35-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 35 Getting Started with IPS Configuration
Understanding IPS Network Sensing
Tip Cisco IPS sensors and Cisco IOS IPS devices are often referred to collectively as IPS devices or simply
sensors. However, Cisco IOS IPS does not run the full dedicated IPS software, and its configuration does
not include IPS device-specific policies. Additionally, the amount of sensing that you can perform with
Cisco IOS IPS is more limited. The following sections focus on using dedicated IPS devices, including
service modules installed in IOS routers, rather than Cisco IOS IPS. For a discussion focused on Cisco
IOS IPS, see Intrusion Prevention System (IPS) Cisco IOS Intrusion Prevention System Deployment
Guide on Cisco.com and Chapter 44, “Configuring IOS IPS Routers”. Also, see
http://www.cisco.com/go/iosips.
When an IPS device detects unauthorized network activity, it can terminate the connection, permanently
block the associated host, and take other actions.
Note For more overview information on IPS sensors, including a comparison of the available appliances and
service modules and details about device interfaces, see Introducing the Sensor in Installing Cisco
Intrusion Prevention System Appliances and Modules. A list of these documents for each IPS release is
available at
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_installation_guides_list.html.
This section contains the following topics:
Capturing Network Traffic, page 35-2
Correctly Deploying the Sensor, page 35-4
Tuning the IPS, page 35-4
Capturing Network Traffic
The sensor can operate in either promiscuous or inline mode. The following illustration shows how you
can deploy a combination of sensors operating in both inline (IPS) and promiscuous (IDS) modes to
protect your network.