Cisco Cisco IOS Software Release 12.4(15)T
Cisco IOS IPS Support for Microsoft Engines
Information About Cisco IOS IPS Support for Microsoft Engines
2
Cisco IOS Release 12.4(15)T
Information About Cisco IOS IPS Support for Microsoft Engines
Before using IPS, you should understand the following concept:
•
Cisco IOS IPS Overview
The Cisco IOS IPS acts as an in-line intrusion prevention sensor, watching packets and sessions as they
flow through the router and scanning each packet to match any of the Cisco IOS IPS signatures. When
it detects suspicious activity, it responds before network security can be compromised and logs the event
through Cisco IOS syslog messages or Security Device Event Exchange (SDEE). The network
administrator can configure Cisco IOS IPS to choose the appropriate response to various threats. The
Signature Event Action Processor (SEAP) can dynamically control actions that are to be taken by a
signature event on the basis of parameters such as fidelity, severity, or target value rating. These
parameters have default values but can also be configured via CLI. When packets in a session match a
signature, Cisco IOS IPS can take any of the following actions, as appropriate:
flow through the router and scanning each packet to match any of the Cisco IOS IPS signatures. When
it detects suspicious activity, it responds before network security can be compromised and logs the event
through Cisco IOS syslog messages or Security Device Event Exchange (SDEE). The network
administrator can configure Cisco IOS IPS to choose the appropriate response to various threats. The
Signature Event Action Processor (SEAP) can dynamically control actions that are to be taken by a
signature event on the basis of parameters such as fidelity, severity, or target value rating. These
parameters have default values but can also be configured via CLI. When packets in a session match a
signature, Cisco IOS IPS can take any of the following actions, as appropriate:
•
Send an alarm to a syslog server or a centralized management interface
•
Drop the packet
•
Reset the connection
•
Deny traffic from the source IP address of the attacker for a specified amount of time
•
Deny traffic on the connection for which the signature was seen for a specified amount of time
Cisco developed its Cisco IOS software-based intrusion-prevention capabilities and Cisco IOS Firewall
with flexibility in mind, so that individual signatures could be disabled in case of false positives.
Generally, it is preferable to enable both the firewall and Cisco IOS IPS to support network security
policies. However, each of these features may be enabled independently and on different router
interfaces.
with flexibility in mind, so that individual signatures could be disabled in case of false positives.
Generally, it is preferable to enable both the firewall and Cisco IOS IPS to support network security
policies. However, each of these features may be enabled independently and on different router
interfaces.
How to Use Cisco IOS IPS
The addition of the MSRPC and MSB protocol support does not change the way in which Cisco IOS IPS
is defined and enabled in your network. For information on how to enable IPS on your network via
command-line interface (CLI), see the section “
is defined and enabled in your network. For information on how to enable IPS on your network via
command-line interface (CLI), see the section “
” within the document
.
Configuration Examples for Cisco IOS IPS
This section contains the following example:
•