SlideShare a Scribd company logo

CCNA Security 011- implementing ios-based ips

Download as PPT, PDF
Ahmed Habib
Ahmed Habib

The document discusses implementing Intrusion Prevention Systems (IPS) using Cisco IOS-based IPS. It provides information on IPS and IDS functionality, comparing the two approaches. It also outlines the steps to configure and enable IOS-based IPS on a Cisco router, including downloading IPS files, creating a directory, configuring a crypto key, and enabling IPS. Common Cisco IPS solutions and management tools are also summarized.

Education
1 of 34
10- Implementing IOS-Based IPS Ahmed Sultan CCNA | CCNA Security | CCNP Security | JNCIA-Junos | CEH © 2009 Cisco Learning Institute. 1
Intrusion Prevention Systems (IPSs) 1. An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4. Traffic in violation of policy can be dropped by an IPS sensor. 2 Sensor Management Console 1 3 Target 4 Bit Bucket © 2009 Cisco Learning Institute. 2
Intrusion Detection Systems (IDSs) 1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. 2. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. 3. The IDS can also send an alarm to a management console for logging and other management purposes. Switch Sensor 3 Management Console 1 2 Target © 2009 Cisco Learning Institute. 3
Common characteristics of IDS and IPS  Both technologies are deployed using sensors.  Both technologies use signatures to detect patterns of misuse in network traffic.  Both can detect atomic patterns (single-packet) or composite patterns (multi-packet). © 2009 Cisco Learning Institute. 4
Comparing IDS and IPS Solutions Advantages Disadvantages  No impact on network (latency, jitter)  No network impact if there is a sensor failure  No network impact if there is sensor overload  Response action cannot stop trigger packets  Correct tuning required for response actions  Must have a well thought-out security policy  More vulnerable to network evasion techniques Promiscuous Mode IDS © 2009 Cisco Learning Institute. 5
Comparing IDS and IPS Solutions Advantages Disadvantages  Stops trigger packets  Can use stream normalization techniques  Sensor issues might affect network traffic  Sensor overloading impacts the network  Must have a well thought-out security policy  Some impact on network (latency, jitter) Inline Mode IPS © 2009 Cisco Learning Institute. 6
Network-Based Implementation MARS VPN CSA Remote Worker VPN CSA Remote Branch VPN Iron Port Firewall Web Server Email Server DNS IPS CSA CSA CSA © 2009 Cisco Learning Institute. 7
Host-Based Implementation MARS VPN CSA Remote Worker VPN CSA Remote Branch VPN Iron Port Firewall IPS Web Server Agent CSA Email Server DNS CSA Management Center for Cisco Security Agents CSA CSA CSA CSA CSA © 2009 Cisco Learning Institute. 8
Firewall Cisco Security Agent Corporate Network Agent Agent DNS Server Agent Web Server Application Server Agent Agent SMTP Server Agent Agent Management Center for Cisco Security Agents Agent Agent Untrusted Network video © 2009 Cisco Learning Institute. 9
Cisco IPS Solutions AIM and Network Module Enhanced • Integrates IPS into the Cisco 1841 (IPS AIM only), 2800 and 3800 ISR routers • IPS AIM occupies an internal AIM slot on router and has its own CPU and DRAM • Monitors up to 45 Mb/s of traffic • Provides full-featured intrusion protection • Is able to monitor traffic from all router interfaces • Can inspect GRE and IPsec traffic that has been decrypted at the router • Delivers comprehensive intrusion protection at branch offices, isolating threats from the corporate network • Runs the same software image as Cisco IPS Sensor Appliances © 2009 Cisco Learning Institute. 10
Cisco IPS Solutions ASA AIP-SSM • High-performance module designed to provide additional security services to the Cisco ASA 5500 Series Adaptive Security Appliance • Diskless design for improved reliability • External 10/100/1000 Ethernet interface for management and software downloads • Intrusion prevention capability • Runs the same software image as the Cisco IPS Sensor appliances © 2009 Cisco Learning Institute. 11
Cisco IPS Solutions 4200 Series Sensors • Appliance solution focused on protecting network devices, services, and applications • Sophisticated attack detection is provided. © 2009 Cisco Learning Institute. 12
