Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

are the content filtering & application inspection some of the IPS functions?

dear experts,

are the content filtering & application inspection some of the IPS functions?

in other words, what are the differences between the functions of the IPS and the content filtering ?

also the differences between the functions of the IPS and application inspection?

because when i've read these topics get confused with the differences between the IPS and both of the other...

thanks for your reply

makar

2 REPLIES
Cisco Employee

Re: are the content filtering & application inspection some of t

Assuming that you are looking for the difference between the CSC module (Content Security) module, and AIP module (IPS module) on ASA, here is the difference:

CSC module:

- More or less like an Anti Virus/Anti Spyware module.

- Instead of sofware installed on your hosts, it's a anti virus network module that sits in your network.

- It only supports the inspection of the following protocols: SMTP, POP3, FTP and HTTP

- It can scan, filter, and block the above protocols as it traverses through your network.

- Here is a more detailed explaination of CSC module for your reference:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

AIP module:

- It's just like normal IPS device - signature based with thousands of signature prebuilt into the device.

- It is not limited to the above 4 protocols. It supports detection and prevention of much more protocols.

- It protects agains worms, trojans, viruses, distributed denial of service attacks, reconnaissance, and attacks against operating system and application vulnerabilities.

- It can be configured either in promiscuous mode or inline mode.

- Here is a more detailed explaination of AIP module for your reference:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

Hope that helps.

Cisco Employee

Re: are the content filtering & application inspection some of t

With application inspection on ASA firewall, it is more to inspect complex protocols and dynamically allow or dynamically inspect deep into the packet and modify the packet if necessary.

For example:

- FTP inspection: on access-list, you would need to allow the FTP control connection (ie: TCP/21), and FTP data will automatically be opened once the firewall inspects deep down into the FTP control session, and check which FTP data port the client and server negotiated it to be.

Here is a more detailed explaination of ASA inspection engine and its functions:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html

315
Views
0
Helpful
2
Replies
CreatePlease to create content