Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1459
Views
0
Helpful
1
Replies

Cisco ACE IPS and Cisco ASA AIP-SSM (IPS)

Go to solution
cisco_realm
Level 1
Level 1

‎08-06-2008 04:56 AM - edited ‎03-10-2019 04:14 AM

Is there any difference between the functionality provided by the Cisco ACE IPS and Cisco ASA AIP-SSM (IPS) features ?.

Can one do without Cisco ASA AIP-SSM (IPS) by 'only' configuring/implementing Cisco ACE IPS.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-06-2008 06:00 AM

The Cisco AVS/ACE focus on provisioning and securing web-based applications. The IPS does not focus on just web-applications and tries to secure multiple layers of the OSI stack. Consider the IPS like a general physician and the ACE/AVS like a eye surgeon or something :)

Here is the answer from Cisco itself:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

Q. How is the Cisco AVS Web Application Firewall different from an intrusion prevention system (IPS)?

A. IPSs are solid solutions for protecting against attacks targeted at known vulnerabilities in major platforms such as Windows, Solaris, Apache, or Microsoft Internet Information Services (IIS). Cisco AVS excels at protecting against attacks targeted at business applications or Websites. These applications might be software vendor-built applications or in-house custom applications. Security patches and signatures are typically not available for these types of applications, and building these levels of security into each application would be nearly impossible.

Q. How is the Cisco AVS Web Application Firewall different from a network firewall?

A. The Cisco AVS 3120 and network firewalls such as the Cisco PIX® Firewall and Cisco ASA 5500 Series Adaptive Security Appliances are complementary products. The Cisco AVS Web Application Firewall secures Web-based applications; network firewalls excel at securing networks; and the Cisco AVS provides defense in depth for Web applications.

Network firewalls enforce policy on networks, IP addresses, and ports; they have a broad set of application layer features for many different protocols. The firewall can and will be deployed in many locations, including branch, network edge, enterprise edge, etc. The Cisco AVS enforces policy on HTTP data such as URLs, headers, and parameters. The Cisco AVS is deployed only in the data center in front of Web applications

Regards

Farrukh

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-06-2008 06:00 AM

The Cisco AVS/ACE focus on provisioning and securing web-based applications. The IPS does not focus on just web-applications and tries to secure multiple layers of the OSI stack. Consider the IPS like a general physician and the ACE/AVS like a eye surgeon or something :)

Here is the answer from Cisco itself:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

Q. How is the Cisco AVS Web Application Firewall different from an intrusion prevention system (IPS)?

A. IPSs are solid solutions for protecting against attacks targeted at known vulnerabilities in major platforms such as Windows, Solaris, Apache, or Microsoft Internet Information Services (IIS). Cisco AVS excels at protecting against attacks targeted at business applications or Websites. These applications might be software vendor-built applications or in-house custom applications. Security patches and signatures are typically not available for these types of applications, and building these levels of security into each application would be nearly impossible.

Q. How is the Cisco AVS Web Application Firewall different from a network firewall?

A. The Cisco AVS 3120 and network firewalls such as the Cisco PIX® Firewall and Cisco ASA 5500 Series Adaptive Security Appliances are complementary products. The Cisco AVS Web Application Firewall secures Web-based applications; network firewalls excel at securing networks; and the Cisco AVS provides defense in depth for Web applications.

Network firewalls enforce policy on networks, IP addresses, and ports; they have a broad set of application layer features for many different protocols. The firewall can and will be deployed in many locations, including branch, network edge, enterprise edge, etc. The Cisco AVS enforces policy on HTTP data such as URLs, headers, and parameters. The Cisco AVS is deployed only in the data center in front of Web applications

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card