Chapter 16 Cisco IOS IPS
description
Transcript of Chapter 16 Cisco IOS IPS
![Page 1: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/1.jpg)
CHAPTER 16CISCO IOS IPS
![Page 2: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/2.jpg)
2
SECURING NETWORKS WITH IDS AND IPS
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) sensors protect your network from malicious traffic. The two systems are deployed differently and scan for malicious traffic in different ways. Each system has strengths and weaknesses when deployed separately, but when used together, IDS and IPS can provide a much richer and deeper level of security
![Page 3: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/3.jpg)
3
BASIC FUNCTIONS OF THE INTRUSION DETECTION SYSTEM (IDS)
IDS is typically characterized as a passive listening device. This label is given to these systems because traffic does not have to pass through the system; IDS sensors listen promiscuously to all traffic on the network
![Page 4: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/4.jpg)
4
BASIC FUNCTIONS OF THE INTRUSION PREVENTION SYSTEM (IPS)
IPS is characterized as an active device. This is because the device is implemented as an inline sensor. The IPS requires the use of more than one interface, and all traffic must pass through the sensor. Network traffic enters through one interface and exits through another
![Page 5: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/5.jpg)
5
USING IDS AND IPS TOGETHER
When you think about having one or the other of these sensors on your network, think about the benefits you would get from having both. An IPS sensor is much like a firewall; it can block traffic that is malicious or threatening. It should only block traffic that is known to be a threat, though. IPS should not block legitimate traffic or you could suffer a disruption in legitimate connectivity and find that applications are unable to perform their tasks
![Page 6: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/6.jpg)
6
BENEFITS AND DRAWBACKS OF IPS/IDS SENSORS A network-based monitoring system has the
benefit of easily seeing attacks that are occurring across the entire network
Encryption of the network traffic stream can effectively blind the sensor. Reconstructing fragmented traffic can also be a difficult problem to solve
![Page 7: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/7.jpg)
7
TYPES OF IDS AND IPS SENSORS
Network Based (NIPS,NIDS)
Host Based (HIPS,HIDS)
![Page 8: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/8.jpg)
8
NETWORK BASED INTRUSION PREVENTION SYSTEM (NIPS) Network-based sensors examine packets and
traffic that are traversing through the network for known signs of malicious activity. Because these systems are watching network traffic, any attack signatures detected may succeed or fail. It is usually difficult, if not impossible, for network-based monitoring systems to assess the success or failure of the actual attacks
![Page 9: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/9.jpg)
9
HOST BASED INTRUSION PREVENTION SYSTEM(HIPS) A host-based sensor examines information at
the local host or operating system. The HIPS has full access to the internals of the end station, and can relate incoming traffic to the activity on the end station to understand the context. Host-based sensors can be implemented to a couple of different complexity levels
![Page 10: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/10.jpg)
10
MALICIOUS TRAFFIC IDENTIFICATION APPROACHES
Signature-based
Policy-based
Anomaly-based
Honeypot
![Page 11: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/11.jpg)
11
SIGNATURE TYPES
Exploit signatures
Connection signatures
String signatures
DoS signatures
![Page 12: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/12.jpg)
12
IPS ALARMS
An IPS sensor can react in real time when a signature is matched. This allows the sensor to act before network security has been compromised. The sensor can optionally log whatever happened with a syslog message or Security Device Event Exchange (SDEE)
![Page 13: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/13.jpg)
13
CONFIGURING IOS IPS
It is now time to look at the configuration of IOS IPS. This section takes you through the configuration process using the SDM interface. The SDM gives you quite a few configuration capabilities for IOS IPS. You can configure every option through the IPS Edit menu
![Page 14: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/14.jpg)
14
SDM HOME SCREEN
![Page 15: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/15.jpg)
15
DEFAULT CONFIGURATION SCREEN
![Page 16: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/16.jpg)
16
DEFAULT IPS SCREEN
![Page 17: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/17.jpg)
17
SDEE ENABLE NOTIFICATION
![Page 18: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/18.jpg)
18
IPS WIZARD WELCOME SCREEN
![Page 19: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/19.jpg)
19
SELECT INTERFACES SCREEN
![Page 20: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/20.jpg)
20
SDF LOCATIONS SCREEN
![Page 21: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/21.jpg)
21
ADD A SIGNATURE LOCATION DIALOG BOX
![Page 22: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/22.jpg)
22
SDF LOCATIONS WITH FILE ADDED
![Page 23: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/23.jpg)
23
WIZARD SUMMARY PAGE
![Page 24: Chapter 16 Cisco IOS IPS](https://reader035.fdocuments.in/reader035/viewer/2022081419/5681619f550346895dd15850/html5/thumbnails/24.jpg)
24
SUMMARY