Glossary

InterfaceApp

intrusion detection system

IP address

A component of the IPS. Handles bypass and physical settings and defines paired interfaces. Physical settings are speed, duplex, and administrative state.

IDS. A security service that monitors and analyzes system events to find and provide real-time or near real-time warning of attempts to access system resources in an unauthorized manner.

32-bit address assigned to hosts using TCP/IP. An IP address belongs to one of five classes (A, B, C, D, or E) and is written as 4 octets separated by periods (dotted decimal format). Each address consists of a network number, an optional subnetwork number, and a host number. The network and subnetwork numbers together are used for routing, and the host number is used to address an individual host within the network or subnetwork. A subnet mask is used to extract network and subnetwork information from the IP address.

IPS

Intrusion Prevention System. A system that alerts the user to the presence of an intrusion on the network

 

through network traffic analysis techniques.

IPS data or message Describes the messages transferred over the command and control interface between IPS applications.

iplog

A log of the binary packets to and from a designated address. Iplogs are created when the log Event

 

Action is selected for a signature. Iplogs are stored in a libpcap format, which can be read by WireShark

 

and TCPDUMP.

IP spoofing

IP spoofing attack occurs when an attacker outside your network pretends to be a trusted user either by

 

using an IP address that is within the range of IP addresses for your network or by using an authorized

 

external IP address that you trust and to which you want to provide access to specified resources on

 

your network. Should an attacker get access to your IPSec security parameters, that attacker can

 

masquerade as the remote user authorized to connect to the corporate network.

IPv6

ISL

IP version 6. Replacement for the current version of IP (version 4). IPv6 includes support for flow ID in the packet header, which can be used to identify flows. Formerly called IPng (next generation).

Inter-Switch Link. Cisco-proprietary protocol that maintains VLAN information as traffic flows between switches and routers.

J

Java Web Start

JNLP

Java Web Start provides a platform-independent, secure, and robust deployment technology. It enables developers to deploy full-featured applications to you by making the applications available on a standard web server. With any web browser, you can launch the applications and be confident you always have the most-recent version.

Java Network Launching Protocol. Defined in an XML file format specifying how Java Web Start applications are launched. JNLP consists of a set of rules defining how exactly the launching mechanism should be implemented.

K

 

 

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1

 

 

 

 

 

 

 

OL-24002-01

 

 

GL-11

 

 

 

 

 

Page 426 Page 428
Page 427
Image 427
Cisco Systems IPS4520K9 manual Through network traffic analysis techniques, Tcpdump, GL-11
Page 426 Page 428

IPS4520K9 specifications

Cisco Systems has long been a leading player in network security, and its IPS (Intrusion Prevention System) series is a testament to its commitment to safeguarding digital environments. Among its notable offerings are the IPS4510K9 and IPS4520K9 models, both designed to provide advanced threat protection for mid-sized to large enterprise networks.

The Cisco IPS4510K9 and IPS4520K9 are distinguished by their cutting-edge features that help organizations defend against a myriad of cyber threats. These systems utilize a multi-layered approach to security, integrating intrusion prevention, advanced malware protection, and comprehensive visibility across the network.

One of the primary characteristics of the IPS4510K9 is its high performance. It boasts a throughput of up to 1 Gbps, making it suitable for environments that demand rapid data processing and real-time responses to threats. The IPS4520K9, on the other hand, enhances that capability with improved throughput of up to 2 Gbps, accommodating larger enterprises with heavier network traffic. These models are equipped with powerful processors that support complex signature matching and can intelligently distinguish between legitimate traffic and potential threats.

In addition to performance, both models are designed with scalability in mind. They can be easily integrated into existing Cisco infrastructures. This facilitates a seamless enhancement of security without causing significant interruptions to ongoing operations. Moreover, they offer flexible deployment options, allowing organizations to operate them inline or out of band depending on their specific needs.

The Cisco IPS4510K9 and IPS4520K9 leverage advanced detection technologies, utilizing a variety of signature types and heuristic analysis to detect known and unknown threats effectively. They are equipped with real-time alerting and reporting capabilities, giving security teams immediate visibility into potential breaches and enabling them to respond swiftly.

Furthermore, both models support a range of management options through the Cisco Security Manager, allowing for centralized administration, streamlined policy management, and enhanced monitoring capabilities. Automated updates ensure the systems remain current with the latest threat intelligence, vital for staying ahead of evolving cyber threats.

In summary, the Cisco Systems IPS4510K9 and IPS4520K9 represent powerful solutions for organizations seeking robust intrusion prevention capabilities. With their high performance, scalability, and advanced detection technologies, these systems are essential tools in the ever-changing landscape of cybersecurity, providing enterprises with the peace of mind needed to operate securely in today's digital world.
Top Page Image Contents