Cisco Intrusion Prevent System (IPS)

• Cisco IPS is a feature that must be enable on Cisco routers.
• It provides Deep Packet Inspection (DPI) of traffic transiting the router.
• This is especially useful in branch offices
• to catch worms, viruses, and other exploits before they leave the local site.
• Routers with the security image come with a package of signature files loaded in their flash.
• Signature updates are posted on the Cisco website.
• These signature updates are downloaded to TFTP server & then to server.
• When IOS IPS is configured, the router acts as an inline IPS,
• & compare each packet that flows through it to known signature.
• Router actions upon finding a signature match include
• Dropping the packet
• Resetting the connection
• Sending an alarm log message
• Blocking traffic from the packet source for a configurable amount of time
• Blocking traffic on the connection for a configurable amount of time
• IOS IPS can be configurable through the command line,
• or, using the Security Device Manger(SDM)
•