CHAP TER
35-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
35
Getting Started with IPS Configuration
Cisco Intrusion Prevention System (IPS) Sensors are network devices that perform real-time monitoring
of network traffic for suspicious activities and active network attacks. The IPS sensor analyzes network
packets and flows to determine whether their contents appear to indicate an attack against your network.
Using Cisco Security Manager, you can configure and manage sensors, which can be dedicated
stand-alone network appliances, Catalyst 6500 switch modules, service modules running in supported
ASA devices or routers, and IPS-enabled Cisco IOS Software images running on integrated services
routers. For a full list of supported IPS devices and software versions, see the Supported Devices and
Software Versions for Cisco Security Manager document for this version of the product.
This chapter contains the following topics:
Understanding IPS Network Sensing, page 35-1
Overview of IPS Configuration, page 35-5
Identifying Allowed Hosts, page 35-7
Configuring SNMP, page35-8
Managing User Accounts and Password Requirements, page 35-13
Identifying an NTP Server, page 35-21
Identifying DNS Servers, page 35-22
Identifying an HTTP Proxy Server, page 35-23
Configuring the External Product Interface, page 35-23
Configuring IPS Logging Policies, page 35-26
IPS Health Monitor, page 35-27
Configuring IPS Security Settings, page 35-29

Understanding IPS Network Sensing

Network sensing can be accomplished using Cisco IPS sensors (appliances, switch modules, network
modules, and SSMs) and Cisco IOS IPS devices (Cisco IOS routers with IPS-enabled images and Cisco
ISRs). These sensing platforms are components of the Cisco Intrusion Prevention System and can be
managed and configured through Cisco Security Manager. These sensing platforms monitor and analyze
network traffic in real time. They do this by looking for anomalies and misuse on the basis of network
flow validation, an extensive embedded signature library, and anomaly detection engines. However,
these platforms differ in how they can respond to perceived intrusions.