Please enable JavaScript.
Coggle requires JavaScript to display documents.
IPS Technologies - Coggle Diagram
IPS Technologies
IPS on Cisco ISRs
Snort Operation
IPS mode - In addition to intrusion detection, actions are taken to prevent attacks.
IDS mode - Snort inspects the traffic and reports alerts, but does not take any action to prevent attacks.
-
Snort IPS
Snort is the most widely deployed IPS solution in the world. It is an open source network IPS that performs real-time traffic analysis and generates alerts when threats are detected on IP networks.
-
Cisco IOS IPS
The network administrator could configure the Cisco IOS IPS to choose the appropriate response to various threats. For example, when packets in a session matched a signature, Cisco IOS IPS could be configured to respond as follows:
-
-
-
-
-
-
IPS Components
IPS detection and enforcement engine - To validate traffic, the detection engine compares incoming traffic with known attack signatures that are included in the IPS attack signature package.
IPS attack signatures package - This is a list of known attack signatures that are contained in one file. The signature pack is updated frequently as new attacks are discovered. Network traffic is analyzed for matches to these signatures.
Cisco Snort IPS - This is available on the Cisco 4000 Series ISRs and Cisco Cloud Services Routers in the 1000v Series.
Cisco IOS Intrusion Prevention System (IPS) - This is available on older Cisco 800, 1900, 2900, and 3900 Series ISRs. IOS IPS is no longer supported and should not be used.
-
-
IPS Implementations
Types of IPS
Host-based IPS
Host-based IPS (HIPS) is software installed on a host to monitor and analyze suspicious activity. A significant advantage of HIPS is that it can monitor and protect operating system and critical system processes that are specific to that host
-
-