Placing IDS and IPS

Similar Messages

• IDS and IPS ?

  Hi
  I am using before 4215 IDS in my network.
  My question is what is basic difference IDS and IPS ?. why I am using IPS in place of IDS , what is the key point and benefit ?.
  Thanks
  biplob

  Hi,
  Here are the definitions from IPS 5.1 guide.
  Understanding Promiscuous Mode (IDS)
  In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented by promiscuous sensor devices are post-event responses and often require assistance from other networking devices, for example, routers and firewalls, to respond to an attack. While such response actions can prevent some classes of attacks, in atomic attacks the single packet has the chance of reaching the target system before the promiscuous-based sensor can apply an ACL modification on a managed device (such as a firewall, switch, or router).
  Understanding Inline Interface Mode (IPS)
  Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device.
  In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1033759
  Hope this helps.
  Edward

• IDS and IPS Hardware Information

  Hi,
  Can anybody give me a detailed information in all the possible hardware that is used for IDS and IPS technologies till date.

  Cisco 830, 1700, 1800, 2600, 2800, 3700, 3800, and 7200 Series Routers are supported by IPS.

• Catalyst 6500 and IPS

  I have a catalyst 6500 switch on my network and I know it supports an IDS module.What I am not sure is an IPS.
  Could somebody who knows be kind enough to tell me if there is the support of IPS in the Catalyst 6500 switch.

  The IDSM-2 module is capable of both IDS (promiscuous mode) AND IPS (inline mode).
  So if you need IPS (inline mode) you still just buy the same IDSM-2 but configure it for InLine Interface Pair or InLine Vlan Pair mode instead of configuring for Promiscuous mode.

• IDS and IDP

  Dear all,
  I have a big confusion between IDS and IDP , what is the clear main difference between them?

  IDS checks traffic flows and alerts on anomalies or triggers of signatures. IPS does the same thing but it can also prevent attacks by accessing your devices and making ACL/firewall changes to block the offender. IPS is the next generation of IDS.

• IDS versus IPS

  Hi All
  Please what is the difference btween the 2.
  If I have a Cat6509 with an IDSM-2 and then an ASA for all our external connection with an IPS what will each be monitoring?
  Also can an IDS monitor external connection that will be plugged into the ASA. Thereby I dont need to buy a ASA5540 as the Cat6509 with IDSM-2 can also monitor external traffic. So I can then buy a ASA5550 and have the bandwidth advantage.
  Is this correct.?

  hi,
  the major difference between an IDS and an IPS is that, IDS sits in a promiscuous mode and an IPS sits in inline mode. So that implies that IDS will let the first threat packet into before it takes any action or fires an alert, this is because it would receive a copy of the packet for analysis and the actual packet would get in before any action is taken and the malicious traffic stream can be stopped from entering the network, where as an IPS box would even stop the initial threat packet from entering into your network, as it would be sitting in inline mode and all the traffic that enters your network would have to pass thru the IPS (i.e. the actual traffic, not a copy of it.), so the analysis would happen realtime and even the initial threat packet would be stopped from getting in.
  Secondly if you already have an IDSM - II running, you can upgrade it to IPS version 5.x, then it would function as an IPS. This way you can buy an ASA5550 instead of an ASA5540, in future if you feel the need of an AIP-SSM module for you ASA, you can buy it or you can even buy an ASA with CSC-SSM module. In that case you have both your IDSM - II working as an IPS and ASA working as an Anti - X filter with the use of CSC-SSM.
  cheers...!!!
  Prashant Chauhan.

• Can anyone recommend a good document for Cisco IDS and AAA

  I need some basic tutorial for Cisco IDS and AAA. can anyone recommend any document for it?
  thanks

  The Cisco IDS/IPS senors do not perform any AAA functions. You can not validate a user/password externally.

