Cisco Cisco IPS 4255 Sensor
5
Release Notes for Cisco Intrusion Prevention System 6.0(4a)E1
OL-8872-02
Cisco Security Intelligence Operations
•
IEV 5.2
•
CSM 4.0
Note
Viewers that are already configured to monitor the 5.x sensors may need to be configured to
accept a new SSL certificate for the 6.0(4a)E1 sensors.
accept a new SSL certificate for the 6.0(4a)E1 sensors.
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
New and Changed Information
Cisco IPS 6.0(4a)E1 includes the following new features and hardware platforms:
•
S317 signature update
•
Intrusion Prevention System Advanced Integration Module (AIM IPS)
•
Inline asymmetric traffic
Analysis Engine now allows asymmetric traffic to be tracked and analyzed using a relaxed
normalization process rather than the standard normalization process.
normalization process rather than the standard normalization process.
You can now configure inline interface mode in situations where the Normalizer engine normally
blocks or delays traffic because of the strict nature of stream processing, and where normalization
is achieved by not doing any protocol checking or packet reordering. You can relax the Normalizer
process by adding a flag to the sensorApp.conf file, which requires using the service account. It also
requires a sensor reboot.
blocks or delays traffic because of the strict nature of stream processing, and where normalization
is achieved by not doing any protocol checking or packet reordering. You can relax the Normalizer
process by adding a flag to the sensorApp.conf file, which requires using the service account. It also
requires a sensor reboot.
To enable Asymmetric mode processing, log in to the sensor service account, and edit the
/usr/cids/idsRoot/etc/sensorApp.conf file by adding the
/usr/cids/idsRoot/etc/sensorApp.conf file by adding the
AsymmetricFlows=true
flag to the file:
[NormalizerSettings]
QueuedTimeout=4
AsymmetricFlows=true