal USB Storage for the System_Restore Image 104

User Interfaces 104

Best Practices for FMC Reimage 105

Pre-installation Best Practices 105

Post-installation Best Practices 108

Installing and Configuring the FMC 109

Fulfilling Prerequisites 109

Configuration Steps 110

Step 1: Load the System_Restore Image 111

Step 2: Configure the Network Settings 114

Step 3: Choose a Transport Protocol 114

Step 4: Download and Mount an ISO File 116

Step 5: Run the Installation 117

Step 6: Initialize the System 120

Verification and Troubleshooting Tools 122

Identifying the FMC on a Rack 122

Determining the Hardware and Software Details of the FMC 124

Determining the RAID Battery Status 124

Determining the Status of a Power Supply Unit (PSU) 125

Checking Logs on the CLI 125

Enabling Alerts on the GUI 127

Performing a Complete Power Cycle 129

PSU Checklist 129

Verifying the Fans 129

Summary 132

Quiz 132

Chapter 5 Firepower System Virtual on VMware 135

FMC and FTD Virtual Essentials 135

Supported Virtual Environments 135

ESXi Versus VI 136

VMware Installation Package in a Tarball 136

Disk Provisioning Options 137

Best Practices for Firepower Virtual Appliance Deployment 138

Pre-deployment Best Practices 138

Post-deployment Best Practices 140

Installing and Configuring a Firepower Virtual Appliance 141

Fulfilling Prerequisites 142

Creating a Virtual Network 144

Creating a Network for FMC Virtual 145

Creating a Network for FTD Virtual 148

Using Promiscuous Mode 152

Deploying an OVF Template 154

Initializing an Appliance 160

Initializing an FMC Virtual Appliance 161

Initializing an FTD Virtual Appliance 162

Verification and Troubleshooting Tools 163

Determining the Status of Allocated Resources 164

Determining the Status of a Network Adapter 165

Upgrading a Network Adapter 166

Summary 170

Quiz 170

Part II Troubleshooting and Administration of Initial Deployment

Chapter 6 The Firepower Management Network 173

Firepower System Management Network Essentials 173

The FTD Management Interface 173

Designing a Firepower Management Network 176

Best Practices for Management Interface Configuration 180

Configuring a Management Network on FMC Hardware 180

Configuration Options 180

Using the GUI During the First Login 180

Using the GUI On Demand 182

Using the Command-Line Interface 183

Verification and Troubleshooting Tools 184

Configuring a Management Network on ASA Hardware 186

Configuration 186

Verification and Troubleshooting Tools 187

Configuring a Management Network on a Firepower Security Appliance 190

Configuring the FXOS Management Interface 190

Verification of the FXOS Management Interface Configuration 191

Configuring the FTD Management Interface 192

Verification of the FTD Management Interface Configuration 194

Summary 197

Quiz 197

Chapter 7 Firepower Licensing and Registration 199

Licensing Essentials 199

The Smart Licensing Architecture 199

Cisco Smart Software Manager (CSSM) 200

CSSM Satellite 201

Firepower Licenses 202

Best Practices for Licensing and Registration 203

Licensing a Firepower System 203

Licensing Configuration 204

Evaluation Mode 205

Registering with the CSSM 206

Verifying a Smart License Issue 209

Registering a Firepower System 211

Registration Configuration 211

Setting Up FTD 211

Setting Up the FMC 212

Verifying the Registration and Connection 215

Analyzing the Encrypted SFTunnel 221

Summary 229

Quiz 230

Chapter 8 Firepower Deployment in Routed Mode 231

Routed Mode Essentials 231

Best Practices for Routed Mode Configuration 233

Configuring Routed Mode 233

Fulfilling Prerequisites 234

Configuring the Firewall Mode 234

Configuring the Routed Interface 235

Configuring an Interface with a Static IP Address 235

DHCP Services 238

FTD as a DHCP Server 240

FTD as a DHCP Client 241

Verification and Troubleshooting Tools 243

Verifying the Interface Configuration 243

Verifying DHCP Settings 246

Summary 249

Quiz 249

Chapter 9 Firepower Deployment in Transparent Mode 251

Transparent Mode Essentials 251

Best Practices for Transparent Mode 252

Configuring Transparent Mode 253

Fulfilling Prerequisites 254

Changing the Firewall Mode 254

Deploying Transparent Mode in a Layer 2 Network 255

Configuring the Physical and Virtual Interfaces 256

Verifying the Interface Status 261

