04-23-2008 05:27 AM - edited 03-10-2019 04:04 AM
Hi
Can anybody tell me what are the major benefits of version 6.0 of IPS (Please dont send a link as i have gone thru many and i didnt find relevant information for teh same
Regds
Ankur
04-23-2008 06:32 AM
Where do we start? I guess the the benefits really happen if you have other cisco products.
For instance, if you are running Cisco Security Agent as well, you'll be able to do some event correlation by setting up the CSAMC to communication with the IPS. This gives a good visual for traffic making it through the IPS. When the agent fires an alert, it communicates that back to the sensor. The sensor then increases a score for the source address. That of course increases the chances of it being blocked.
Anomaly detection is also a big thing. This detects actions between networks, as long as they flow through the IPS, for "suspicious" activity. Things such as scanning or multiple connections. There is a good presentation on this that cisco has done. It explains how the metrics work as well as setting up the learning mode.
What I think is a very nice feature is the possibility of multiple virtual interfaces. You can create a vast array of custom setups to apply in various situations.
You can write a book about all of this, which is why many people just post links. Its easier and a lot more resourceful. But, I hope this assists you. OH, I'm sure I've left items here and there out. But, you get the idea.
04-25-2008 11:49 AM
Hi Ankur,
There are many enhancements, but two of the most significant new features are:
1. Multiple Virtual Sensors. This allows you to scan the same traffic in multiple places in your network without confusing the virtual sensor normalizer. It will recognize that the traffic has traversed two locations in the network that are being scanned by the IPS.
2. 6.0(4) has support for asymmetric traffic. Again, this makes the Virtual Sensor more robust to support more complex traffic flow without normalization issues. See this site for more information.
http://www.cisco.com/en/US/docs/security/ips/6.0/release/notes/8827_02.html#wp1161779
These features combined make the IPS usable in many more complex network design scenarios than ever before.
Hope that helps!
-Brian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide