intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE
 » 
 » 

Lecture CCNA Security - Chapter 5: Implementing Intrusion Prevention

Chia sẻ: You Can | Ngày: | Loại File: PDF | Số trang:83

Thêm vào BST
Báo xấu
68
lượt xem 5
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

This chapter describle the underlying IDS and IPS technology that is embedded in the Cisco host-and network-based IDS and IPS solutions, configure Cisco IOS IPS using CLI and CCP, verify Cisco Verify Cisco IOS using CLI and CCP. Inviting you to refer.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Lecture CCNA Security - Chapter 5: Implementing Intrusion Prevention

  1. Chapter 5- Implementing Intrusion Prevention CCNA Security
  2. Objectives • Describle the underlying IDS and IPS technology that is embedded in the Cisco host-and network-based IDS and IPS solutions. • Configure Cisco IOS IPS using CLI and CCP. • Verify Cisco IOS using CLI and CCP. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  3. IDS and IPS Characteristics MARS ACS VPN Zero-day exploit Remote Worker attacking the network Firewall VPN VPN Iron Port Remote Branch LAN CSA Web Email Server Server DNS Refer to 5.1.1.1 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  4. Iron Port • http://www.ironport.com/
  5. Intrusion Detection Systems (IDSs) 1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. 1 2. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to 2 deny access to the source of the malicious traffic. Sensor 3. The IDS can also send an alarm to a management console for logging 3 and other management purposes. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  6. Intrusion Prevention Systems (IPSs) 1 1. An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a 2 signature and the attack is stopped 4 Sensor immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. Bit Bucket 4. Traffic in violation of policy can be dropped by an IPS sensor. 3 Target Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  7. Comparing IDS and IPS Solutions Advantages Disadvantages  Response action cannot Promiscuous Mode  No impact on network stop trigger packets (latency, jitter)  Correct tuning required for  No network impact if there is a response actions IDS sensor failure  Must have a well thought-  No network impact if there is out security policy sensor overload  More vulnerable to network evasion techniques Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  8. Comparing IDS and IPS Solutions Advantages Disadvantages  Sensor issues might affect network traffic Inline Mode  Sensor overloading IPS  Stops trigger packets impacts the network  Can use stream normalization  Must have a well thought- techniques out security policy  Some impact on network (latency, jitter) Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  9. Network-Based Implementation CSA MARS VPN Remote Worker Firewall VPN IPS CSA VPN Iron Port CSA CSA CSA Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  10. Host-Based Implementation CSA CSA MARS VPN Management Center for Cisco Security Agents Remote Worker Firewall VPN IPS CSA VPN Agent Iron Port CSA Remote Branch CSA CSA CSA CSA CSA Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  11. Cisco Security Agent Corporate Network Application Server Agent Agent Firewall Untrusted Network Agent Agent Agent Agent SMTP Agent Agent Agent Server Web DNS Server Server Management Center for Cisco Security Agents Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  12. Cisco Security Agent Screens A warning message appears when CSA detects a Problem. CSA maintains a log file allowing the user to verify problems and A waving flag in the learn more information. system tray indicates a potential security problem. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  13. Cisco Trust Agent
  14. Cisco Trust Agent
  15. Host-Based Solutions Advantages and Disadvantages of HIPS Advantages Disadvantages  The success or failure of an  HIPS does not provide a attack can be readily complete network picture. determined.  HIPS has a requirement to  HIPS does not have to worry support multiple operating about fragmentation attacks systems. or variable Time to Live (TTL) attacks.  HIPS has access to the traffic in unencrypted form. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  16. Network-Based Solutions A network IPS can be implemented using a Corporate dedicated IPS appliance, such as the IPS 4200 series, or can be added to an ISR router, an Network ASA firewall appliance or Catalyst 6500 switch. Sensor Firewall Router Untrusted Network Sensor Management Sensor Server Web DNS Server Server Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  17. Cisco IPS Solutions- AIM and Network Module Enhanced (IPS NME) • Integrates IPS into the Cisco 1841 (IPS AIM only), 2800 and 3800 ISR routers • IPS AIM occupies an internal AIM slot on router and has its own CPU and DRAM • Monitors up to 45 Mb/s of traffic • Provides full-featured intrusion protection • Is able to monitor traffic from all router interfaces • Can inspect GRE and IPsec traffic that has been decrypted at the router • Delivers comprehensive intrusion protection at branch offices, isolating threats from the corporate network • Runs the same software image as Cisco IPS Sensor Appliances Refer to 5.1.2.2 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  18. Cisco IPS Solutions - ASA AIP-SSM • High-performance module designed to provide additional security services to the Cisco ASA 5500 Series Adaptive Security Appliance • Diskless design for improved reliability • External 10/100/1000 Ethernet interface for management and software downloads • Intrusion prevention capability • Runs the same software image as the Cisco IPS Sensor appliances Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  19. Cisco IPS 4200 Series Sensors • Appliance solution focused on protecting network devices, services, and applications • Sophisticated attack detection is provided. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  20. Cisco IPS Solutions- Cisco Catalyst 6500 Series IDSM-2 • Switch-integrated intrusion protection module delivering a high-value security service in the core network fabric device • Support for an unlimited number of VLANs • Intrusion prevention capability • Runs the same software image as the Cisco IPS Sensor Appliances Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

THÔNG TIN
TRỢ GIÚP
HỖ TRỢ KHÁCH HÀNG
Theo dõi chúng tôi

Chịu trách nhiệm nội dung:

Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA

LIÊN HỆ

Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM

Hotline: 093 303 0098

Email: support@tailieu.vn

Giấy phép Mạng Xã Hội số: 670/GP-BTTTT cấp ngày 30/11/2015 Copyright © 2022-2032 TaiLieu.VN. All rights reserved.

 

Đồng bộ tài khoản
2=>2