Cisco Inline IDS Intrusion Prevention System

Recently Cisco marketing released security concept, Intrusion Prevention System (IPS), along with the new router platforms, namely the 1800, 2800, and 3800. IPS is designed to leverage Cisco PIX software and Cisco IDS sensor technologies, combined with IOS software features. Cisco IOS IPS is an inline, deep-packet, inspection-based solution that helps enable Cisco IOS software to effectively mitigate network attacks.

Cisco inline IDS (or IPS) allows for traffic to be dropped, can send an alarm, or can reset a connection, enabling the router to respond immediately to security threats and protect the network. Cisco IOS IPS relies on inline IDS to provide features such as the following:

■ The ability to dynamically load and enable selected IPS signatures in real time

■ An increase in the number of supported signatures to more than 740 of the signatures supported by Cisco IDS sensor platforms

■ The ability for a user to modify an existing signature or create a new signature to address newly discovered threats; each signature can be enabled to send an alarm, drop the packet, or reset the connection

Typical types of attacks from hackers and, most importantly, internal intruders and disgruntled employees are of the following forms:

■ Reconnaissance attacks

■ Access attacks

■ Denial of service (DoS) attacks

Most large organizations install a number of firewall technologies such as PIX Firewall, CyberGuard, or Netscreens, but fail to adequately prevent attacks that initiate from the inside. Chapter 6, "Security Technologies," discusses in detail some of the most common attacks that employees (or an attacker who has plugged into a network by tailgating their way into an office area) can instigate within organizations. Some large organizations, which will remain nameless, have experienced this very problem.

You will now cover the details about the different forms of inline IDS before we take a look at some example scenarios.

IDS sensors are software and/or hardware used to collect and analyze network traffic. These sensors are available in two flavors, network IDS and host IDS.

The CiscoWorks Management Center for IDS Sensors is a component of the CiscoWorks VMS and acts as the collection point for alerts and performs configuration and deployment services for the IDS sensors in the network.

Cisco recently announced a new series of architectures based on IPS. IDS and IPS are used in tandem to provide a secure and reliable IP network. You are encouraged to maximize your security knowledge of IDS and IPS not just for the written exam but for your own career development. More details on IDS and IPS can be found at http://www.cisco.com/security/.

Was this article helpful?

0 0

Post a comment