Cisco Cisco IPS 4255 Sensor White Paper

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com

Page 7 of 8

Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

European Headquarters
Cisco Systems International
BV
Haarlerbergpark
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
www-europe.cisco.com
Tel: 31 0 20 357 1000
Fax: 31 0 20 357 1100

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883

Asia Pacific Headquarters
Cisco Systems, Inc.
168 Robinson Road
#28-01 Capital Tower
Singapore 068912
www.cisco.com
Tel: +65 6317 7777
Fax: +65 6317 7799

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on

the Cisco Web site at

www.cisco.com/go/offices

Argentina  •  Australia  •  Austria  •  Belgium  •  Brazil  •  Bulgaria  •  Canada  •  Chile  •  China  PRC  •  Colombia  •  Costa  Rica  •  Croatia  •  Cyprus
Czech Republic  •  Denmark  •  Dubai,  UAE  •  Finland  •  France  • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland
Israel  •  Italy  •  Japan  •  Korea  •  Luxembourg  •  Malaysia  •  Mexico  •  The  Netherlands  •  New  Zealand  •  Norway  •  Peru  •  Philippines  •  Poland
Portugal  •  Puerto  Rico  •  Romania  •  Russia  •  Saudi  Arabia  •  Scotland  •  Singapore  •  Slovakia  •  Slovenia  •  South  Africa  •  Spain  •  Sweden
Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

are registered trademarks of Cisco Systems, Inc. and/or its affiliates

in the United States and certain other countries.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0410R)

204107_ETMG_MH_11.04

Printed in the USA

Other Features Supported by the H323/H225 Engine in Cisco IPS v5.0 Sensor Software

•

Built-in support for the inspection of fragmented H.225 messages across TPKTs, and the presence of multiple H.225 messages in the same TPKT.

All in all, the IPS H.225 engine helps the network administrator ensure that the SETUP message coming into the VoIP network is valid and within

the bounds of the installed policies. It also helps ensure that the addresses and Q.931 string fields like URL IDs, e-mail IDs, and display information

adhere to specific lengths and do not have possible attack patterns in them.

With the inbuilt signatures for TPKT validation, Q.931 protocol validation, and ASN.1PER validations for the H.225 SETUP message, the IPS

H.225 engine is ready to be used right out of the box. The Q.931 and TPKT length signatures are tunable by the user to easily accommodate the

needs of the protocol implementation. Also, it is flexible enough to be able to add and apply detailed signatures on specific H.225 protocol fields and

to apply multiple pattern search signatures of a single field in the Q.931 or H.225 protocol.

In summary, with the increased dependence on VoIP applications in today’s networks, businesses are evermore exposed to threats that specifically

target voice protocols and VoIP infrastructure. Attacks are expected to become increasingly sophisticated and attack tools more widely accessible.

The effects of such attacks generally lead to disruption of VoIP services that invariably result in loss of revenue. In order to maintain business

continuity and maximize up time of critical VoIP applications, Cisco IPS v 5.0 Sensor Software delivers a comprehensive implementation of a

H323/H225 Engine that accurately classifies VoIP threats and stops such attacks through a variety of automated inline IPS response actions.