Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

Firewall v/s IPS

ray_stone
Level 1
Level 1

‎09-22-2008 09:53 PM - edited ‎03-10-2019 04:18 AM

Hi, During these days I am trying to understand IPS and IDS concepts. I just want to know how is different an IPS device from Firewall in the terms of traffic blocking as I know we can handle the traffic on ASA FW by using MPF then why we require IPS. Thanks

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎09-24-2008 05:40 AM

The [firewall and IPS] products are converging, but generally an IPS is better at deep packet inspection and a firewall is better at pretty much everything else (they've been around a long time and are more mature).

Specifically to the ASA, an ASA without the AIP-SSM (the IPS module) has deep packet inspection capabilities, but doesn't have thousands of built-in signatures, with new ones added as new vulnerabilities surface. It doesn't by default protect you from most application layer attacks.

For example, here's how you can configure the ASA to defend against the "Microsoft Snapshot Viewer ActiveX Control Arbitrary File Upload Vulnerability".

http://tools.cisco.com/security/center/viewAlert.x?alertId=16224

Unless you manually do this, you won't have protection. If you have the IPS module, a signature update was released the same day and you're automatically protected:

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=6968&signatureSubId=0&softwareVersion=6.0&releaseVersion=S343

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card