Chapter19 Intrusion Prevention System
Import Signatures
19-50
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08

Autosave

Check this option if you want the router to automatically save the SDF in the event
of a router crash. This eliminates the need for you to reconfigure IPS with this
SDF when the router comes back up.
Cisco Intrusion Prevention Alert Center
The Cisco Intrusion Prevention Alert center provides information on emerging
threats and links to the Cisco IPS signatures available to protect your network
from them. The Cisco Intrusion Prevention Alert Center is available at this link:
http://www.cisco.com/pcgi-bin/front.x/ipsalerts/ipsalertsHome.pl
IPS-Supplied Signature Definition Files
To ensure that the router has available as many signatures as its memory can
accommodate, IPS is shipped with one of the following SDFs:
256MB.sdfIf the amount of RAM available is greater than 256 MB .
256MB.sdf contains 500 signatures.
128MB.sdfIf the amount of RAM available is between 128 MB and 256
MB. 128MB.sdf contains 300 signatures.
attack-drop.sdfIf the amount of available RAM is 127 MB or less.
attack-drop.sdf contains 82 signatures.
Note The router must be running a Cisco IOS image of release 12.3(14)T or later to be
able to use all the available signature engines in 256MB.sdf and 128MB.sdf. If the
router runs a Cisco IOS image of an earlier release, not all signature engines will
be available.
To use an SDF in router memory, determine which SDF has been installed, and
then configure IPS to use it. The procedures that follow show you how to do this.