Glossary

ASA 5500 AIP SSM Advanced Inspection and Prevention Security Services Module. The IPS plug-in module in the Cisco ASA 5500 series adaptive security appliance. The ASA 5500 AIP SSM is an IPS services module that monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based on an extensive, embedded signature library. When the ASA 5500 AIP SSM detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the device manager. See also adaptive security appliance.

ASA 5500-X IPS SSP

ASA 5585-X IPS SSP

Alarm Channel

alert

Intrusion Prevention System Security Services Processor. The IPS is running as a service and ASA controls sending and receiving traffic to and from the IPS. The IPS services processor monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based on an extensive, embedded signature library. When the ASA 5500-X IPS SSP detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the device manager. See also adaptive security appliance.

Intrusion Prevention System Security Services Processor. The IPS plug-in module in the Cisco ASA 5585-X adaptive security appliance. The ASA 5585-X IPS SSP is an IPS services processor that monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based on an extensive, embedded signature library. When the ASA 5585-X IPS SSP detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the device manager. See also adaptive security appliance.

The IPS software module that processes all signature events generated by the inspectors. Its primary function is to generate alerts for each event it receives.

Specifically, an IPS event type; it is written to the Event Store as an evidsAlert. In general, an alert is an IPS message that indicates a network exploit in progress or a potential security problem occurrence. Also known as an alarm.

Analysis Engine

The IPS software module that handles sensor configuration. It maps the interfaces and also the

 

signature and alarm channel policy to the configured interfaces. It performs packet analysis and alert

 

detection. The Analysis Engine functionality is provided by the SensorApp process.

anomaly detection

AD. The sensor component that creates a baseline of normal network traffic and then uses this baseline

 

to detect worm-infected hosts.

API

Application Programming Interface. The means by which an application program talks to

 

communications software. Standardized APIs allow application programs to be developed

 

independently of the underlying method of communication. Computer application programs run a set

 

of standard software interrupts, calls, and data formats to initiate contact with other devices (for

 

example, network services, mainframe communications programs, or other program-to-program

 

communications). Typically, APIs make it easier for software developers to create links that an

 

application needs to communicate with the operating system or with the network.

application

Any program (process) designed to run in the Cisco IPS environment.

application image

Full IPS image stored on a permanent storage device used for operating the sensor.

application instance A specific application running on a specific piece of hardware in the IPS environment. An application instance is addressable by its name and the IP address of its host computer.

application partition The bootable disk or compact-flash partition that contains the IPS software image.

ARC

 

Attack Response Controller. Formerly known as Network Access Controller (NAC). A component of

 

 

 

the IPS. A software module that provides block and unblock functionality where applicable.

 

 

 

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1

 

 

 

 

GL-2

 

OL-24002-01

 

 

 

 

Page 418
Image 418
Cisco Systems IPS4520K9 manual To detect worm-infected hosts, GL-2

IPS4520K9 specifications

Cisco Systems has long been a leading player in network security, and its IPS (Intrusion Prevention System) series is a testament to its commitment to safeguarding digital environments. Among its notable offerings are the IPS4510K9 and IPS4520K9 models, both designed to provide advanced threat protection for mid-sized to large enterprise networks.

The Cisco IPS4510K9 and IPS4520K9 are distinguished by their cutting-edge features that help organizations defend against a myriad of cyber threats. These systems utilize a multi-layered approach to security, integrating intrusion prevention, advanced malware protection, and comprehensive visibility across the network.

One of the primary characteristics of the IPS4510K9 is its high performance. It boasts a throughput of up to 1 Gbps, making it suitable for environments that demand rapid data processing and real-time responses to threats. The IPS4520K9, on the other hand, enhances that capability with improved throughput of up to 2 Gbps, accommodating larger enterprises with heavier network traffic. These models are equipped with powerful processors that support complex signature matching and can intelligently distinguish between legitimate traffic and potential threats.

In addition to performance, both models are designed with scalability in mind. They can be easily integrated into existing Cisco infrastructures. This facilitates a seamless enhancement of security without causing significant interruptions to ongoing operations. Moreover, they offer flexible deployment options, allowing organizations to operate them inline or out of band depending on their specific needs.

The Cisco IPS4510K9 and IPS4520K9 leverage advanced detection technologies, utilizing a variety of signature types and heuristic analysis to detect known and unknown threats effectively. They are equipped with real-time alerting and reporting capabilities, giving security teams immediate visibility into potential breaches and enabling them to respond swiftly.

Furthermore, both models support a range of management options through the Cisco Security Manager, allowing for centralized administration, streamlined policy management, and enhanced monitoring capabilities. Automated updates ensure the systems remain current with the latest threat intelligence, vital for staying ahead of evolving cyber threats.

In summary, the Cisco Systems IPS4510K9 and IPS4520K9 represent powerful solutions for organizations seeking robust intrusion prevention capabilities. With their high performance, scalability, and advanced detection technologies, these systems are essential tools in the ever-changing landscape of cybersecurity, providing enterprises with the peace of mind needed to operate securely in today's digital world.