Cisco Cisco IPS 4255 Sensor 릴리즈 노트
5
Release Notes for Cisco Intrusion Prevention System 5.1(8)E2
OL-20154-01
New and Changed Information
Note
If you are using these tools to monitor 5.1(8)E2 sensors, add the sensors to the configuration
as if they were 4.1 sensors. You cannot view the new fields in 5.1(8)E2 alerts in these alarm
viewers until they have been upgraded to accommodate the new fields in 5.1(8)E2. Security
Monitor 2.1 is being upgraded to display the fields in 5.1(8)E2 alerts.
as if they were 4.1 sensors. You cannot view the new fields in 5.1(8)E2 alerts in these alarm
viewers until they have been upgraded to accommodate the new fields in 5.1(8)E2. Security
Monitor 2.1 is being upgraded to display the fields in 5.1(8)E2 alerts.
Note
Viewers that are already configured to monitor the 4.x sensors may need to be configured to
accept a new SSL certificate for the 5.1(8)E2 sensors.
accept a new SSL certificate for the 5.1(8)E2 sensors.
For More Information
For the procedure for configuring a new SSL certificate, for the CLI, refer to
, and for
.
New and Changed Information
Cisco IPS 5.1(8)E2 includes the E2 signature engine update and the S339 signature update.
The E2 engine update contains the following new and changed engines:
•
P2P engine—The existing Peer-to-Peer signatures have been organized into a dedicated, optimized
engine that lets the sensor monitor all 65, 536 ports in both the TPC and UDP protocols for
peer-to-peer traffic. The P2P engine is enabled by default and because of the implementation style
of this engine, you cannot create custom P2P signatures.
engine that lets the sensor monitor all 65, 536 ports in both the TPC and UDP protocols for
peer-to-peer traffic. The P2P engine is enabled by default and because of the implementation style
of this engine, you cannot create custom P2P signatures.
•
Fixed Depth All Ports Inspection engine—A series of new engines similar to the String TCP engine
has been developed to provide a more optimized approach to monitoring all ports. The fixed
inspection engines—Fixed TPC, Fixed UDP, and Fixed ICMP—provide monitoring for all ports
(TCP and UDP) by default. They inspect traffic in a stream mode per AaBb tuple to a maximum of
250 bytes in both directions, that is, 250 bytes to service and 250 bytes from service. The service
ports option describes the ports for which you do not want to generate alerts. Inspection still occurs,
but alerts are suppressed for these ports defined per signature.
has been developed to provide a more optimized approach to monitoring all ports. The fixed
inspection engines—Fixed TPC, Fixed UDP, and Fixed ICMP—provide monitoring for all ports
(TCP and UDP) by default. They inspect traffic in a stream mode per AaBb tuple to a maximum of
250 bytes in both directions, that is, 250 bytes to service and 250 bytes from service. The service
ports option describes the ports for which you do not want to generate alerts. Inspection still occurs,
but alerts are suppressed for these ports defined per signature.
•
Service Generic engine—This engine has been enhanced to support TCP stream processing, which
lets the Cisco signature team provide increased, higher fidelity support for protocol analysis
signatures when a dedicated engine does not already exist.
lets the Cisco signature team provide increased, higher fidelity support for protocol analysis
signatures when a dedicated engine does not already exist.
•
Meta engine—The Meta engine now uses an OR operator and nesting, which allows complex
AND/OR combination to be used in the Meta signature logic.
AND/OR combination to be used in the Meta signature logic.
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.