Cisco ACE IPS and Cisco ASA AIP-SSM (IPS)

Answered Question
Aug 6th, 2008
User Badges:


Is there any difference between the functionality provided by the Cisco ACE IPS and Cisco ASA AIP-SSM (IPS) features ?.


Can one do without Cisco ASA AIP-SSM (IPS) by 'only' configuring/implementing Cisco ACE IPS.

Correct Answer by Farrukh Haroon about 8 years 7 months ago

The Cisco AVS/ACE focus on provisioning and securing web-based applications. The IPS does not focus on just web-applications and tries to secure multiple layers of the OSI stack. Consider the IPS like a general physician and the ACE/AVS like a eye surgeon or something :)


Here is the answer from Cisco itself:


http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html


Q. How is the Cisco AVS Web Application Firewall different from an intrusion prevention system (IPS)?

A. IPSs are solid solutions for protecting against attacks targeted at known vulnerabilities in major platforms such as Windows, Solaris, Apache, or Microsoft Internet Information Services (IIS). Cisco AVS excels at protecting against attacks targeted at business applications or Websites. These applications might be software vendor-built applications or in-house custom applications. Security patches and signatures are typically not available for these types of applications, and building these levels of security into each application would be nearly impossible.

Q. How is the Cisco AVS Web Application Firewall different from a network firewall?

A. The Cisco AVS 3120 and network firewalls such as the Cisco PIX® Firewall and Cisco ASA 5500 Series Adaptive Security Appliances are complementary products. The Cisco AVS Web Application Firewall secures Web-based applications; network firewalls excel at securing networks; and the Cisco AVS provides defense in depth for Web applications.

Network firewalls enforce policy on networks, IP addresses, and ports; they have a broad set of application layer features for many different protocols. The firewall can and will be deployed in many locations, including branch, network edge, enterprise edge, etc. The Cisco AVS enforces policy on HTTP data such as URLs, headers, and parameters. The Cisco AVS is deployed only in the data center in front of Web applications


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Farrukh Haroon Wed, 08/06/2008 - 06:00
User Badges:
  • Red, 2250 points or more

The Cisco AVS/ACE focus on provisioning and securing web-based applications. The IPS does not focus on just web-applications and tries to secure multiple layers of the OSI stack. Consider the IPS like a general physician and the ACE/AVS like a eye surgeon or something :)


Here is the answer from Cisco itself:


http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html


Q. How is the Cisco AVS Web Application Firewall different from an intrusion prevention system (IPS)?

A. IPSs are solid solutions for protecting against attacks targeted at known vulnerabilities in major platforms such as Windows, Solaris, Apache, or Microsoft Internet Information Services (IIS). Cisco AVS excels at protecting against attacks targeted at business applications or Websites. These applications might be software vendor-built applications or in-house custom applications. Security patches and signatures are typically not available for these types of applications, and building these levels of security into each application would be nearly impossible.

Q. How is the Cisco AVS Web Application Firewall different from a network firewall?

A. The Cisco AVS 3120 and network firewalls such as the Cisco PIX® Firewall and Cisco ASA 5500 Series Adaptive Security Appliances are complementary products. The Cisco AVS Web Application Firewall secures Web-based applications; network firewalls excel at securing networks; and the Cisco AVS provides defense in depth for Web applications.

Network firewalls enforce policy on networks, IP addresses, and ports; they have a broad set of application layer features for many different protocols. The firewall can and will be deployed in many locations, including branch, network edge, enterprise edge, etc. The Cisco AVS enforces policy on HTTP data such as URLs, headers, and parameters. The Cisco AVS is deployed only in the data center in front of Web applications


Regards


Farrukh

Actions

This Discussion