Cisco Cisco Integrated Services Routers Intrusion Prevention System Module Guía De Información
Q&A
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 1
Cisco Intrusion Prevention System Modules for the Cisco Integrated
Services Routers
Services Routers
General
Q.
What are the Cisco
®
Intrusion Prevention System (IPS) modules for the integrated services routers?
A.
There are two IPS modules for the integrated services routers -- the Cisco Intrusion Prevention System
Advanced Integration Module (IPS AIM) and the Intrusion Prevention System Network Module Enhanced (IPS
NME). They are part of the Cisco IPS Sensor portfolio. Both modules provide dedicated CPU and memory to
offload inline and promiscuous intrusion protection processing. The modules run the Cisco IPS Sensor Software
to provide feature parity with Cisco IPS 4200 Series Sensors and Cisco ASA 5500 Series Adaptive Security
Appliances. The Cisco IPS AIM is supported in the Cisco 1841 and Cisco 2800 and 3800 Series and the IPS
NME is supported in the Cisco 2811, 2821, 2851, 2911, 2921, 2951 and Cisco 3800 and 3900 Series Integrated
Services Routers.
Q.
Why do I need intrusion prevention at the branch office if it is already being implemented at my company
headquarters?
A.
With the movement toward any-to-any communications topologies for corporate WANs, not all traffic must
traverse the data center when going from branch office to branch office. Also, branch offices are vulnerable to
the introduction of worms and viruses. With IPS implemented at a branch office, attacks are identified and
resolved at the edge of the network, before they can spread throughout the enterprise. A worm that spreads
through the internal network before getting to the core IPS can cause a denial of service (DoS) on the core IPS.
Q.
What are the most typical deployment scenarios for the Cisco IPS modules?
A.
The most common deployment scenarios are to protect the WAN link and corporate offices and to protect
servers at remote sites. Whether it is a private or public connection, the WAN link is vulnerable to threats
introduced at the branch office. With IPS implemented at the branch office, you can mitigate attacks at the WAN
edge before they propagate to other parts of the network. Similarly, servers at remote sites often contain data as
valuable as the data at servers at the corporate data center. Isolating threats before they attack these servers
protects that data from compromise. Finally, commercial and small and medium-sized businesses (SMBs) can
benefit from the Cisco IPS AIM in their Internet routers to add protection to their main network.
Q.
What type of branch office is best suited to take advantage of IPS?
A.
Virtually any branch office can benefit from IPS. Branch offices most at risk are those with no corporate IT staff,
where the branch-office or store manager focuses on running the business rather than enforcing corporate IT
policies.
Q.
What are the part numbers of the Cisco IPS AIM and IPS NME?
A.
The part number of the Cisco IPS AIM is AIM-IPS-K9 and the part number of the Cisco IPS NME is NME-IPS-
K9.
Q.
What platforms support the Cisco IPS AIM?
A.
The Cisco IPS AIM is supported on the Cisco 1841 and Cisco 2800 and 3800 Series. Although it is an AIM, it is
not supported in older platforms with AIM slots, such as the Cisco 2600 Multiservice Platforms and Cisco 3700
Series Multiservice Access Routers. Installation in these platforms may cause irreversible damage to the card
and the platform.