Slide 1
Contents
IPS Fundamentals
IDS and IPS technologies
Intrusion Detection System
Intrusion Prevention System
Comparing IDS and IPS Solutions
So, IDS or IPS? Why Not Both?
Alarm Types
Types of IDS and IPS Sensors
IPS Attack Responses
IPS Anti-Evasion Techniques
Anti-evasion features
Anti-Evasion Techniques Used by Cisco IPS
Building a Risk Rating into the Detection Capabilities
Risk-Based Intrusion Prevention
IPv6-Aware IPS
IPS Alarms: Event Monitoring and Management
Device, Enterprise, and Global Correlation
Slide 20
Examples of IPS Deployments
IPS Platforms from Cisco
IPS Best Practices
Fail-Open or Fail-Close Approach
Recommended practices
Cisco IPS Architecture
Slide 27
Cisco IOS IPS Features
Scenario: Protecting the Branch Office Against Inside Attack
Cisco IOS IPS Signature Features
Signature file
Signature Management
Summary of Types of Supported Signature Engines
Details on Signature Microengines
Slide 35
Signatures Interactions with Cisco IOS
Signature States
Combinations of Signature Compilations and States
Slide 39
Cisco IOS IPS Alarms Monitoring
SDEE and syslog
Event Management
Slide 43
Step 1: Download Cisco IOS IPS Signature Package
Step 2: Launch IPS Policies Wizard
IPS Policies Wizard: Selecting the Interfaces
IPS Policies Wizard: Selecting the Signature File
Slide 48
IPS Policies Wizard: Storing Signature Information
Slide 50
IPS Policies Wizard: Summary Configuration
Step 3: Verify Configuration and Signature Files
Reviewing IPS Signatures
Step 4: Perform Signature Tuning
Enable, Disable, Retire, or Unretire Signatures
Changing Action of Signatures
Step 5: Verify Alarms
Monitoring IPS Signature Statistics from CCP
Monitoring IPS Alarms from CCP
IPS Signature Statistics
Slide 61
Configuring Cisco IOS IPS Using the CLI
show ip ips configuration Command Output
system log messages
References
Slide 66