The Security Wheel not only requires the application of security measures on
the network, but most importantly, it provides a continual process for
monitoring, testing and improving security measures. The security policy is the
centerpiece of the Security Wheel. One method to assist administrators with
this cycle is the proper implementation and configuration of the Cisco IOS
Intrusion Prevention System (IPS).
The current Cisco IOS IPS will
monitor and detect over 700 of the most common attacks using signatures to
detect patterns of misuse in network traffic. The IPS can automatically reset,
drop, or alert an administrator about a suspicious packet. Additionally, IPS
provides the capability to configure, disable, and exclude signatures.
This module also discusses a series of attack guards that are part of the
PIX Security Appliance feature set. These are special techniques that can
prevent many problems that surround popular services such as mail and Domain
Name Service (DNS).
PIX Security Appliance intrusion detection
functionality is also discussed. The system of intrusion detection signatures
is examined, and the methods of configuration for PIX Security Appliances are
explained. The process of dropping attacking packets and potentially
threatening packets is called shunning. Shunning is discussed, along with
configuration examples.
 |
NOTE:
It is required that the student study the commands covered in the
chapter using the labs and the Command Reference. Not all required commands are
covered in sufficient detail in the text alone. Successful completion of this
course requires a thorough knowledge of command syntax and application.
|