Posts

Showing posts from March, 2013

IOS IPS (Intrusion Prevention System)

Cisco Docs: Secure DATA PLANE>Security Configuration Guide:Cisco IOS Intrusion Prevention System
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_ios_ips/configuration/12-4t/sec-data-ios-ips-12-4t-book.html

IPS is watching packets and sessions as they flow through the router and scanning each packet to match any of the Cisco IOS IPS signatures. When packets in a session match a signature, Cisco IOS IPS can take any of the  actions:
- Send an alarm to a syslog server or a centralized management interface
- Drop the packet
- Reset the connection
- Deny traffic from the source IP address of the attacker for a specified amount of time
- Deny traffic on the connection for which the signature was seen for a specified amount of time

*SDEE is application-level communication protocol, used to exchange IPS messages between IPS clients and IPS servers.

First you need to specify the location in which the router loads the SDF (Signature Definition File), because in the IOS there are NO DEFA…