Verifying Basic Connectivity and Operations 264

Deploying an FTD Device Between Layer 3 Networks 267

Selecting the Default Action 268

Adding an Access Rule 269

Creating an Access Rule for SSH 272

Verifying Access Control Lists 274

Summary 276

Quiz 276

Part III Troubleshooting and Administration of Traffic Control

Chapter 10 Capturing Traffic for Advanced Analysis 277

Traffic Capture Essentials 277

Best Practices for Capturing Traffic 278

Configuring Firepower System for Traffic Analysis 278

Capturing Traffic from a Firepower Engine 279

tcpdump Options 280

Downloading a .pcap File Generated by Firepower Engine 285

Capturing Traffic from the Firewall Engine 288

Downloading a .pcap File Generated by Firewall Engine 291

Enabling HTTP Service in FTD 293

Capturing Traffic from the FMC 298

Downloading a .pcap File Generated by FMC 299

Verification and Troubleshooting Tools 302

Adding an Access Rule to Block ICMP Traffic 302

Analyzing the Traffic Flow by Using a Block Rule 303

Packet Processing by an Interface 306

Summary 309

Quiz 309

Chapter 11 Blocking Traffic Using Inline Interface Mode 311

Inline Mode Essentials 311

Inline Mode Versus Passive Mode 312

Inline Mode Versus Transparent Mode 314

Tracing a Packet Drop 314

Best Practices for Inline Mode Configuration 316

Configuring Inline Mode 316

Fulfilling Prerequisites 317

Creating an Inline Set 317

Verifying the Configuration 321

Verifying Packet Flow by Using packet-tracer 324

Verifying Packet Flow by Using Real Packet Capture 328

Enabling Fault Tolerance Features 333

Configuring Fault Tolerance Features 334

Verifying Fault Tolerance Features 335

Blocking a Specific Port 336

Configuring Blocking a Specific Port 337

Verifying Blocking of a Specific Port 339

Analyzing a Packet Drop by Using a Simulated Packet 340

Analyzing a Packet Drop by Using a Real Packet 342

Summary 344

Quiz 345

Chapter 12 Inspecting Traffic Without Blocking It 347

Traffic Inspection Essentials 347

Passive Monitoring Technology 347

Inline Versus Inline Tap Versus Passive 350

Best Practices for Detection-Only Deployment 352

Fulfilling Prerequisites 352

Inline Tap Mode 352

Configuring Inline Tap Mode 353

Verifying an Inline Tap Mode Configuration 354

Passive Interface Mode 357

Configuring Passive Interface Mode 357

Configuring Passive Interface Mode on an FTD Device 357

Configuring a SPAN Port on a Switch 359

Verifying a Passive Interface Mode Configuration 359

Analyzing Traffic Inspection Operation 362

Analyzing a Connection Event with a Block Action 362

Analyzing Live Traffic 362

Analyzing a Simulated Packet 364

Analyzing an Intrusion Event with an Inline Result 366

Summary 370

Quiz 371

Chapter 13 Handling Encapsulated Traffic 373

Encapsulation and Prefilter Policy Essentials 373

Best Practices for Adding a Prefilter Rule 375

Fulfilling Prerequisites 375

Transferring and Capturing Traffic on the Firewall Engine 377

Scenario 1: Analyzing Encapsulated Traffic 379

Configuring Policies to Analyze Encapsulated Traffic 379

Prefilter Policy Settings 379

Access Control Policy Settings 381

Verifying the Configuration and Connection 382

Analyzing Packet Flows 385

Scenario 2: Blocking Encapsulated Traffic 391

Configuring Policies to Block Encapsulated Traffic 391

Verifying the Configuration and Connection 392

Analyzing Packet Flows 395

Scenario 3: Bypassing Inspection 397

Configuring Policies to Bypass Inspection 397

Custom Prefilter Policy 397

Access Control Policy Settings 401

Verifying the Configuration and Connection 403

Analyzing Packet Flows 405

Summary 407

Quiz 407

Chapter 14 Bypassing Inspection and Trusting Traffic 409

Bypassing Inspection and Trusting Traffic Essentials 409

The Fastpath Rule 409

The Trust Rule 410

Best Practices for Bypassing Inspection 412

Fulfilling Prerequisites 412

Implementing Fastpath Through a Prefilter Policy 413

Configuring Traffic Bypassing 413

Configuring a Prefilter Policy 413

Invoking a Prefilter Policy in an Access Control Policy 418

Verifying the Prefilter Rule Configuration 420

Enabling Tools for Advanced Analysis 421

Analyzing the Fastpath Action 422

Establishing Trust Through an Access Policy 427

Configuring Trust with an Access Policy 427

Verifying the Trust Rule Configuration 429

Enabling Tools for Advanced Analysis 430

Analyzing the Trust Action 432