Cisco IPS Solutions Cisco Catalyst 6500 Series IDSM-2 • Switch-integrated intrusion protection module delivering a high-value security service in the core network fabric device • Support for an unlimited number of VLANs • Intrusion prevention capability • Runs the same software image as the Cisco IPS Sensor Appliances © 2009 Cisco Learning Institute. 13
IPS Sensors • Factors that impact IPS sensor selection and deployment: - Amount of network traffic - Network topology - Security budget - Available security staff • Size of implementation - Small (branch offices) - Large - Enterprise © 2009 Cisco Learning Institute. 14
Signature Characteristics Hey, come look at this. This looks like the signature of a LAND attack. • An IDS or IPS sensor matches a signature with a data flow • The sensor takes action • Signatures have three distinctive attributes - Signature type - Signature trigger - Signature action © 2009 Cisco Learning Institute. 15
Cisco Signature List © 2009 Cisco Learning Institute. 16
Signature Alarms Alarm Type Network Activity IPS Activity Outcome False positive Normal user traffic Alarm generated Tune alarm False negative Attack traffic No alarm generated Tune alarm True positive Attack traffic Alarm generated Ideal setting True negative Normal user traffic No alarm generated Ideal setting © 2009 Cisco Learning Institute. 17
Cisco IPS Solutions • Locally Managed Solutions: - Cisco Configuration Professional (CCP) • Centrally Managed Solutions: - Cisco IDS Event Viewer (IEV) - Cisco Security Manager (CSM) - Cisco Security Monitoring, Analysis, and Response System (MARS) © 2009 Cisco Learning Institute. 18
Cisco IPS Device Manager • A web-based configuration tool • Shipped at no additional cost with the Cisco IPS Sensor Software • Enables an administrator to configure and manage a sensor • The web server resides on the sensor and can be accessed through a web browser © 2009 Cisco Learning Institute. 19
Cisco IPS Event Viewer • View and manage alarms for up to five sensors • Connect to and view alarms in real time or in imported log files • Configure filters and views to help you manage the alarms. • Import and export event data for further analysis. © 2009 Cisco Learning Institute. 20
Cisco Security Manager • Powerful, easy-to-use solution to centrally provision all aspects of device configurations and security policies for Cisco firewalls, VPNs, and IPS • Support for IPS sensors and Cisco IOS IPS • Automatic policy-based IPS sensor software and signature updates • Signature update wizard © 2009 Cisco Learning Institute. 21
Cisco Security Monitoring Analytic and Response System • An appliance-based, all-inclusive solution that allows network and security administrators to monitor, identify, isolate, and counter security threats • Enables organizations to more effectively use their network and security resources. • Works in conjunction with Cisco CSM. © 2009 Cisco Learning Institute. 22
Secure Device Event Exchange Network Management Console Alarm SDEE Protocol Syslog Server Alarm Syslog • The SDEE format was developed to improve communication of events generated by security devices • Allows additional event types to be included as they are defined © 2009 Cisco Learning Institute. 23
Overview of Implementing IOS IPS 1. Download the IOS IPS files 2. Create an IOS IPS configuration directory on Flash 3. Configure an IOS IPS crytpo key 4. Enable IOS IPS 5. Load the IOS IPS Signature Package to the router I want to use CLI to manage my signature files for IPS. I have downloaded the IOS IPS files. © 2009 Cisco Learning Institute. 24
1. Download the Signature File Download IOS IPS signature package files and public crypto key © 2009 Cisco Learning Institute. 25
2. Create Directory R1# mkdir ips Create directory filename [ips]? Created dir flash:ips R1# R1# dir flash: Directory of flash:/ 5 -rw- 51054864 Jan 10 2009 15:46:14 -08:00 c2800nm-advipservicesk9-mz.124-20.T1.bin 6 drw- 0 Jan 15 2009 11:36:36 -08:00 ips 64016384 bytes total (12693504 bytes free) R1# To rename a directory: R1# rename ips ips_new Destination filename [ips_new]? R1# © 2009 Cisco Learning Institute. 26
