Cisco Cisco IPS 4255 Sensor Notas de publicación
5
Release Notes for Cisco Intrusion Prevention System 6.0(5)E2
OL-16987-01
Cisco Security Intelligence Operations
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
New and Changed Information
Cisco IPS 6.0(5)E2 includes the following new features:
•
The S339 signature update is a built in to the E2 engine update. You cannot download S399
separately.
separately.
•
The E2 engine update contains the following new and changed engines:
–
P2P engine—The existing Peer-to-Peer signatures have been organized in to a dedicated,
optimized engine that lets the sensor monitor all 65, 536 ports in both the TPC and UDP
protocols for peer-to-peer traffic. The P2P engine is enabled by default and because of the
implementation style of this engine, you cannot create custom P2P signatures.
optimized engine that lets the sensor monitor all 65, 536 ports in both the TPC and UDP
protocols for peer-to-peer traffic. The P2P engine is enabled by default and because of the
implementation style of this engine, you cannot create custom P2P signatures.
–
Fixed Depth All Ports Inspection engine—A series of new engines similar to the String TCP
engine has been developed to provide a more optimized approach to monitoring all ports. The
fixed inspection engines—Fixed TPC, Fixed UDP, and Fixed ICMP—provide monitoring for all
ports (TCP and UDP) by default. They inspect traffic in a stream mode per AaBb tuple to a
maximum of 250 bytes in both directions, that is, 250 bytes to service and 250 bytes from
service. The service ports option describes the ports for which you do not want to generate
alerts. Inspection still occurs, but alerts are suppressed for these ports defined per signature.
engine has been developed to provide a more optimized approach to monitoring all ports. The
fixed inspection engines—Fixed TPC, Fixed UDP, and Fixed ICMP—provide monitoring for all
ports (TCP and UDP) by default. They inspect traffic in a stream mode per AaBb tuple to a
maximum of 250 bytes in both directions, that is, 250 bytes to service and 250 bytes from
service. The service ports option describes the ports for which you do not want to generate
alerts. Inspection still occurs, but alerts are suppressed for these ports defined per signature.
–
Service Generic engine—This engine has been enhanced to support TCP stream processing,
which lets the Cisco signature team provide increased, higher fidelity support for protocol
analysis signatures when a dedicated engine does not already exist.
which lets the Cisco signature team provide increased, higher fidelity support for protocol
analysis signatures when a dedicated engine does not already exist.
–
Meta engine—The Meta engine now uses an OR operator and nesting, which allows complex
AND/OR combination to be used in the Meta signature logic.
AND/OR combination to be used in the Meta signature logic.
•
Support for unauthenticated NTP, which you can configure using IDM or the CLI.
To configure using IDM, choose Configuration > Sensor Setup > Time, and click the
Unauthenticated NTP radio button.
Unauthenticated NTP radio button.
To configure using the CLI, use the following commands:
sensor# configure terminal