CCNA_Security_05_bupt

CCNA_Security_05_bupt - CCNA Security Chapter5:...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CCNA Security Chapter5: Implementing Intrusion Prevention Chapter5: Implementing Intrusion Prevention
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Lesson Planning This lesson should take 3-6 hours to present The lesson should include lecture, demonstrations, discussion and assessments The lesson can be taught in person or using remote instruction
Background image of page 2
3 Major Concepts Describe the purpose and operation of network-based and host-based Intrusion Prevention Systems (IPS) Describe how IDS and IPS signatures are used to detect malicious network traffic Implement Cisco IOS IPS operations using CLI and SDM Verify and monitor the Cisco IOS IPS operations using CLI and SDM
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Contents 5.1 IPS Technologies 5.2 IPS Signatures 5.3 Implementing IPS 5.4 Verify and Monitor IPS
Background image of page 4
5 5.1 IPS Technologies
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 IPS Technologies Introduction to IDS and IPS IPS Implementations Network-Based IPS Implementations
Background image of page 6
7 5.1.1 IDS and IPS Characteristics Common Intrusions Intrusion Detection Systems Intrusion Prevention Systems Common Characteristics of IDS and IPS Comparing IDS and IPS Solutions
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Common Intrusions MARS Remote Worker Remote Branch VPN VPN VPN ACS Iron Port Firewall Web Server Email Server DNS CSA Zero-day exploit attacking the network
Background image of page 8
9 Intrusion Detection Systems (IDSs) 1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack . 2. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. 3. The IDS can also send an alarm to a management console for logging and other management purposes. Switch Management Console 1 2 3 Target Sensor
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Intrusion Prevention Systems (IPSs) 1. An attack is launched on a network that has a sensor deployed in IPS mode ( inline mode ). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4. Traffic in violation of policy can be dropped by an IPS sensor. Sensor Management Console 1 2 3 Target 4 Bit Bucket
Background image of page 10
11 Common characteristics of IDS and IPS Both technologies are deployed using sensors. Both technologies use signatures to detect patterns of misuse in network traffic. Both can detect atomic patterns (single- packet) or composite patterns (multi-packet).
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
12 Comparing IDS and IPS Solutions Advantages Disadvantages No impact on network (latency, jitter) No network impact if there is a sensor failure No network impact if there is sensor overload Response action cannot stop trigger packets Correct tuning required for response actions Must have a well thought-out security policy More vulnerable to network evasion techniques IDS Promiscuous Mode
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/10/2011 for the course CSIE 992 taught by Professor Lu during the Spring '11 term at National.

Page1 / 98

CCNA_Security_05_bupt - CCNA Security Chapter5:...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online