Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your SNRS exam, a well-prepared candidate should at a minimum know all the details in each "Foundation Summary" before going to take the exam.

The Cisco IOS IPS is the next generation of intrusion detection technology designed to complement the security infrastructure by integrating into Cisco IOS Software. This integration of technologies makes the Cisco IOS router a cost-effective and functional tool. A review of several Cisco IOS IPS concepts follows:

• The Cisco IOS IPS can communicate with Cisco SDM, CiscoWorks VMS IDS, and syslog server.

• The devices communicate using SDEE. You configure the communications by enabling HTTP services on the router and the SDEE notification parameters.

• The four categories of signatures are exploit, DoS, reconnaissance, and misuse.

• The two signature types are atomic and compound.

• Each IPS signature takes up a portion of router memory. The number of signatures supported on platforms with 128 MB of memory is 563. If the platform has 256 MB of memory, it can support 737 signatures.

• Cisco IOS IPS has two main components. SDF contains signature information. The SME parses the SDF and inspects the signature for a pattern match.

• Four actions are required to configure the IPS:

1. Initialize the Cisco IOS IPS on the router.

- Configure the notification type.

- Configure the maximum queue for alarms.

2. Configure signatures.

- Load IPS signatures via SDF files.

- Delete and exclude signatures to comply with "normal" network traffic.

3. Create and apply IPS rules.

- Create and enable Cisco IPS rules on an interface.

4. Verify configuration.

Use the show, clear, and debug commands to verify successful configuration.


0 0

Post a comment