Networking and Security Basics

2

 

The Intrusion Prevention System (IPS)

 

 

 

 

 

The Intrusion Prevention System (IPS)

IPS is an advanced technology to protect your network from malicious attacks. IPS works together with your SPI Firewall, IP Based Access Control List (ACL), Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to achieve the highest level of security. IPS works by providing real-time detection and prevention as an in-line module in a router.

The WRVS4400N wireless router has hardware-based acceleration for real-time pattern matching for detecting malicious attacks. It actively filters and drops malicious TCP/UDP/ICMP/IGMP packets and can reset TCP connections. This protects your client personal computers and servers running various operating systems including Windows, Linux, and Solaris from network worm attacks. However, this system does not prevent viruses contained in e-mail attachments.

The P2P (peer to peer) and IM (instant messaging) control allows you to prevent network users from using those protocols to communicate with people over the Internet. This helps the administrators to set up company policies on how to use their Internet bandwidth wisely.

The signature file is the heart of the IPS system. It is similar to the virus definition files on your personal computer’s Anti-Virus programs. IPS uses this file to match against packets coming in to the Router and performs actions accordingly. As of today, the Wireless-N Router is shipped with signature file version 1.3.8 and with a total of 1101 rules. The rules cover the following categories: DDoS, Buffer Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus, Worm, and Web Attacks.

It is recommended that you update your IPS signature file regularly to thwart new attack types.

The following diagram illustrates a number of IPS scenarios.

Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide

11

Page 11
Image 11
Cisco Systems WRVS4400NRF manual Intrusion Prevention System IPS