• Help with start up. new iMac 27" with Marericks installed has been giving me trouble with IDs and passwords.  More than one account downloaded from older Laptop.  Now the computer has the turning wheel in from of gray screen and won't go any further when

  I recently started using my desktop iMac 27" and have been having problems since installing Mavericks, not saying that Mavericks is the problem per se.  I think I have too many accounts with too many names, with too many Apple IDs and too many passwords, email passwords and Apple ID passwords, and keychain passwords, etc.  Can't keep them straight even though I write everything down.  The screen has been making me log in and log out with Account name and passwords after everything I've been doing, also confused about Users and Groups and how to sync everything. I finally just "shut down" everything and the screen was black.  When I turned the computer on again, the circular gear in the middle just kept turning but nothing happened after that.  Then I held the on button in the back until the screen went black again. 
  What should I do?  Is there a way to combine all my accounts into one account with one Apple ID?  I should say that I also have trying to use iCloud and it has different IDs and passwords. Also when I try to log in with one account name, I can't enter anything I write,and when I type on the keyboard, nothing appears on the screen, although I can receive emails, I can't send them. 
  In another account, what I type does appear on the screen, but I think it's an earlier account and doesn't translate aver to the other account. ALTHOUGH i set up iCloud accounts, they don't appear any more.
  Very confused.  Any Ideas about how I can get the computer to start up again and show a new screen?
  Thanks to anyone who has workable suggestions.

  If you really believe that your system has been compromised, here's what you do:
  Disconnect your Mac from your cable modem;
  Back up any documents on your system that are important to you;
  Boot your Mac from the system installation disks that came with it (insert the disk, restart your Mac, and hold down the "c" key until you get the "spinning gear" icon);
  Choose a language and click the arrow button to continue;
  From the Utilities menu, choose Disk Utility;
  In Disk Utility, select your computer's hard drive;
  Click the "Erase" tab;
  Click the "Security Options" button and select to have it overwrite all the data on the hard drive;
  Click the "Erase" button and allow it to process;
  Once the "erase process has completed (it will take a while), reinstall Mac OS X.
  Or, if this is too much for you to accomplish on your own, take your system to an Apple Store and have them help you perform these steps. If your system was indeed compromised, this will remove any such hack. You can then set up a new user account for the computer, reinstall your applications (reinstall only from original disks or downloads from the company making the software) and documents, and reconnect to the Internet.
  Note that when you reconnect to the cable modem, you may still get an IP address starting with 198. This is normal with some cable modems and probably not a cause for concern. It will not be an indication that your system is still compromised; that will not be possible if you perform all the above steps.
  Regards.

• 2 Apple ids and can't connect

  I have 2 apple ids and one is for iCloud through my new Macbook Air. I don't remember the password for that id and whenever I try to change it it reverts to the other id. Any ideas on how to fix? Get rid of the second id? I can't connect to anything, icloud, ical, etc.

  OK, so the Apple ID on your iCloud is what your current Apple ID used to be, or it is a different ID altogether?
  GB

• I have a iPhone and iPad on one iTunes account, I have recently bought two further I touches fir the kids , should I set them up with their own apple ids and the can I transfer purchases through all devices

  I have a iPhone and iPad on one iTunes account, I have recently bought two further I touches fir the kids , should I set them up with their own apple ids and the can I transfer purchases through all devices,

  Hi jhyiesla,
  Im not sure wether I got you right or not. But my advice/s would be as follows:
  These steps help you get rid of old apps you downloaded years ago and you do not use anymore.(Also frees space on your mac after emptying the trash)
  1) go to iTunes and delete all applications in it. Make sure to move them to trash! Do not empty your trash yet. Its your backup if step 3 doesnt appear.
  2) connect both your devices(one after each other) and make a backup. !!!Dont press the Sync button, press the Back Up Now Button
  3) Then it asks you if you want to backup applications as well. Confirm. (This is how apps get transferred manually)
  4) Then Sync your devices... The first time it might be, that there are some additional apps loaded to your devices you dont want to.. delete them on your Device (not iTunes) and after that you should be good every time you sync again.
  5) now you can empty your trash on your mac.
  Further,
  - You should regularly connect your devices with iTunes to make sure they are backed up. (Even if you have activated iCloud backup, the iTunes backup is more proper i.e.. Apps)
  - If you hate scrolling through a list of apps in iTunes, you can re/install apps directly on iOS not via iTunes. I absolutely never go to the "Applications" section in iTunes. I install and delete apps directly on iOS.
  jl

• HT204053 I have two Apple IDs and want to merge them so I use the same Apple ID for iCloud/IO6 and iTunes

  I have 2 Apple IDs and I want to merge them so I only use one. Can I change my Apple ID for iTunes to my iCloud/email ID? 

