Appendix A System Architecture

MainApp

Table A-1shows some examples:

Table A-1

IPS Event Examples

 

 

 

 

 

 

 

 

IPS Event

 

Intrusion

Start Time

Stop Time

 

Type

 

Event Priority

Stamp Value

Stamp Value

Meaning

 

 

 

 

 

 

status

 

0

Maximum value

Get all status events that are

 

 

 

 

 

stored.

 

 

 

 

 

 

error

 

0

65743

Get all error and status events that

status

 

 

 

 

were stored before time 65743.

 

 

 

 

 

 

status

 

65743

Maximum value

Get status events that were stored

 

 

 

 

 

at or after time 65743.

 

 

 

 

 

 

intrusion

 

low

0

Maximum value

Get all intrusion and attack

attack response

 

 

 

 

response events with low priority

 

 

 

 

 

that are stored.

 

 

 

 

 

 

attack response

 

medium

4123000000

4123987256

Get attack response, error, status,

error

 

high

 

 

and intrusion events with medium

status

 

 

 

 

or high priority that were stored

intrusion

 

 

 

 

between time 4123000000 and

 

 

 

 

 

4123987256.

 

 

 

 

 

 

The size of the Event Store allows sufficient buffering of the IPS events when the sensor is not connected to an IPS event consumer. Sufficient buffering depends on your requirements and the capabilities of the nodes in use. The oldest events in the circular buffer are replaced by the newest events.

Event Data Structures

The various functional units communicate the following seven types of data:

Intrusion events—Produced by the SensorApp. The sensor detects intrusion events.

Error events—Caused by hardware or software malfunctions.

Status events—Reports of a change in the status of the application, for example, that its configuration has been updated.

Control transaction log events—The sensor logs the result of a control transaction.

Attack response events—Actions for the ARC, for example, a block request.

Debug events—Highly detailed reports of a change in the status of the application used for debugging.

Control transaction data—Data associated with control transactions, for example, diagnostic data from an application, session logs, and configuration data to or from an application.

All seven types of data are referred to collectively as IPS data. The six event types—intrusion, error, status, control transaction log, network access, and debug—have similar characteristics and are referred to collectively as IPS events. IPS events are produced by the several different applications that make up the IPS and are subscribed to by other IPS applications. IPS events have the following characteristics:

They are spontaneously generated by the application instances configured to do so. There is no request from another application instance to generate a particular event.

They have no specific destination. They are stored and then retrieved by one or more application instances.

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

 

A-8

OL-29168-01

 

 

 

Page 581 Page 583
Page 582
Image 582
Cisco Systems IPS4510K9 manual Event Data Structures, Table A-1shows some examples, Stamp Value Meaning
Page 581 Page 583

IPS4510K9 specifications

Cisco Systems has long been a leading player in network security, and its IPS (Intrusion Prevention System) series is a testament to its commitment to safeguarding digital environments. Among its notable offerings are the IPS4510K9 and IPS4520K9 models, both designed to provide advanced threat protection for mid-sized to large enterprise networks.

The Cisco IPS4510K9 and IPS4520K9 are distinguished by their cutting-edge features that help organizations defend against a myriad of cyber threats. These systems utilize a multi-layered approach to security, integrating intrusion prevention, advanced malware protection, and comprehensive visibility across the network.

One of the primary characteristics of the IPS4510K9 is its high performance. It boasts a throughput of up to 1 Gbps, making it suitable for environments that demand rapid data processing and real-time responses to threats. The IPS4520K9, on the other hand, enhances that capability with improved throughput of up to 2 Gbps, accommodating larger enterprises with heavier network traffic. These models are equipped with powerful processors that support complex signature matching and can intelligently distinguish between legitimate traffic and potential threats.

In addition to performance, both models are designed with scalability in mind. They can be easily integrated into existing Cisco infrastructures. This facilitates a seamless enhancement of security without causing significant interruptions to ongoing operations. Moreover, they offer flexible deployment options, allowing organizations to operate them inline or out of band depending on their specific needs.

The Cisco IPS4510K9 and IPS4520K9 leverage advanced detection technologies, utilizing a variety of signature types and heuristic analysis to detect known and unknown threats effectively. They are equipped with real-time alerting and reporting capabilities, giving security teams immediate visibility into potential breaches and enabling them to respond swiftly.

Furthermore, both models support a range of management options through the Cisco Security Manager, allowing for centralized administration, streamlined policy management, and enhanced monitoring capabilities. Automated updates ensure the systems remain current with the latest threat intelligence, vital for staying ahead of evolving cyber threats.

In summary, the Cisco Systems IPS4510K9 and IPS4520K9 represent powerful solutions for organizations seeking robust intrusion prevention capabilities. With their high performance, scalability, and advanced detection technologies, these systems are essential tools in the ever-changing landscape of cybersecurity, providing enterprises with the peace of mind needed to operate securely in today's digital world.
Top Page Image Contents