3. Configure the Crypto Key R1# conf t R1(config)# 1 2 1 – Highlight and copy the text contained in the public key file. 2 – Paste it in global configuration mode. © 2009 Cisco Learning Institute. 27
Confirm the Crypto Key R1# show run <Output omitted> crypto key pubkey-chain rsa named-key realm-cisco.pub signature key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE 2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 F3020301 0001 <Output omitted> © 2009 Cisco Learning Institute. 28
4. Enable IOS IPS R1(config)# ip ips name iosips R1(config)# ip ips name ips list ? <1-199> Numbered access list WORD Named access list R1(config)# R1(config)# ip ips config location flash:ips R1(config)# 1 – IPS rule is created 2 – IPS location in flash identified 1 2 R1(config)# ip http server R1(config)# ip ips notify sdee R1(config)# ip ips notify log R1(config)# 3 – SDEE and Syslog notification are enabled 3 © 2009 Cisco Learning Institute. 29
4. Enable IOS IPS R1(config)# ip ips signature-category R1(config-ips-category)# category all R1(config-ips-category-action)# retired true R1(config-ips-category-action)# exit R1(config-ips-category)# R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# retired false R1(config-ips-category-action)# exit R1(config-ips-category)# exit Do you want to accept these changes? [confirm] y R1(config)# 1 – The IPS all category is retired 2 – The IPS basic category is unretired. 1 2 R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip ips iosips in R1(config-if)# exit R1(config)#exit 3 – The IPS rule is applied in a incoming direction R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip ips iosips in R1(config-if)# ip ips iosips out R1(config-if)# exit R1(config)# exit 4 – The IPS rule is applied in an incoming and outgoing direction. 3 4 © 2009 Cisco Learning Institute. 30
5. Load Signature Package 1 – Copy the signatures from the FTP server. R1# copy ftp://cisco:cisco@10.1.1.1/IOS-S376-CLI.pkg idconf Loading IOS-S310-CLI.pkg !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 7608873/4096 bytes] *Jan 15 16:44:47 PST: %IPS-6-ENGINE_BUILDS_STARTED: 16:44:47 PST Jan 15 2008 *Jan 15 16:44:47 PST: %IPS-6-ENGINE_BUILDING: multi-string - 8 signatures - 1 of 13 engines *Jan 15 16:44:47 PST: %IPS-6-ENGINE_READY: multi-string - build time 4 ms - packets for this engine will be scanned *Jan 15 16:44:47 PST: %IPS-6-ENGINE_BUILDING: service-http - 622 signatures - 2 of 13 engines *Jan 15 16:44:53 PST: %IPS-6-ENGINE_READY: service-http - build time 6024 ms - packets for this engine will be scanned <Output omitted> *Jan 15 16:45:18 PST: %IPS-6-ENGINE_BUILDING: service-smb-advanced - 35 signatures - 12 of 13 engines *Jan 15 16:45:18 PST: %IPS-6-ENGINE_READY: service-smb-advanced - build time 16 ms - packets for this engine will be scanned *Jan 15 16:45:18 PST: %IPS-6-ENGINE_BUILDING: service-msrpc - 25 signatures - 13 of 13 engines *Jan 15 16:45:18 PST: %IPS-6-ENGINE_READY: service-msrpc - build time 32 ms - packets for this engine will be scanned *Jan 15 16:45:18 PST: %IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 31628 ms 2 – Signature compiling begins immediately after the signature package is loaded to the router. 1 2 © 2009 Cisco Learning Institute. 31
Verify the Signature R1# show ip ips signature count Cisco SDF release version S310.0 ← signature package release version Trend SDF release version V0.0 Signature Micro-Engine: multi-string: Total Signatures 8 multi-string enabled signatures: 8 multi-string retired signatures: 8 <Output omitted> Signature Micro-Engine: service-msrpc: Total Signatures 25 service-msrpc enabled signatures: 25 service-msrpc retired signatures: 18 service-msrpc compiled signatures: 1 service-msrpc inactive signatures - invalid params: 6 Total Signatures: 2136 Total Enabled Signatures: 807 Total Retired Signatures: 1779 Total Compiled Signatures: 351 ← total compiled signatures for the IOS IPS Basic category Total Signatures with invalid parameters: 6 Total Obsoleted Signatures: 11 R1# © 2009 Cisco Learning Institute. 32
Configuring IOS IPS in CCP LAB © 2009 Cisco Learning Institute. 33
CCNA Security 011- implementing ios-based ips

