cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
767
Views
5
Helpful
5
Replies

What is the minimal reqs to use Host-based IPS?

jimmyc_2
Level 1
Level 1

I have several servers touching the internet, and one basic ASA-5510.

Aside from purchasing the AIP-SSM and upgrading the 5510 license, what else is required to have a host-based IPS?

Do I need to purchase MARS or other software?

How are the security-agents spec'ed?

Thanks.    

1 Accepted Solution

Accepted Solutions

Some time ago Cisco had a really great host-based IPS, the Cisco Security Agent (CSA). This is end of life and you should look for a diferent vendor. Same for the central monitorig-system MARS which is also EOL.

Are you looking for Server-protection?
Using the AIP-SSM is one good solution, for protecting a HTTPS-Server, you should think about a reverse-proxy in the DMZ that terminates the SSL and sends pure HTTP to the original server. That can be inspected with a web-firewall on the proxy and also by the IPS in the ASA.


Sent from Cisco Technical Support iPad App

View solution in original post

5 Replies 5

Some time ago Cisco had a really great host-based IPS, the Cisco Security Agent (CSA). This is end of life and you should look for a diferent vendor. Same for the central monitorig-system MARS which is also EOL.

Are you looking for Server-protection?
Using the AIP-SSM is one good solution, for protecting a HTTPS-Server, you should think about a reverse-proxy in the DMZ that terminates the SSL and sends pure HTTP to the original server. That can be inspected with a web-firewall on the proxy and also by the IPS in the ASA.


Sent from Cisco Technical Support iPad App

That explains why the CSA textbooks were only $1.47. 

I am very, very glad you responded, as I was about to present this as a solution.

Does Cisco recommend a Host-Based solution by a third party, like Trend Micro?

Or are we at the point where anti-virus software alone covers the hosts?

Thanks.

jc

This is what Cisco is saying to that topic (from the EOL-page):

Cisco's network security product portfolio has complementary security technologies, such as Cisco Intrusion Prevention Systems,Cisco ASA 5500 Series Adaptive Security Appliances, and Cisco IronPort Email and Web gateways. Please contact your Cisco account team for more information on these products. While there is no direct Cisco Security Agent replacement product from Cisco, many endpoint security products are available from a wide variety of third-party vendors. We expect that customers will want to do their own due diligence in choosing a replacement product that best meets their needs.

For Clients I would go for the typical security-packages every anti-virus-vendor has to offer. In addition with a web-filter the protection should be quite good. For Servers, network-based IPS together with filtering reverse-proxys and application-gateways do the work for me. But I really miss the CSA in some cases.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

jimmyc_2
Level 1
Level 1

Karsten, you are a good person.   Appreciate the extra effort.   jc

no problem, thats what communities like these are for ...

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: