Posts from ‘IPS’
For Part 2 of this series, click here.
The following questions will be added to the Core Knowledge Simulation engine. Answers will be provided in the comments section.
Implement Identity Management
Refer to the diagram. The software running on the PC performs what role? Continue Reading
Beginning in October 2009, students will be required to demonstrate mastery of the Cisco IOS Intrusion Prevention System (IPS) for the CCIE R/S track. This blog post introduces candidates to this relatively new security feature. Note this series of blog posts will focus on Tier 1 knowledge. This information allows mastery for the Core Knowledge section and builds a foundation for later mastery at the Command Line Interface.
Intrusion Prevention replaces mere Intrusion Detection from previous IOS versions. IDS for the IOS was certainly nice (you get alerted when a security attack is occurring), but obviously, stopping an attack is much more powerful.
I. Device Manager
i. IDM lives on the sensor and gives you a GUI option for managing the device
1. used to secure communications
I. IPS CLI
2. Serial interface (console)
3. Telnet (disabled by default)
Here is a portion of some notes that I came across for IPS – instead of wasting away on my hard drive, I figured I would post in case some of you might enjoy. I will post more sections if I receive no hate mail
I. IPS Overview
a. Detection versus Protection
i. Detect can do just that – detect
ii. Prevention systems can detect and prevent – risks include latency, false positives, and the risk of the device being overrun
This is obviously a very short list. Remember, we recommend use of the Cisco Intrusion Prevention System Device Manager (IDM) for management and configuration of the device during the lab exam. While this graphical user interface (GUI) will be used for most tasks, there are still some useful and quick command line verification tasks for you here.
IPS CLI 5.1
more current-config | include COMMAND
show settings terse | begin COMMAND
show statistics SERVICE_NAME