Recommended

CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asa
Ahmed Habib
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
 
CCNA Security - Chapter 4
CCNA Security - Chapter 4CCNA Security - Chapter 4
CCNA Security - Chapter 4Irsandi Hasan
 
CCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsCCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systems
Ahmed Habib
 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Ahmed Habib
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
Ahmed Habib
 

Recommended

CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asa
Ahmed Habib
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
 
CCNA Security - Chapter 4
CCNA Security - Chapter 4CCNA Security - Chapter 4
CCNA Security - Chapter 4Irsandi Hasan
 
CCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsCCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systems
Ahmed Habib
 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Ahmed Habib
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
Ahmed Habib
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
Ahmed Habib
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
CCNA Security - Chapter 9
CCNA Security - Chapter 9CCNA Security - Chapter 9
CCNA Security - Chapter 9Irsandi Hasan
 
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamCisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
Jysmeen
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
Ccna security
Ccna securityCcna security
Ccna securitydkaya
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
Jack Melson
 
CCNA Security 03- network foundation protection
CCNA Security 03- network foundation protectionCCNA Security 03- network foundation protection
CCNA Security 03- network foundation protection
Ahmed Habib
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Solomon Abavire Kobina,
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewallmohannadalhanahnah
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
OSPF v3
OSPF v3OSPF v3
OSPF v3Irsandi Hasan
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
Irsandi Hasan
 

More Related Content

What's hot

CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
Ahmed Habib
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
CCNA Security - Chapter 9
CCNA Security - Chapter 9CCNA Security - Chapter 9
CCNA Security - Chapter 9Irsandi Hasan
 
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamCisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
Jysmeen
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
Ccna security
Ccna securityCcna security
Ccna securitydkaya
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
Jack Melson
 
CCNA Security 03- network foundation protection
CCNA Security 03- network foundation protectionCCNA Security 03- network foundation protection
CCNA Security 03- network foundation protection
Ahmed Habib
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 

What's hot (20)

CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 
CCNA Security - Chapter 9
CCNA Security - Chapter 9CCNA Security - Chapter 9
CCNA Security - Chapter 9
 
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamCisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
 
Ccna security
Ccna securityCcna security
Ccna security
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overview
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 
CCNA Security 03- network foundation protection
CCNA Security 03- network foundation protectionCCNA Security 03- network foundation protection
CCNA Security 03- network foundation protection
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewall
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 

Viewers also liked

CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
Irsandi Hasan
 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1Irsandi Hasan
 
CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4Irsandi Hasan
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
Irsandi Hasan
 
CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8
Irsandi Hasan
 
CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8
Irsandi Hasan
 
CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7
Irsandi Hasan
 
CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6
Irsandi Hasan
 
CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11Irsandi Hasan
 
CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1Irsandi Hasan
 
CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2Irsandi Hasan
 
CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3Irsandi Hasan
 

Viewers also liked (16)

OSPF v3
OSPF v3OSPF v3
OSPF v3
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1
 
ITE - Chapter 2
ITE - Chapter 2ITE - Chapter 2
ITE - Chapter 2
 
ITE - Chapter 7
ITE - Chapter 7ITE - Chapter 7
ITE - Chapter 7
 
CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
 
CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8
 
CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8
 
CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7
 
ITE - Chapter 9
ITE - Chapter 9ITE - Chapter 9
ITE - Chapter 9
 
CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6
 
CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11
 
CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1
 
CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2
 
CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3
 

Similar to CCNA Security 011- implementing ios-based ips

Chapter 5 overview
Chapter 5 overviewChapter 5 overview
Chapter 5 overviewali raza
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
Hecrocro
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2
عبودي خلف
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA Cyber Security
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOCISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
Happy Sad
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
Nur Shiqim Chok
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
L. Duke Golden
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktg
L. Duke Golden
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best Practices
Precisely
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
Rony Melo
 
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PROIDEA
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Canada
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
Nil Menon
 

Similar to CCNA Security 011- implementing ios-based ips (20)

Chapter 5 overview
Chapter 5 overviewChapter 5 overview
Chapter 5 overview
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOCISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
 
CCNP Security-IPS
CCNP Security-IPSCCNP Security-IPS
CCNP Security-IPS
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktg
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best Practices
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 

Recently uploaded

Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
DhatriParmar
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
ShivajiThube2
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 

Recently uploaded (20)

Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 

CCNA Security 011- implementing ios-based ips

  • 1. 10- Implementing IOS-Based IPS Ahmed Sultan CCNA | CCNA Security | CCNP Security | JNCIA-Junos | CEH © 2009 Cisco Learning Institute. 1
  • 2. Intrusion Prevention Systems (IPSs) 1. An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4. Traffic in violation of policy can be dropped by an IPS sensor. 2 Sensor Management Console 1 3 Target 4 Bit Bucket © 2009 Cisco Learning Institute. 2
  • 3. Intrusion Detection Systems (IDSs) 1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. 2. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. 3. The IDS can also send an alarm to a management console for logging and other management purposes. Switch Sensor 3 Management Console 1 2 Target © 2009 Cisco Learning Institute. 3
  • 4. Common characteristics of IDS and IPS  Both technologies are deployed using sensors.  Both technologies use signatures to detect patterns of misuse in network traffic.  Both can detect atomic patterns (single-packet) or composite patterns (multi-packet). © 2009 Cisco Learning Institute. 4
  • 5. Comparing IDS and IPS Solutions Advantages Disadvantages  No impact on network (latency, jitter)  No network impact if there is a sensor failure  No network impact if there is sensor overload  Response action cannot stop trigger packets  Correct tuning required for response actions  Must have a well thought-out security policy  More vulnerable to network evasion techniques Promiscuous Mode IDS © 2009 Cisco Learning Institute. 5
  • 6. Comparing IDS and IPS Solutions Advantages Disadvantages  Stops trigger packets  Can use stream normalization techniques  Sensor issues might affect network traffic  Sensor overloading impacts the network  Must have a well thought-out security policy  Some impact on network (latency, jitter) Inline Mode IPS © 2009 Cisco Learning Institute. 6
  • 7. Network-Based Implementation MARS VPN CSA Remote Worker VPN CSA Remote Branch VPN Iron Port Firewall Web Server Email Server DNS IPS CSA CSA CSA © 2009 Cisco Learning Institute. 7
  • 8. Host-Based Implementation MARS VPN CSA Remote Worker VPN CSA Remote Branch VPN Iron Port Firewall IPS Web Server Agent CSA Email Server DNS CSA Management Center for Cisco Security Agents CSA CSA CSA CSA CSA © 2009 Cisco Learning Institute. 8
  • 9. Firewall Cisco Security Agent Corporate Network Agent Agent DNS Server Agent Web Server Application Server Agent Agent SMTP Server Agent Agent Management Center for Cisco Security Agents Agent Agent Untrusted Network video © 2009 Cisco Learning Institute. 9
  • 10. Cisco IPS Solutions AIM and Network Module Enhanced • Integrates IPS into the Cisco 1841 (IPS AIM only), 2800 and 3800 ISR routers • IPS AIM occupies an internal AIM slot on router and has its own CPU and DRAM • Monitors up to 45 Mb/s of traffic • Provides full-featured intrusion protection • Is able to monitor traffic from all router interfaces • Can inspect GRE and IPsec traffic that has been decrypted at the router • Delivers comprehensive intrusion protection at branch offices, isolating threats from the corporate network • Runs the same software image as Cisco IPS Sensor Appliances © 2009 Cisco Learning Institute. 10
  • 11. Cisco IPS Solutions ASA AIP-SSM • High-performance module designed to provide additional security services to the Cisco ASA 5500 Series Adaptive Security Appliance • Diskless design for improved reliability • External 10/100/1000 Ethernet interface for management and software downloads • Intrusion prevention capability • Runs the same software image as the Cisco IPS Sensor appliances © 2009 Cisco Learning Institute. 11
  • 12. Cisco IPS Solutions 4200 Series Sensors • Appliance solution focused on protecting network devices, services, and applications • Sophisticated attack detection is provided. © 2009 Cisco Learning Institute. 12
  • 13. Cisco IPS Solutions Cisco Catalyst 6500 Series IDSM-2 • Switch-integrated intrusion protection module delivering a high-value security service in the core network fabric device • Support for an unlimited number of VLANs • Intrusion prevention capability • Runs the same software image as the Cisco IPS Sensor Appliances © 2009 Cisco Learning Institute. 13
  • 14. IPS Sensors • Factors that impact IPS sensor selection and deployment: - Amount of network traffic - Network topology - Security budget - Available security staff • Size of implementation - Small (branch offices) - Large - Enterprise © 2009 Cisco Learning Institute. 14
