×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisoc IPS Sensor 5.1

Answered Question
Aug 29th, 2006
User Badges:

Where can I find a listing of the threats that are mitigated by the ICS Sensor 5.1. We are evaluating the product, and one primary need is spyware/adware blocking. I know it lists spyware/adware as one of the 'anti-x', but there are no "details" to be had. Has anyone installed and configured this? Thanks.

Correct Answer by wyley.johnson about 10 years 11 months ago

There is always the ASA5510 or 5520 appliances with the CSC module that does anti-x (where x= spam, virus, spyware). THe problem with these devices is that you cannot do IPS and Anti-x at the same time. Each one is a seperate module.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
mhellman Tue, 08/29/2006 - 12:20
User Badges:
  • Blue, 1500 points or more

When you say "sensor" I guess you're talking about the Cisco network-based IPS appliance? It isn't going to do a good job of preventing spyware/adware. If that's a primary requirement, then I would suggest looking at either network-proxy solutions (like WebWasher or Bluecoat) or host-based IPS solutions, like Cisco's own Cisco security agent.

jabernstein Tue, 08/29/2006 - 12:42
User Badges:

Thanks. That's what I thought but could not find definitive information. We do have the IPS appliance and want to implement. One of the requirements of our security posture is spyware/adware. A member of the team read that one of the fetaures of IPS appliance was spyware/adware blocking. We currently have host based solutions, but wanted to mitigate the spyware as much as possible prior to hitting the desktop. Thanks again for your reply.

Correct Answer
wyley.johnson Tue, 08/29/2006 - 14:39
User Badges:

There is always the ASA5510 or 5520 appliances with the CSC module that does anti-x (where x= spam, virus, spyware). THe problem with these devices is that you cannot do IPS and Anti-x at the same time. Each one is a seperate module.

jabernstein Tue, 08/29/2006 - 16:57
User Badges:

Thanks for the response. We are actually going to evaluate other solutions.

lmilher_2 Wed, 08/30/2006 - 06:35
User Badges:

Hi, the IPS 5.0 has trendmicro signatures to prevent worms and networks virus in to the lan. The csm module for ASA is other solution to put in the internet gateway like a proxy.

Take care.

mhellman Wed, 08/30/2006 - 07:38
User Badges:
  • Blue, 1500 points or more

What you're talking about is a separate product called ICS (see: http://www.cisco.com/en/US/products/ps6542/products_data_sheet0900aecd8033185b.html).

For a technical review see:

http://www.cisco.com/en/US/products/ps6542/products_white_paper0900aecd8033186b.shtml


The product does not appear to be designed to prevent spyware and adware. In fact, it doesn't even appear to stop worms and virii unless they are NEW and of significant status.



rcerpa Fri, 09/01/2006 - 04:49
User Badges:

I am in a similar situation. Does anyone know where there might be a list of signatures included in the distribution and which ones are enabled by default. I could get them out of our sensors, but I am trying to get a paper done in a hurry to submit to my customer on the 4250 sensors we use.

Actions

This Discussion