Cisco intrusion detection and prevention solutions are part of the
Cisco Self-Defending Network. Designed to identify and stop worms, network
viruses, and other malicious traffic, these solutions can help protect the
network. Cisco provides a broad array of solutions for intrusion detection and
prevention at both the network and at the endpoint.
IOS Intrusion
Prevention System (IPS)
Cisco IOS Intrusion Prevention System (IPS) is
an in-line, deep-packet inspection-based solution that helps enable Cisco IOS
Software to effectively mitigate a wide range of network attacks without
compromising router performance
. With the
intelligence and performance to accurately identify, classify, and stop
malicious or damaging traffic in real time, Cisco IOS IPS is a core component
of the Self-Defending Network, enabling the network to defend itself.
While it is common practice to defend against head-end attacks by inspecting
traffic and installing firewalls, it is also critical to stop malicious traffic
close to its entry point by protecting the branch offices. Deploying inline
Cisco IOS IPS at the branch enables gateways to drop traffic, send an alarm, or
reset the connection as needed to stop attacking traffic at the point of
origination and quickly remove unwanted traffic from the network.
PIX
and ASA Security Appliances
The PIX Security Appliance and Adaptive
Security Appliances are a key element in the overall Cisco end-to-end security
solution. The Cisco Security Appliances provide integrated in-line intrusion
detection and prevention. PIX Software Versions 5.2 and higher support
intrusion detection. The intrusion detection and prevention capabilities of the
Adaptive Security Appliance 5500 series can be increased through the addition
of a Cisco ASA Advanced Inspection and Prevention Security Services Module
(AIP-SSM).
Cisco IDS Network Module
The Cisco IDS Network Module for the
Cisco 2600XM, 3600, and 3700 series routers is part of the Cisco IDS Family
sensor portfolio and the Cisco Intrusion Protection System
. These
IDS sensors work in concert with the other IDS components, including Cisco IDS
Management Console, CiscoWorks VPN/Security Management Solution, and Cisco IDS
Device Manager, to efficiently protect the data and information infrastructure.
Cisco IDS network modules fit into a single network module slot on the Cisco
2600XM Series, Cisco 3600, and Cisco 3700 Series platforms. The IDS Network
Module includes a 20-gigabyte hard disk for logging and storage of events. The
external Ethernet port is used for command and control to enable a secure
outbound port for management. This setup also allows for both security
operations and network operations to have their own command and control
interfaces. Each sensor addresses the bandwidth requirements of different
routers up to 10 Mbps in the Cisco 2600XM, and up to 45 Mbps in the Cisco 3700
Series.
Intrusion Detection System Services Module
(IDSM-2)
The Cisco IDSM-2 protects switched environments by integrating
full-featured IPS functions directly into the network infrastructure through
the Cisco Catalyst chassis.
This integration
allows the user to monitor traffic directly off the switch backplane. The
IDSM-2 is a one rack-unit module that can be installed in any one slot in the
Cisco Catalyst 6500/7600 chassis.