Figure 6-23 Firewall Log
160 Con?¬?guring Cisco IOS Intrusion Prevention System from the CLI
Con?¬?guring Cisco IOS Intrusion Prevention System from the CLI
Cisco IOS can act as an inline intrusion detection sensor, watching packets as they ?¬‚ow
through the router and scanning them to match anything from a Cisco IOS Intrusion
Prevention System (IPS) signature. If the IPS detects suspicious activity, it can respond
before the network can be compromised. A log of the event is then recorded through either
syslog or the Security Device Event Exchange (SDEE) protocol.
Starting with Cisco IOS Release 12.4(11)T, Cisco IOS IPS introduces support for the Cisco
IPS Software Version 5.x signature format, which is also used by other Cisco appliancebased
IPS products. The Cisco IPS version 5.x signature format is improved to support
encrypted signature parameters and other features such as signature Risk Rating.
Cisco Signature De?¬?nition Files (SDF) are updated and posted on Cisco.com. Default SDF
?¬?les are shipped with routers, and larger ones that contain more signatures can be
downloaded. Select the appropriate SDF ?¬?le based on the amount of RAM in the router.
There are ?¬?ve steps to con?¬?gure and verify a basic Cisco IOS IPS:
Step 1.
Pages:
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135