IPS at Edge

Unanswered Question
Jennifer Halim Tue, 03/30/2010 - 13:30
User Badges:
  • Cisco Employee,

IPS sensor has the followiong features:

1) Analysis engine with thousands of signatures. If a packet and/or traffic matches specific signature, it will trigger specific action accordingly.

2) Anomaly engine, where it baseline the traffic pattern, and report if there is anomaly to the normal traffic pattern.


Here is a more detailed explaination of the IPS services:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78-459520_ps4077_Products_Data_Sheet.html


IPS is not design to prevent virus, hence ASA has 2 different modules: AIP-SSM (IPS module) and CSC-SSM (antivirus module).

Jennifer Halim Wed, 03/31/2010 - 01:31
User Badges:
  • Cisco Employee,

CSC module only supports 4 protocols, ie: FTP, HTTP, SMTP and POP3.


IPS has thousands of signatures and handles all other protocols, not restrictive to the above 4 protocols on CSC module.

Actions

This Discussion