IPS at Edge

Unanswered Question
Jennifer Halim Tue, 03/30/2010 - 13:30

IPS sensor has the followiong features:

1) Analysis engine with thousands of signatures. If a packet and/or traffic matches specific signature, it will trigger specific action accordingly.

2) Anomaly engine, where it baseline the traffic pattern, and report if there is anomaly to the normal traffic pattern.

Here is a more detailed explaination of the IPS services:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78-459520_ps4077_Products_Data_Sheet.html

IPS is not design to prevent virus, hence ASA has 2 different modules: AIP-SSM (IPS module) and CSC-SSM (antivirus module).

Jennifer Halim Wed, 03/31/2010 - 01:31

CSC module only supports 4 protocols, ie: FTP, HTTP, SMTP and POP3.

IPS has thousands of signatures and handles all other protocols, not restrictive to the above 4 protocols on CSC module.

Actions

This Discussion