05-09-2010 07:33 AM - edited 03-10-2019 04:59 AM
dear experts,
are the content filtering & application inspection some of the IPS functions?
in other words, what are the differences between the functions of the IPS and the content filtering ?
also the differences between the functions of the IPS and application inspection?
because when i've read these topics get confused with the differences between the IPS and both of the other...
thanks for your reply
makar
05-09-2010 04:06 PM
Assuming that you are looking for the difference between the CSC module (Content Security) module, and AIP module (IPS module) on ASA, here is the difference:
CSC module:
- More or less like an Anti Virus/Anti Spyware module.
- Instead of sofware installed on your hosts, it's a anti virus network module that sits in your network.
- It only supports the inspection of the following protocols: SMTP, POP3, FTP and HTTP
- It can scan, filter, and block the above protocols as it traverses through your network.
- Here is a more detailed explaination of CSC module for your reference:
AIP module:
- It's just like normal IPS device - signature based with thousands of signature prebuilt into the device.
- It is not limited to the above 4 protocols. It supports detection and prevention of much more protocols.
- It protects agains worms, trojans, viruses, distributed denial of service attacks, reconnaissance, and attacks against operating system and application vulnerabilities.
- It can be configured either in promiscuous mode or inline mode.
- Here is a more detailed explaination of AIP module for your reference:
Hope that helps.
05-09-2010 04:12 PM
With application inspection on ASA firewall, it is more to inspect complex protocols and dynamically allow or dynamically inspect deep into the packet and modify the packet if necessary.
For example:
- FTP inspection: on access-list, you would need to allow the FTP control connection (ie: TCP/21), and FTP data will automatically be opened once the firewall inspects deep down into the FTP control session, and check which FTP data port the client and server negotiated it to be.
Here is a more detailed explaination of ASA inspection engine and its functions:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide