Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 11: IPS Technologies, image, image, image, image, image, image,…
Module 11: IPS Technologies
11.0 Introduction
11.0.1 Why Should I Take this Module?
Various devices and systems combine to protect the network at multiple levels. Security threats include malware and data theft.
Devices at the network edge prevent threat actor intrusions and malware from entering the network.
11.0.2 What Will I Learn in this Module?
Explain how network-based Intrusion Prevention Systems are used to help secure a network.
11.1 IDS and IPS Characteristics
11.1.1 Zero-Day Attacks
Malware can spread across the world in a matter of minutes. A network must instantly recognize and mitigate malware threats.
During the time it takes the software vendor to develop and release a patch, the network is vulnerable to these exploits, as shown in the figure.
11.1.2 Monitor for Attacks
One approach to prevent malware exploits is for an administrator to continuously monitor the network and analyze the log files generated by network devices.
11.1.3 Intrusion Prevention and Detection Devices
A networking architecture paradigm shift is required to defend against fast-moving and evolving attacks.
11.1.4 Advantages and Disadvantages of IDS and IPS
The table summarizes the advantages and disadvantages of IDS and IPS.
11.2 IPS Implementations
11.2.1 Types of IPS
. A significant advantage of HIPS is that it can monitor and protect operating system and critical system processes that are specific to that host.
11.2.2 Network-Based IPS
The underlying operating system of the platform is stripped of unnecessary network services, and essential services are secured.
11.2.3 Modes of Deployment
IDS and IPS sensors can operate in inline mode (also known as inline interface pair mode) or promiscuous mode (also known as passive mode).
11.3 IPS on Cisco ISRs
11.3.1 IPS Components
An IPS sensor has two components:
IPS detection and enforcement engine - To validate traffic, the detection engine compares incoming traffic with known attack signatures that are included in the IPS attack signature package.
IPS attack signatures package - This is a list of known attack signatures that are contained in one file.
11.3.2 Cisco IOS IPS
Enabling a router to work as an IPS is a cost-effective way to protect branch office networks
11.3.3 Snort IPS
Many of the devices that supported Cisco IOS IPS are no longer available, or no longer supported.
11.3.4 Snort Operation
There are currently more than 30,000 signatures in the Snort rule set. It also supports the ability to customize rule sets and provides centralized deployment and management capabilities for 4000 Series ISRs.
11.4 Cisco Switched Port Analyzer
11.4.1 Network Monitoring Methods
The day-to-day operation of a network consists of common patterns of traffic flow, bandwidth usage, and resource access.
11.4.2 Network Taps
A network tap is typically a passive splitting device implemented inline between a device of interest and the network.
11.4.3 Traffic Mirroring and SPAN
Network switches segment the network by design. This limits the amount of traffic that is visible to network monitoring devices.
11.4.4 Configure Cisco SPAN
The SPAN feature on Cisco switches sends a copy of each frame entering the source port out the destination port and toward the packet analyzer or IDS.
11.5 IPS Technologies Summary
11.5.1 What Did I learn in this Module?
IDS and IPS Characteristics
Malware is an ever-increasing threat to network security. New network attacks occur daily. The threat landscape is constantly evolving.
IPS Implementations
Intrusion prevention systems can be host-based or network-based. HIPS are installed on network hosts.
IPS on Cisco ISRs
Enabling IPS functionality on routers at the branch level is a cost-effective way to protect networks with a single device.
Cisco Switched Port Analyzer
SPAN is a technology that enables network monitoring and IDS to function in segmented networks.
