How conclusive is the packet scanning used by Cicso IPS? Would I be correct in suggesting that no uploaded file scan is required by the receiving server application if the packets passed through the IPS? Can viruses be properly detected piece meal (e.g. in packets) or, to ensure all known viruses are caught, do I again need to run virus software on the entire file?
It has been suggested to me via a hosting company that the packet scanning for virus signatures within CISCO IPS was an effective measure for detecting malicious file uploads. What I'm taking away from you response is that it is not one of it's primary objectives or an effective one either.
I agree. It may stop some network worms that rely on buffer overflows to infect their target hosts, but you don't typically have ports open on the edge of your network that would allow that traffic to pass anyway. Maybe its helpful stopping some spyware/adware downloaded via malicious java applets, vbscript, and images - but that is also better stopped by strict policies on your machines.
Basically the IPS is good for recognizing and stopping network intrusions and in some cases extrusions. However if one of your users is uploading or downloading a malicious or confidential file over https/ssl, the IPS won't be able to see it anyway.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :