Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1018
Views
8
Helpful
2
Replies

Difference in Cisco IOS IDS and IDS 4200

wmmak
Level 1
Level 1

‎01-03-2005 11:21 PM - edited ‎03-10-2019 01:13 AM

Hi All,

How to differentiate Cisco IOS IDS from a stanalone box IDS 4200?

Thanks and Regards,

mak

Labels:
0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎01-06-2005 09:32 AM

Hi,

IOS IDS have only 59 signatures. but IDS 4200 has cotinous signature releases with all new signatures.

IOS also has new IPS that is similiar to signatures in IDS appliance.

Thanks

Nadeem

marcabal
Cisco Employee
Cisco Employee
In response to nkhawaja

‎01-06-2005 12:45 PM

A little more information.

When IDS was first implemented in IOS it was hardcoded to 59 signatures.

But in the past year the IOS team began implementing signature engines just like as on the IDS Appliances. The new signature engines are being termed IPS instead of the older IDS name.

So what is the difference between the new IPS feature in the IOS Routers and the IDS Appliances?

1) The number of engines.

2) The number of signatures that can be enabled

3) The ability to drop the offending packets

1) The IDS Appliances have more signature engines than are available in the IOS Routers. These additional engines available on the IDS Appliances are for the more complex attacks that require more detailed processing and storage of data. So there are some attacks that can be detected by the IDS Appliances that can not be detected by the IOS Routers.

2) The routers have limited memmory and cpu resources. So fewer signatures can be enabled on the IOS Routers, while the IDS Appliances can have a much larger number of signatures be enabled.

The IOS Routers IPS functionality was really designed for monitoring the top attacks of the day. While the IDS Appliances were designed for monitoring a much larger number of attacks.

3) The IOS Routers with IPS functionality are able to drop the offending packets and prevent them from reaching the end destination.

The IDS Appliances are not currently capable of dropping the offending traffic. HOWEVER, this capability is being added in the next major software release of the IDS Appliances. So that IDS Appliances can operate as an inline device and drop the offending packet and not allow it to reach the end systems being protected.

Because the IDS Appliances have the ability to monitor a much broader range and larger number of attacks, the IDS Appliances are recommended for your points of most concern (primary internet connection, dmz, data center).

The IOS Routers with IPS functionality was designed to cover those areas where purchase of a separate Appliance is not cost effective (small remote offices, connections between departments, etc..)

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card