  You can't merge them but you can change the ID you use for iTunes store and app purchases.  To do this, go to Settings>iTunes & App Stores, tap the ID at the top, sign out, then sign back in using the other ID.

• How do I manage two apple ids and iCloud for my teen's iPad?

  Before my son turned 13, he used my Apple ID to set up his purchases for his first iPad.  Now he has his own apple ID.  He has his own iPhone and a different iPad for school.  The school wants him to use iCloud to back up everything. 
  I just set up iCloud but it wants to back up the items from my ID only.  How do I get it to back up from his ID too? 
  How can I even figure out which items are linked to his Apple ID and which ones are linked to my Apple ID? 
  For next school year, I want everything to work with his ID, not mine.  I wish I had just made him one in his name when he was 12!
  I'm not so worried about the apps, photos, etc.  I am more concerned about his documents from Pages, Keynote, iBooks... I think when he does his schoolwork it is saving to my Apple ID and not his.
  I've avoided syncing to the computers because we have 3 users with different IDs and several different devices and after a while it gets really confusing to know what belongs to whom.
  I know that a lot of people are frustrated that you can't merge Apple IDs -- seems like Apple ID is built for single people and not growing families who hand down older devices to other family members.

  You can see which ID he is signed into for iCloud by going to Settings>iCloud on his device(s) and viewing the ID shown next to Account.  This is the account that his documents are being store in, and the one his device is backing up to (if he is backing up to iCloud). 
  While it is possible to have more than one iCloud account on a device, there are limitations to the typed of data that additional ("secondary") accounts will sync.  Only the primary account (the one listed in Settings>iCloud) can be used for photo stream, bookmarks, documents, iCloud backup and Find My iDevice.  Because of this limitation, it isn't possible to sync (or "back up") documents from iWork to more than one iCloud account.

• I'm setting up Apple ids, and its not giving me the option to set up a rescue email. How can I add one?

  I'm setting up Apple IDs, and its not giving me the option to set up a rescue email. I've set up Apple ID's in the past, and its always given me the option. How can I add a rescue email?

  You can find the instructions here. I removed the screenshots but the text is copied below.
  http://support.apple.com/kb/HT5312?viewlocale=en_US&locale=en_US
  You can edit or delete your rescue email address at My Apple ID. To edit your rescue email address:
  Navigate to My Apple ID using your web browser.
  Click "Manage your account"
  When prompted, sign in using your Apple ID and password.
  Click Password & Security
  You'll be asked to answer 2 of your 3 security questions before you can make any modifications. If you are unable to remember your answers, you can choose to send an email to your rescue email to reset your security questions.
  Note: The option to send an email to reset your security questions and answers will not be available if a rescue email address is not provided. You will need to contact iTunes Store support in order to do so. 
  After you've validated your identity by correctly answering your security questions, click Edit to the right of your rescue email address.
  Once you've finished editing your rescue email address, click the Save button directly below the email field.  

• I have two apple ids and want to merge them.  can someone tell me how to do this

  I have two apple ids and want to merge them.  Can someone tell me how to do this.  What I am trying to do is sync my apps from my computer to my ipad, but can't seem to be able to access one of my apple ids.
  Thank You

  App Store: Downloading Older Versions of Apps
  http://tinyurl.com/meqxplg
  App Store: Install the latest compatible version of an app
  http://support.apple.com/kb/ht5919
  Apple’s iOS App Store now offers ‘last compatible’ versions of apps for older devices
  http://appleinsider.com/articles/13/09/17/apples-ios-app-store-now-offers-last-c ompatible-versions-of-apps-for-older-devices
   Cheers, Tom

• I appear to have two separate Apple IDs and have purchased music under both.  Is there any way to consolidate the accounts into one?

  I appear to have two separate Apple IDs and to have purchased music under both of them (one is my husband's email account, the other is mine).  Is there a way to consolidate them, or is it possible to make the purchases made under two separte IDs downloadable on the same device(s)?

  Not at this time. There is no way to merge two Apple IDs or be signed into the iTunes Store with more than one Apple ID at a time on an iOS device. However, you can USB sync the music to more than one device at a time, no problem. As long as all the music is on the same computer.