|
|
Intrusion Protection System (IPS) |
|
|
Intrusion Detection System (IDS) |
|
|
Sensor |
|
|
Inline |
|
|
Promiscuous |
|
|
Host Intrusion Protection System (HIPS) |
|
|
Network Intrusion Protection System (IPS) |
|
|
Signatures |
|
|
Alerts |
|
|
|
|
|
|
|
|
Signature Definition File (SDF) |
|
|
Secure Device Event Exchange (SDEE) |
|
Exam Topics Covered in This Chapter: |
|
|---|---|
|
|
Define network based vs. host based intrusion detection and prevention |
|
|
Explain IPS technologies, attack responses, and monitoring options |
|
|
|
Note
These exam topics are from cisco.com. Check there periodically for the latest exam topics and info.
Cisco has many solutions for Intrusion Protection and Detection Systems (IPS and IDS). These solutions run the gamut from purpose-built rackmount appliances for the enterprise to host-based solutions such as Cisco Security Agent (CSA) to provide intrusion protection right to the endpoint. Deploying these solutions as part of the Cisco Self-Defending Network is a challenge and a deep subject all of itself. In this chapter, we do a high-level overview of the different solutions, starting with defining the systems and terminology involved. The chapter culminates with using the Cisco Security Device Manager (SDM) IPS Wizard to configure the Cisco IOS IPS.