Листовка для Cisco Cisco Integrated Services Routers Intrusion Prevention System Module
Solution Overview
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 10
Cisco IPS AIM
Abstract
The Cisco
®
IPS Advanced Integration Module (AIM) for Cisco modular integrated services routers
integrates a high-performance, feature-rich intrusion prevention system (IPS) into the operations of
the hosting router. A port of Cisco industry-leading IPS sensors, the Cisco IPS AIM performs
intrusion prevention by running Cisco IPS Software Version 6.0, providing feature parity with Cisco
IPS sensors and other devices.
Cisco IPS AIM Deployment, Benefits, and Capabilities
The Cisco IPS AIM installs into the AIM slot in the modular Cisco 1841 and Cisco 2800 and 3800
Series Integrated Services Routers. The AIM slot is an internal slot with no external interface
capabilities. It functions in a coprocessor capability, offloading computationally intensive
operations from the central CPU of the router, leaving additional CPU capacity for forwarding
packets and other services.
The Cisco IPS AIM has its own dedicated CPU, memory, and storage architecture, discrete from
the main operations of the router, allowing the card to offload all IPS inspection activities, store a
full set of signature files, and send inspection results back to the router. The card is a separate
entity within the router, allowing for independent management and configuration. By running Cisco
IPS Software Version 6.0, the Cisco IPS AIM supports all signatures and features of the Cisco IPS
4200 Series appliances. Both promiscuous mode and inline mode are supported by Cisco IPS
AIM.
Cisco IPS AIM vs. Cisco IDS Network Module vs. Cisco IOS IPS Deployment
Guidelines
Cisco IOS
®
IPS, the Cisco IDS Network Module, and the Cisco IPS AIM are all part of the Cisco
Intrusion Prevention Solution. You can deploy all three technologies in the same network, but you
can deploy only one in a single router. Because different IPS engines are not aware of each
other’s activities in the router, using more than one in a single router could cause each engine to
react differently from the others when a signature match occurs. There is currently no mechanism
for fail-back from one service to another.
Cisco IOS IPS is a Cisco IOS Software application that provides signature-based IPS. Packaged in
a Cisco IOS Advanced Security image or later feature set, it is available on all Cisco integrated
services router platforms beginning with the Cisco 871 Integrated Services Router. In Cisco IOS
Software Release 12.4(11)T and later T-train releases, Cisco IOS IPS uses the Cisco IPS Version
5.0 signature format also used in the Cisco IPS 6.0 inspection engines running on standalone
Cisco IPS appliances and modules. More than 2000 signatures are available for Cisco IOS IPS,
but you need to deploy only a subset of these signatures simultaneously. Because Cisco IOS IPS
is a Cisco IOS Software feature, it runs within the shared memory pool of the router and inspection
is performed by the router CPU. Because active signatures are loaded in the main memory of the
router, you may need to install additional memory in order to load more signatures. Even with
additional memory, Cisco IOS IPS cannot load all supported signatures at the same time.