Cisco Cisco IPS 4255 Sensor 白皮書
Guide
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 10
Getting Started with Your Cisco IPS
I Introduction
This paper explains the basics of intrusion prevention systems (IPSs) and guides you through
getting started with the Cisco
®
ASA 5500 Series IPS Solution. This paper is geared toward Cisco
partners, Cisco customers, or anyone who needs a basic understanding of the Cisco ASA 5500
Series IPS Solution.
The purpose of IPS technology is to look at all data inside network packets to determine if
malicious traffic exists within those packets. If an IPS determines that malicious traffic exists within
those packets, it will immediately drop the traffic and stop the attack; in less-critical situations, the
IPS may just generate an alert to let you know that suspicious traffic was found on your network.
A Cisco IPS will protect your network by making sure:
●
Traffic inspected is compliant with TCP/IP.
●
All network flows have been correctly built.
●
Any attempts to subvert your security device are recognized and stopped.
●
Any attempts to compromise your network devices with malicious software are stopped.
●
Any new day-zero exploits are stopped.
●
Network traffic behaving outside the scope of normal behavior is recognized and stopped.
Deploying a Cisco ASA 5500 Series IPS Solution is a simple, straightforward process that requires
four fundamental steps.
●
Where to deploy the Cisco ASA 5500 Series IPS Solution
●
How to configure and license the ASA
●
How to configure the IPS
●
How to license, configure, and monitor solution using Cisco IPS Manager Express
II Where to deploy the Cisco ASA 5500 Series IPS Solution
The Cisco ASA 5500 Series IPS Solution needs to be placed in your network at the location where
it can provide the maximum amount of protection. For example, if you have different segments
defined in your network, such as a segment for users and a separate segment for Web servers
and mail servers, where would it make most sense to put your ASA? If you put it between the
server segment and the user segment, there is no protection between your users and the Internet.
If you put the ASA between your users and the Internet, it is possible that users could plug an
infected PC into the network, which makes the server segment vulnerable to infection.
For small and medium-sized businesses (SMBs) or small commercial enterprises, it usually makes
sense to place the ASA where the Internet connects to your network and then use it to segment
the rest your network. This effectively allows you to protect all areas of your network.