Cisco Cisco IPS 4255 Sensor 릴리즈 노트
5
Release Notes for Cisco Intrusion Prevention System 6.0(6)E4
OL-21669-01
Cisco Security Intelligence Operations
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
New and Changed Information
Cisco IPS 6.0(6)E4 includes the new E4 signature engine.
The E4 signature engine update includes signature update 480, which is not available for separate
download. The E4 signature engine update contains the following new features:
download. The E4 signature engine update contains the following new features:
•
Port-agnostic HTTP inspection
The IPS now allows inspection of HTTP on any port. The Service HTTP engine now contains a
parameter (ALLPORTS) that aids you in configuring inspection of HTTP on any port.
parameter (ALLPORTS) that aids you in configuring inspection of HTTP on any port.
•
Meta engine enhancements
The purpose of the Meta engine is to detect a specified payload from an attacker and a corresponding
payload from the victim. It is also used to inspect streams at different offsets. The Meta engine
supports the AND and OR logical operators. ANDNOT capability has been added to the Meta
engine. This clause is a negative clause used to complement the existing positive clause-based
signatures. The previous signature format had the following form:
payload from the victim. It is also used to inspect streams at different offsets. The Meta engine
supports the AND and OR logical operators. ANDNOT capability has been added to the Meta
engine. This clause is a negative clause used to complement the existing positive clause-based
signatures. The previous signature format had the following form:
IF (A and B and C) then Alarm; alternatively, IF (A or B or C) then Alarm is also
supported; where A, B, and C are meta component signatures.
The addition of the negative clause allows for the following logic:
IF (A and/or B) AND NOT (C and/or D) then Alarm.
The (C and/or D) is the negative clause and is satisfied if (C and D) [alternatively (C or D)] do not
occur before the Meta Reset Interval time expires.
occur before the Meta Reset Interval time expires.
A component of the positive clause must occur before the negative clause(s) to establish the Meta
tracking state. The Meta engine cannot track the lack of past behavior.The state of the negative
clause is evaluated when the Meta Reset Interval time expires.
tracking state. The Meta engine cannot track the lack of past behavior.The state of the negative
clause is evaluated when the Meta Reset Interval time expires.