Using the Allow Action for Comparison 440

Summary 442

Quiz 442

Chapter 15 Rate Limiting Traffic 445

Rate Limiting Essentials 445

Best Practices for QoS Rules 447

Fulfilling Prerequisites 448

Configuring Rate Limiting 449

Verifying the Rate Limit of a File Transfer 454

Analyzing QoS Events and Statistics 458

Summary 462

Quiz 462

Part IV Troubleshooting and Administration of Next-Generation Security Features

Chapter 16 Blacklisting Suspicious Addresses by Using Security Intelligence 463

Security Intelligence Essentials 463

Input Methods 466

Best Practices for Blacklisting 468

Fulfilling Prerequisites 468

Configuring Blacklisting 468

Automatic Blacklist Using Cisco Intelligence Feed 468

Manual Blacklisting Using a Custom Intelligence List 472

Immediate Blacklisting Using a Connection Event 477

Adding an Address to a Blacklist 477

Deleting an Address from a Blacklist 479

Monitoring a Blacklist 480

Bypassing a Blacklist 482

Adding an Address to a Whitelist 483

Deleting an Address from a Whitelist 484

Verification and Troubleshooting Tools 485

Verifying the Download of the Latest Files 486

Verifying the Loading of Addresses into Memory 489

Finding a Specific Address in a List 491

Verifying URL-Based Security Intelligence Rules 491

Summary 494

Quiz 494

Chapter 17 Blocking a Domain Name System (DNS) Query 497

Firepower DNS Policy Essentials 497

Domain Name System (DNS) 497

Blocking of a DNS Query Using a Firepower System 499

DNS Rule Actions 500

Actions That Can Interrupt a DNS Query 500

Actions That Allow a DNS Query 502

Sources of Intelligence 504

Best Practices for Blocking DNS Query 506

Fulfilling Prerequisites 507

Configuring DNS Query Blocking 508

Adding a New DNS Rule 508

Invoking a DNS Policy 510

Verification and Troubleshooting Tools 511

Verifying the Configuration of a DNS Policy 511

Verifying the Operation of a DNS Policy 515

Summary 520

Quiz 520

Chapter 18 Filtering URLs Based on Category, Risk, and Reputation 523

URL Filtering Essentials 523

Reputation Index 523

Operational Architecture 525

Fulfilling Prerequisites 526

Best Practices for URL Filtering Configuration 529

Blocking URLs of a Certain Category 532

Configuring an Access Rule for URL Filtering 532

Verification and Troubleshooting Tools 534

Allowing a Specific URL 537

Configuring FTD to Allow a Specific URL 538

Verification and Troubleshooting Tools 540

Querying the Cloud for Uncategorized URLs 543

Configuring FMC to Perform a Query 544

Verification and Troubleshooting Tools 546

Summary 550

Quiz 550

Chapter 19 Discovering Network Applications and Controlling Application Traffic 553

Application Discovery Essentials 553

Application Detectors 553

Operational Architecture 555

Best Practices for Network Discovery Configuration 557

Fulfilling Prerequisites 558

Discovering Applications 560

Configuring a Network Discovery Policy 561

Verification and Troubleshooting Tools 564

Analyzing Application Discovery 564

Analyzing Host Discovery 566

Undiscovered New Hosts 567

Blocking Applications 570

Configuring Blocking of Applications 570

Verification and Troubleshooting Tools 572

Summary 575

Quiz 576

Chapter 20 Controlling File Transfer and Blocking the Spread of Malware 577

File Policy Essentials 577

File Type Detection Technology 579

Malware Analysis Technology 579

Licensing Capability 582

Best Practices for File Policy Deployment 583

Fulfilling Prerequisites 584

Configuring a File Policy 586

Creating a File Policy 586

Applying a File Policy 592

Verification and Troubleshooting Tools 593

Analyzing File Events 594

Analyzing Malware Events 599

The FMC Is Unable to Communicate with the Cloud 599

The FMC Performs a Cloud Lookup 603

FTD Blocks Malware 607

Overriding a Malware Disposition 610

Summary 615

Quiz 615

Chapter 21 Preventing Cyber Attacks by Blocking Intrusion Attempts 617

Firepower NGIPS Essentials 617

Network Analysis Policy and Preprocessor 619

Intrusion Policy and Snort Rules 621

System-Provided Variables 624

System-Provided Policies 626

Best Practices for Intrusion Policy Deployment 632

NGIPS Configuration 637

Configuring a Network Analysis Policy 637

Creating a New NAP with Default Settings 637

Modifying the Default Settings of a NAP 6

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020