Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ACE IPS and Cisco ASA AIP-SSM (IPS)

Is there any difference between the functionality provided by the Cisco ACE IPS and Cisco ASA AIP-SSM (IPS) features ?.

Can one do without Cisco ASA AIP-SSM (IPS) by 'only' configuring/implementing Cisco ACE IPS.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco ACE IPS and Cisco ASA AIP-SSM (IPS)

The Cisco AVS/ACE focus on provisioning and securing web-based applications. The IPS does not focus on just web-applications and tries to secure multiple layers of the OSI stack. Consider the IPS like a general physician and the ACE/AVS like a eye surgeon or something :)

Here is the answer from Cisco itself:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

Q. How is the Cisco AVS Web Application Firewall different from an intrusion prevention system (IPS)?

A. IPSs are solid solutions for protecting against attacks targeted at known vulnerabilities in major platforms such as Windows, Solaris, Apache, or Microsoft Internet Information Services (IIS). Cisco AVS excels at protecting against attacks targeted at business applications or Websites. These applications might be software vendor-built applications or in-house custom applications. Security patches and signatures are typically not available for these types of applications, and building these levels of security into each application would be nearly impossible.

Q. How is the Cisco AVS Web Application Firewall different from a network firewall?

A. The Cisco AVS 3120 and network firewalls such as the Cisco PIX® Firewall and Cisco ASA 5500 Series Adaptive Security Appliances are complementary products. The Cisco AVS Web Application Firewall secures Web-based applications; network firewalls excel at securing networks; and the Cisco AVS provides defense in depth for Web applications.

Network firewalls enforce policy on networks, IP addresses, and ports; they have a broad set of application layer features for many different protocols. The firewall can and will be deployed in many locations, including branch, network edge, enterprise edge, etc. The Cisco AVS enforces policy on HTTP data such as URLs, headers, and parameters. The Cisco AVS is deployed only in the data center in front of Web applications

Regards

Farrukh

1 REPLY

Re: Cisco ACE IPS and Cisco ASA AIP-SSM (IPS)

The Cisco AVS/ACE focus on provisioning and securing web-based applications. The IPS does not focus on just web-applications and tries to secure multiple layers of the OSI stack. Consider the IPS like a general physician and the ACE/AVS like a eye surgeon or something :)

Here is the answer from Cisco itself:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

Q. How is the Cisco AVS Web Application Firewall different from an intrusion prevention system (IPS)?

A. IPSs are solid solutions for protecting against attacks targeted at known vulnerabilities in major platforms such as Windows, Solaris, Apache, or Microsoft Internet Information Services (IIS). Cisco AVS excels at protecting against attacks targeted at business applications or Websites. These applications might be software vendor-built applications or in-house custom applications. Security patches and signatures are typically not available for these types of applications, and building these levels of security into each application would be nearly impossible.

Q. How is the Cisco AVS Web Application Firewall different from a network firewall?

A. The Cisco AVS 3120 and network firewalls such as the Cisco PIX® Firewall and Cisco ASA 5500 Series Adaptive Security Appliances are complementary products. The Cisco AVS Web Application Firewall secures Web-based applications; network firewalls excel at securing networks; and the Cisco AVS provides defense in depth for Web applications.

Network firewalls enforce policy on networks, IP addresses, and ports; they have a broad set of application layer features for many different protocols. The firewall can and will be deployed in many locations, including branch, network edge, enterprise edge, etc. The Cisco AVS enforces policy on HTTP data such as URLs, headers, and parameters. The Cisco AVS is deployed only in the data center in front of Web applications

Regards

Farrukh

1169
Views
0
Helpful
1
Replies