Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
2
Replies

are the content filtering & application inspection some of the IPS functions?

hanyawad
Level 1
Level 1

‎05-09-2010 07:33 AM - edited ‎03-10-2019 04:59 AM

dear experts,

are the content filtering & application inspection some of the IPS functions?

in other words, what are the differences between the functions of the IPS and the content filtering ?

also the differences between the functions of the IPS and application inspection?

because when i've read these topics get confused with the differences between the IPS and both of the other...

thanks for your reply

makar

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-09-2010 04:06 PM

Assuming that you are looking for the difference between the CSC module (Content Security) module, and AIP module (IPS module) on ASA, here is the difference:

CSC module:

- More or less like an Anti Virus/Anti Spyware module.

- Instead of sofware installed on your hosts, it's a anti virus network module that sits in your network.

- It only supports the inspection of the following protocols: SMTP, POP3, FTP and HTTP

- It can scan, filter, and block the above protocols as it traverses through your network.

- Here is a more detailed explaination of CSC module for your reference:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

AIP module:

- It's just like normal IPS device - signature based with thousands of signature prebuilt into the device.

- It is not limited to the above 4 protocols. It supports detection and prevention of much more protocols.

- It protects agains worms, trojans, viruses, distributed denial of service attacks, reconnaissance, and attacks against operating system and application vulnerabilities.

- It can be configured either in promiscuous mode or inline mode.

- Here is a more detailed explaination of AIP module for your reference:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

Hope that helps.

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-09-2010 04:12 PM

With application inspection on ASA firewall, it is more to inspect complex protocols and dynamically allow or dynamically inspect deep into the packet and modify the packet if necessary.

For example:

- FTP inspection: on access-list, you would need to allow the FTP control connection (ie: TCP/21), and FTP data will automatically be opened once the firewall inspects deep down into the FTP control session, and check which FTP data port the client and server negotiated it to be.

Here is a more detailed explaination of ASA inspection engine and its functions:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card