Overview

The Security Wheel not only requires the application of security measures on the network, but most importantly, it provides a continual process for monitoring, testing and improving security measures. The security policy is the centerpiece of the Security Wheel. One method to assist administrators with this cycle is the proper implementation and configuration of the Cisco IOS Intrusion Prevention System (IPS).

The current Cisco IOS IPS will monitor and detect over 700 of the most common attacks using signatures to detect patterns of misuse in network traffic. The IPS can automatically reset, drop, or alert an administrator about a suspicious packet. Additionally, IPS provides the capability to configure, disable, and exclude signatures.

This module also discusses a series of attack guards that are part of the PIX Security Appliance feature set. These are special techniques that can prevent many problems that surround popular services such as mail and Domain Name Service (DNS).

PIX Security Appliance intrusion detection functionality is also discussed. The system of intrusion detection signatures is examined, and the methods of configuration for PIX Security Appliances are explained. The process of dropping attacking packets and potentially threatening packets is called shunning. Shunning is discussed, along with configuration examples.

NOTE:

It is required that the student study the commands covered in the chapter using the labs and the Command Reference. Not all required commands are covered in sufficient detail in the text alone. Successful completion of this course requires a thorough knowledge of command syntax and application.