This chapter covers the following subjects

• Cisco IOS IPS Configuration Tasks

• Initializing the Cisco IOS IPS

• Working with Cisco IOS IPS Signatures and Rules

• Verifying the Cisco IOS IPS Configuration

• Cisco IOS IPS Deployment Strategies

Intrusion detection and prevention is a key component of the Cisco Self-Defending Network solution. This technology combined with the firewall and NetFlow services provides threat defense and provides prevention and response to malicious network attacks and threats.

Cisco IOS Intrusion Prevention System (IPS) is the evolution of the Cisco IOS Intrusion Detection System (IDS) solution. Cisco IPS products go beyond IDS signature matching by incorporating features such as stateful pattern recognition, protocol analysis, traffic anomaly detection, and protocol anomaly detection. These features provide the level of detail required to accurately identify the widest range of relevant attacks.

Similar to Cisco IDS, Cisco IPS is composed of hardware- and software-deployment solutions. Cisco IPS 4200 series sensor appliances are dedicated and purpose-built devices capable of protecting multiple network segments. Integrated hardware solutions are available, too, using the Cisco Catalyst 6500 IDS modules and the network module for the Cisco access routers. Cisco IOS IPS provides a subset of IPS capabilities via Cisco IOS Software on the router.

Cisco IOS IPS enhances the features of Cisco IOS IDS from a passive device that monitors traffic, to an inline reactive and prevention device. The capability of Cisco IOS IPS to drop traffic or reset connections is the primary difference between the two solutions.


0 0

Post a comment