IDS as you already know Intrusion Detection System and IPS (Intrusion Prevention System).
Basic difference, IDS will only alert you, IPS will alert as well as protect you. IDS was a part of earlier IOS lower than 12.3(8)T ones, if i remeber correctly. Which could only scan for signature from packets and send a log/alert to syslog on mamagement console.
Cisco's moving towards IPS on IOS devices on and after 12.3(8)T, go for it.
IPS, prevents the attack,basically can take three action :
-Reset : Resets TCP session
-Drop : Drop the packet altogether.
IPS does an Inline scan. Looks into each packet on parralel basis, i.e. they have something called SME's(Signature Micro Engine), categorized on protocol basis mailny, i.e., like we have many HTTP type attacks, so one SME will cover all type of HTTP signature and will check every packet in parralel to find a match in any signature for HTTP SME. This is how it works.
In IPS we can send logs to syslog, or via POP or as preffered SDEE(Security Decive Event Excahnge)
Mainly in IPS, S in abbreviation is either security or signature.
I sometimes get cofussed, well thats another part.
Seach for few abbreviated terms that I mentioned above on Cisco, you'll find lot of detail. I am also learing it.
thanks alot friend, it was really helpful for me but one thing else.... i have an IDS and i want to move to IPS so are there any way that i will change my IDS to the IPS and what is the requirment to that? also let say that i want to block the intrusion from a 1 network or a host what should i do to do that with IDS? shall i use SHUN or what can you provide me with this info plzz ?
Which product are you using Cisco Router? If you are I may help you, but right now as I said previously, I am too learning IPS stuff. On Cisco Router IPS starts from IOS 12.3(8)T, I read some where that it has backward compatibility with IDS, never tested it though... Once you move to any IOS version that supports IPS, its actually pretty easy to configure, apply IPS on outbound/inbound your wish. And yes, rather than I telling you commands, pick up Cisco press's SNRS guide they have all what it takes to implement IPS on Router (and in deepest detail, but enough to kick start). Cisco pulishes new definations every 2 weeks at :
get the latest signatures, apply on router, you just need to decide whether you want to reset, drop or alert, when signature pattern matches, its recommended to use reset and drop when signature pattern matches, but it may differ, according to your requirement. :)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :