Cisco Cisco IPS 4255 Sensor 릴리즈 노트
5
Release Notes for Cisco Intrusion Prevention System Manager Express 7.2.5
OL-30817-01
New and Changed Information
–
Configuration > sensor_name > Policies > Signature Definitions > sig0
Right-click the signature instance to apply, remove, replace templates, and delete signature
instances. You can identify the threat profile on the bottom pane and mouse-over on the
signature instance, which shows the threat profile name, profile version, signature version, and
virtual sensor assignment.
instances. You can identify the threat profile on the bottom pane and mouse-over on the
signature instance, which shows the threat profile name, profile version, signature version, and
virtual sensor assignment.
–
Configuration > sensor_name > Policies > Signature Definitions > sig0 > All Signatures >
Threat Profile
Threat Profile
Apply/replace/delete threat profiles here.
–
Configuration > sensor_name > Policies > IPS Policies
You can identify the threat profile for the virtual sensor.
–
Edit Virtual Sensor
You can identify the threat profile and can create a new signature instance with a threat profile.
–
Threat profiles provide Cisco-recommended set of signatures for different deployment profiles:
Edge, Data Center, Web Applications, and SCADA.
Edge, Data Center, Web Applications, and SCADA.
–
Threat profiles are delivered along with signature sets as a part of signature updates; your
tunings are retained.
tunings are retained.
•
Link Aggregation Control Protocol (LACP) support for the IPS 4500 series sensors:
–
Provides scalability with an aggregate throughput of 80 Gbps with 16 sensors connected in a
port channel.
port channel.
–
Helps the switch to detect the IPS failures faster and redistribute the traffic among other
members of the port channel.
members of the port channel.
–
Configuration > Interfaces > LACP
You can configure LACP here. You must have inline VLAN pairs configured first on your sensor
and LACP configured on a Cisco Nexus 7K or Catalyst 6K switch.
and LACP configured on a Cisco Nexus 7K or Catalyst 6K switch.
–
Sensor Monitoring > sensor_name > LACP > LACP Neighbor
You can view the LACP neighbors with the system details.
–
Sensor Monitoring > sensor_name > LACP > LACP Internal
You can view the LACP internals with their system details.
•
Improved and stable SMB Advanced signature engine:
–
Enhanced inspection for MSRPC request handling code execution vulnerability
–
Support for Big-endian MSPRC traffic
–
Multiple DCE-RPC requests in single WriteAndX command
–
SMB AndX command with wordcount 0
–
SMB Predator Decoy trees evasion
–
Buffer overflow attempt to exploit the call_trans2open function of Samba
–
Evasion with small RPC segments in conjunction with window resizing
•
Base64 decoding support for HTTP traffic:
–
Inspection capability improvement with cross site scripting (XSS)
–
Prevents client-side exploits by inspecting Base64 encoded data
–
Decodes the HTML, CSS, and XML Base64 encoded data carried in the HTTP response payload