Cisco Cisco IPS 4255 Sensor Libro blanco
© 2004 Cisco Systems, Inc. All right reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 7 of 8
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-4000
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
European Headquarters
Cisco Systems International
BV
Haarlerbergpark
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
www-europe.cisco.com
Tel: 31 0 20 357 1000
Fax: 31 0 20 357 1100
Cisco Systems International
BV
Haarlerbergpark
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
www-europe.cisco.com
Tel: 31 0 20 357 1000
Fax: 31 0 20 357 1100
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems, Inc.
168 Robinson Road
#28-01 Capital Tower
Singapore 068912
www.cisco.com
Tel: +65 6317 7777
Fax: +65 6317 7799
Cisco Systems, Inc.
168 Robinson Road
#28-01 Capital Tower
Singapore 068912
www.cisco.com
Tel: +65 6317 7777
Fax: +65 6317 7799
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Cyprus
Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland
Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland
Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden
Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland
Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland
Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden
Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright 2004 Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, and the Cisco Systems logo
are registered trademarks of Cisco Systems, Inc. and/or its affiliates
in the United States and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0410R)
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0410R)
204107_ETMG_MH_11.04
Printed in the USA
Other Features Supported by the H323/H225 Engine in Cisco IPS v5.0 Sensor Software
•
Built-in support for the inspection of fragmented H.225 messages across TPKTs, and the presence of multiple H.225 messages in the same TPKT.
All in all, the IPS H.225 engine helps the network administrator ensure that the SETUP message coming into the VoIP network is valid and within
the bounds of the installed policies. It also helps ensure that the addresses and Q.931 string fields like URL IDs, e-mail IDs, and display information
adhere to specific lengths and do not have possible attack patterns in them.
With the inbuilt signatures for TPKT validation, Q.931 protocol validation, and ASN.1PER validations for the H.225 SETUP message, the IPS
H.225 engine is ready to be used right out of the box. The Q.931 and TPKT length signatures are tunable by the user to easily accommodate the
needs of the protocol implementation. Also, it is flexible enough to be able to add and apply detailed signatures on specific H.225 protocol fields and
to apply multiple pattern search signatures of a single field in the Q.931 or H.225 protocol.
In summary, with the increased dependence on VoIP applications in today’s networks, businesses are evermore exposed to threats that specifically
target voice protocols and VoIP infrastructure. Attacks are expected to become increasingly sophisticated and attack tools more widely accessible.
The effects of such attacks generally lead to disruption of VoIP services that invariably result in loss of revenue. In order to maintain business
continuity and maximize up time of critical VoIP applications, Cisco IPS v 5.0 Sensor Software delivers a comprehensive implementation of a
H323/H225 Engine that accurately classifies VoIP threats and stops such attacks through a variety of automated inline IPS response actions.