Solved: Re: Cisoc IPS Sensor 5.1

jabernstein · ‎08-29-2006

Where can I find a listing of the threats that are mitigated by the ICS Sensor 5.1. We are evaluating the product, and one primary need is spyware/adware blocking. I know it lists spyware/adware as one of the 'anti-x', but there are no "details" to be had. Has anyone installed and configured this? Thanks.

wyley.johnson · ‎08-29-2006

There is always the ASA5510 or 5520 appliances with the CSC module that does anti-x (where x= spam, virus, spyware). THe problem with these devices is that you cannot do IPS and Anti-x at the same time. Each one is a seperate module.

View solution in original post

mhellman · ‎08-29-2006

When you say "sensor" I guess you're talking about the Cisco network-based IPS appliance? It isn't going to do a good job of preventing spyware/adware. If that's a primary requirement, then I would suggest looking at either network-proxy solutions (like WebWasher or Bluecoat) or host-based IPS solutions, like Cisco's own Cisco security agent.

jabernstein · ‎08-29-2006

Thanks. That's what I thought but could not find definitive information. We do have the IPS appliance and want to implement. One of the requirements of our security posture is spyware/adware. A member of the team read that one of the fetaures of IPS appliance was spyware/adware blocking. We currently have host based solutions, but wanted to mitigate the spyware as much as possible prior to hitting the desktop. Thanks again for your reply.

wyley.johnson · ‎08-29-2006

There is always the ASA5510 or 5520 appliances with the CSC module that does anti-x (where x= spam, virus, spyware). THe problem with these devices is that you cannot do IPS and Anti-x at the same time. Each one is a seperate module.

jabernstein · ‎08-29-2006

Thanks for the response. We are actually going to evaluate other solutions.

lmilher_2 · ‎08-30-2006

Hi, the IPS 5.0 has trendmicro signatures to prevent worms and networks virus in to the lan. The csm module for ASA is other solution to put in the internet gateway like a proxy.

Take care.

mhellman · ‎08-30-2006

What you're talking about is a separate product called ICS (see: http://www.cisco.com/en/US/products/ps6542/products_data_sheet0900aecd8033185b.html).

For a technical review see:

http://www.cisco.com/en/US/products/ps6542/products_white_paper0900aecd8033186b.shtml

The product does not appear to be designed to prevent spyware and adware. In fact, it doesn't even appear to stop worms and virii unless they are NEW and of significant status.

rcerpa · ‎09-01-2006

I am in a similar situation. Does anyone know where there might be a list of signatures included in the distribution and which ones are enabled by default. I could get them out of our sensors, but I am trying to get a paper done in a hurry to submit to my customer on the 4250 sensors we use.

mhellman · ‎09-01-2006

5.1(2)S246.0.

mhellman · ‎09-01-2006

5.1(2)S246.0.

rcerpa · ‎09-01-2006

Thank you.