Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
3
Helpful
2
Replies

Difference between IPS ver4.x and version 5.x

gmaccisco1
Level 1
Level 1

‎11-25-2006 09:40 AM - edited ‎03-10-2019 03:20 AM

Hi,

can someone please tell me the advantage of IPS version 5.x over the 4.x version?

I assume it is still signature based just like 4.x and still difficult to see whatthe signature is looking for on the fly when you need to do so, just like the SNORT.

the fact that I cannot see what the signature is looking for is bothering us but may be I don't know how it works.

Thx,

Masood

Labels:
0 Helpful
2 Replies 2

edadios
Cisco Employee
Cisco Employee

‎11-25-2006 07:02 PM

IPS version 5.X is signature based like IDS version 4.

Information about the IPS Version 5.1 Sensor Software can be found at http://www.cisco.com/go/ips.

The end of signature updates for IDS 4 version software has passed, please see here for more details.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps4077/prod_eol_notice0900aecd803b6598.html

So you should be using IPS 5.X now.

It would be easier for you to use IDM to check what the signatures look like. The documentation for that is here :

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/index.htm

On the same area, you would see more documentation about what the signatures engine's capabilities are :

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmsgeng.htm

If you are familiar with regular expressions, then you would understand what the signatures are looking for using IDM, for most signatures.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swappa.htm#wp787101

I hope this information helps you.

0 Helpful

mhellman
Level 7
Level 7

‎11-27-2006 06:06 AM

They are both signature based. IPS 4.x is no longer supported by Cisco(no more sig updates), so comparing the two is probably pointless.

You can look at the signatures pretty easily in 5.x. The Cisco documentation about the various settings are not very detailed and some (dare I say many) of the regular expressions are hidden. However, you can look at the signatures and you will probably find them much easier to understand than Snort (mostly because it is a GUI with drop-down boxes, etc).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card