Академический Документы
Профессиональный Документы
Культура Документы
Explaining Intrusion
Prevention
SSL Session
600
Performance (Mbps)
250 IDSM-2
IDS 4255
80
AIP-SSM
45
IPS 4215
NM-CIDS
10/100/1000 TX
10/100/1000 TX 10/100 10/100/1000 TX 10/100/1000 TX Switched/1000
1000 SX
TX
Network Media
© 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0—2-16
Cisco 4200 Series Appliance
• High-performance module
designed to provide additional
security services to the Cisco
Adaptive Security Appliance
• Diskless design for improved
reliability
• External 10/100/1000 Ethernet
interface for management and
software downloads
• Intrusion prevention capability
• Runs the same software
image as the sensor
appliances
• Switch-integrated intrusion
protection module delivering a
high-value security service in
the core network fabric device
• Supports unlimited number of
VLANs
• Intrusion prevention capability
• Runs same software image as
sensor appliances
Untrusted
Network
Monitoring Interface
Router
Switch
Sensor Router
Protected
Network
Command and
Control
Interface
Management System
© 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0—2-22
Cisco 4215 Sensor Front Panel
Monitoring
Network
Interface
Card LED
Command and
Power LED Control Network
Interface Card
LED
Optional
Monitoring Console
Interfaces Port
Command
Monitoring
and Control
Interface
Interface
Console
Monitoring
Command and Compact Port
Interfaces
Control Flash
Interface Indicators Power
Connector
Auxiliary Indicator
Expansion USB
Port Light
Slot Ports
Power
Expansion Power Connector
Slot Indicator Auxiliary
Port Indicator
USB
Light
Ports
Status Flash Power
Indicator Indicator Switch
1
A network device sends copies
of packets to the sensor for analysis.
2
If the traffic matches a signature,
the signature fires.
Switch
32
The sensor can send an alarm
to a management console and
take a response action such as Sensor
resetting the connection.
Management Target
System
Sensor
An alert can be
If a packet triggers a
sent to the
signature, it can be
management console.
dropped before it
reaches its target.
Management Target
System
Corporate
Network
Firewall
Switch Router
Switch
Untrusted
Network
Sensor
Management
Server
Corporate
Network
Agent Application
Server
Agent
Firewall
Untrusted
Network
Agent
Agent Agent Agent
SMTP Agent Agent Agent
Server Console WWW DNS
Server Server
Host-Focused
Technology
• Application-level encryption
protection
• Policy enforcement (resource
control)
• Web application protection
• Buffer overflow
• Network attack and
reconnaissance detection
• DoS detection
Network-Focused
Technology
• Number of sensors
• Sensor placement
• Management and monitoring options
• External sensor communications
Branch
Corporate
Network
NMCIDS
Router Firewall
Untrusted
Sensor
Network
IDSM2 Sensor
Management
Server CSA Agent CSA Agent
WWW DNS
Server Server
Attacker
Internet