Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1375
Views
4
Helpful
3
Replies

IDS & IPS

ziryababbas
Level 1
Level 1

‎05-16-2006 12:57 PM - edited ‎03-10-2019 03:01 AM

Friends i was trying to know the differents between the IDS and the IPS so anyone can help me with it ?

Labels:
0 Helpful
3 Replies 3

premdeep.banga
Level 1
Level 1

‎05-16-2006 11:19 PM

Hi there,

IDS as you already know Intrusion Detection System and IPS (Intrusion Prevention System).

Basic difference, IDS will only alert you, IPS will alert as well as protect you. IDS was a part of earlier IOS lower than 12.3(8)T ones, if i remeber correctly. Which could only scan for signature from packets and send a log/alert to syslog on mamagement console.

Cisco's moving towards IPS on IOS devices on and after 12.3(8)T, go for it.

IPS, prevents the attack,basically can take three action :

-Alert

-Reset : Resets TCP session

-Drop : Drop the packet altogether.

IPS does an Inline scan. Looks into each packet on parralel basis, i.e. they have something called SME's(Signature Micro Engine), categorized on protocol basis mailny, i.e., like we have many HTTP type attacks, so one SME will cover all type of HTTP signature and will check every packet in parralel to find a match in any signature for HTTP SME. This is how it works.

In IPS we can send logs to syslog, or via POP or as preffered SDEE(Security Decive Event Excahnge)

Mainly in IPS, S in abbreviation is either security or signature.

I sometimes get cofussed, well thats another part.

Seach for few abbreviated terms that I mentioned above on Cisco, you'll find lot of detail. I am also learing it.

:)

ziryababbas
Level 1
Level 1
In response to premdeep.banga

‎05-17-2006 01:56 AM

thanks alot friend, it was really helpful for me but one thing else.... i have an IDS and i want to move to IPS so are there any way that i will change my IDS to the IPS and what is the requirment to that? also let say that i want to block the intrusion from a 1 network or a host what should i do to do that with IDS? shall i use SHUN or what can you provide me with this info plzz ?

thanks alot for helping

0 Helpful

premdeep.banga
Level 1
Level 1
In response to ziryababbas

‎05-18-2006 12:57 AM

Which product are you using Cisco Router? If you are I may help you, but right now as I said previously, I am too learning IPS stuff. On Cisco Router IPS starts from IOS 12.3(8)T, I read some where that it has backward compatibility with IDS, never tested it though... Once you move to any IOS version that supports IPS, its actually pretty easy to configure, apply IPS on outbound/inbound your wish. And yes, rather than I telling you commands, pick up Cisco press's SNRS guide they have all what it takes to implement IPS on Router (and in deepest detail, but enough to kick start). Cisco pulishes new definations every 2 weeks at :

http://www.cisco.com/cgi-bin/tablebuild.pl/ios-sigup

get the latest signatures, apply on router, you just need to decide whether you want to reset, drop or alert, when signature pattern matches, its recommended to use reset and drop when signature pattern matches, but it may differ, according to your requirement. :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card