© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Module Self-Check

© 2006 Cisco Systems, Inc. All rights reserved. SND v Introducing IDS and IPS DescriptionType Simple and reliable Customized policies Can detect unknown attacks Fewer false positives Needs fine tuning Window to view attacks Distract and confuse attackers Slow down and avert attacks Traffic profile must be constant Can detect unknown attacks Policy-based Signature-based Honey Pot-based Anomaly-based

© 2006 Cisco Systems, Inc. All rights reserved. SND v Introducing IDS and IPS (Cont.) Signature Alarm TypeDescription False positive An alarm is triggered by normal traffic or a benign action. False negative A signature is not fired when offending traffic is detected. True positive A signature is correctly fired when offending traffic is detected and an alarm is generated. True negative A signature is not fired when nonoffending traffic is captured and analyzed.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Defending Your Network with Cisco IOS IPS Cisco IOS IPS Signature Feature Description Regular expression string pattern matching Enables the creation of string patterns using regular expressions Response actions Enables the sensor to take an action when the signature is triggered Alarm summarization Enables the sensor to aggregate alarms, to limit the number of times an alarm is sent when the signature is triggered Threshold configuration Enables a signature to be tuned to perform optimally in a network Antievasive techniques Enables a signature to defeat evasive techniques used by an attacker

© 2006 Cisco Systems, Inc. All rights reserved. SND v2.05-5