Cisco Systems ISA550 Manual De Usuario
Security Services
Configuring Intrusion Prevention
Cisco ISA500 Series Integrated Security Appliances Administration Guide
321
7
Configuring Intrusion Prevention
Intrusion Prevention System (IPS) is a network-based platform that inspects
network traffic for malicious or unwanted activity such as worms, spyware, and
policy violations. When IPS detects a threat, it reacts in real-time by taking actions
such as blocking or dropping connections, logging the detected activities, and
sending notifications about these activities. You can use the default actions for
each signature or customize the actions to suit your requirements.
network traffic for malicious or unwanted activity such as worms, spyware, and
policy violations. When IPS detects a threat, it reacts in real-time by taking actions
such as blocking or dropping connections, logging the detected activities, and
sending notifications about these activities. You can use the default actions for
each signature or customize the actions to suit your requirements.
IMPORTANT: IPS uses signatures to identify the attacks in progress. You must
update the IPS signatures frequently to keep the protection current. See
update the IPS signatures frequently to keep the protection current. See
After setting up IPS, you have these options for monitoring the activity:
•
Enable the IPS report from the Security Services > Security Services
Reports page or from the Status > Security Services Reports page to see
the number of packets detected and the number of packets dropped by
IPS. See
Reports page or from the Status > Security Services Reports page to see
the number of packets detected and the number of packets dropped by
IPS. See
•
Enable the IPS Alert feature to send an alert email to a specified email
address if an attack is detected by IPS. See
address if an attack is detected by IPS. See
.
NOTE
You must install licenses on the License Management page before you can
configure IPS.
configure IPS.
STEP 1
Click Security Services > Intrusion Prevention (IPS) > IPS Policy and Protocol
Inspection.
Inspection.
The IPS Policy and Protocol Inspection window opens.
STEP 2
At the top of the page, enable or disable IPS by clicking On or Off.
STEP 3
In the Zone area, chose the zones to be inspected. IPS inspects inter-zone traffic
only.
only.
•
To add a zone: In the Zones Available list, click a zone, and then click Add to
move it to the Selected Zones list. All incoming and outgoing traffic for the
selected zones is inspected.
move it to the Selected Zones list. All incoming and outgoing traffic for the
selected zones is inspected.
•
To remove a zone: In the Selected Zones list, click a zone, and then click
Remove to move it to the Zones Available list.
Remove to move it to the Zones Available list.