Re: Ugrading IDS to IPS

r_berana · ‎01-08-2007

Hi security PRos, Is it possible to upgrade an IDS device to have an IPS capability, if yes, how? Thanks in advance

TradeSecrets · ‎01-08-2007

What type of device ?

Cisco IDMS-2's can run either code.

5.X is IPS code and 4.X is IDS code

srue · ‎01-08-2007

i'm pretty sure its possible. if you want to use 'inline' mode, you just have to have the right number of interfaces.

r_berana · ‎01-08-2007

The IDS model is IDS-4250-SX-K9

r_berana · ‎01-09-2007

The IDS model is IDS-4250-SX-K9

daniel.cleary · ‎01-08-2007

I am not sure what device you have as an IPS/IDS. Not all IDS's can become IPS's.

The diff between IDS and IPS is that IDS monitors incoming / outing traffic in various ways. It is a passive device.

An IPS is inline, it has an internal and external interface, traffic passes through the interface and may be blocked.

I hav ean IDSM which allows the device to be both IDS (monitoring via span) and IPS.

jwalker · ‎01-09-2007

With your particular model, you can do IPS mode; however, this model will only allow you to have one inline pair. If you require multiple subnets to be monitored, I do not think this is the best option for you. Basically, you only have to monitorin interfaces, so you cannot do any promiscuous monitoring if you have one inline pair. I am not sure, but you might be able to add a 4FE card if you require IDS mode on other subnets.

r_berana · ‎01-09-2007

To which version am i going to upgrade to make it IPS capable?

jim · ‎01-09-2007

IPS-4220-K9-sys-1.1-a-6.0-1-E1.img