  • 15. Signature Characteristics Hey, come look at this. This looks like the signature of a LAND attack. • An IDS or IPS sensor matches a signature with a data flow • The sensor takes action • Signatures have three distinctive attributes - Signature type - Signature trigger - Signature action © 2009 Cisco Learning Institute. 15
  • 16. Cisco Signature List © 2009 Cisco Learning Institute. 16
  • 17. Signature Alarms Alarm Type Network Activity IPS Activity Outcome False positive Normal user traffic Alarm generated Tune alarm False negative Attack traffic No alarm generated Tune alarm True positive Attack traffic Alarm generated Ideal setting True negative Normal user traffic No alarm generated Ideal setting © 2009 Cisco Learning Institute. 17
  • 18. Cisco IPS Solutions • Locally Managed Solutions: - Cisco Configuration Professional (CCP) • Centrally Managed Solutions: - Cisco IDS Event Viewer (IEV) - Cisco Security Manager (CSM) - Cisco Security Monitoring, Analysis, and Response System (MARS) © 2009 Cisco Learning Institute. 18
  • 19. Cisco IPS Device Manager • A web-based configuration tool • Shipped at no additional cost with the Cisco IPS Sensor Software • Enables an administrator to configure and manage a sensor • The web server resides on the sensor and can be accessed through a web browser © 2009 Cisco Learning Institute. 19
  • 20. Cisco IPS Event Viewer • View and manage alarms for up to five sensors • Connect to and view alarms in real time or in imported log files • Configure filters and views to help you manage the alarms. • Import and export event data for further analysis. © 2009 Cisco Learning Institute. 20
  • 21. Cisco Security Manager • Powerful, easy-to-use solution to centrally provision all aspects of device configurations and security policies for Cisco firewalls, VPNs, and IPS • Support for IPS sensors and Cisco IOS IPS • Automatic policy-based IPS sensor software and signature updates • Signature update wizard © 2009 Cisco Learning Institute. 21
  • 22. Cisco Security Monitoring Analytic and Response System • An appliance-based, all-inclusive solution that allows network and security administrators to monitor, identify, isolate, and counter security threats • Enables organizations to more effectively use their network and security resources. • Works in conjunction with Cisco CSM. © 2009 Cisco Learning Institute. 22
  • 23. Secure Device Event Exchange Network Management Console Alarm SDEE Protocol Syslog Server Alarm Syslog • The SDEE format was developed to improve communication of events generated by security devices • Allows additional event types to be included as they are defined © 2009 Cisco Learning Institute. 23
  • 24. Overview of Implementing IOS IPS 1. Download the IOS IPS files 2. Create an IOS IPS configuration directory on Flash 3. Configure an IOS IPS crytpo key 4. Enable IOS IPS 5. Load the IOS IPS Signature Package to the router I want to use CLI to manage my signature files for IPS. I have downloaded the IOS IPS files. © 2009 Cisco Learning Institute. 24
  • 25. 1. Download the Signature File Download IOS IPS signature package files and public crypto key © 2009 Cisco Learning Institute. 25
  • 26. 2. Create Directory R1# mkdir ips Create directory filename [ips]? Created dir flash:ips R1# R1# dir flash: Directory of flash:/ 5 -rw- 51054864 Jan 10 2009 15:46:14 -08:00 c2800nm-advipservicesk9-mz.124-20.T1.bin 6 drw- 0 Jan 15 2009 11:36:36 -08:00 ips 64016384 bytes total (12693504 bytes free) R1# To rename a directory: R1# rename ips ips_new Destination filename [ips_new]? R1# © 2009 Cisco Learning Institute. 26
  • 27. 3. Configure the Crypto Key R1# conf t R1(config)# 1 2 1 – Highlight and copy the text contained in the public key file. 2 – Paste it in global configuration mode. © 2009 Cisco Learning Institute. 27
  • 28. Confirm the Crypto Key R1# show run <Output omitted> crypto key pubkey-chain rsa named-key realm-cisco.pub signature key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE 2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 F3020301 0001 <Output omitted> © 2009 Cisco Learning Institute. 28
  • 29. 4. Enable IOS IPS R1(config)# ip ips name iosips R1(config)# ip ips name ips list ? <1-199> Numbered access list WORD Named access list R1(config)# R1(config)# ip ips config location flash:ips R1(config)# 1 – IPS rule is created 2 – IPS location in flash identified 1 2 R1(config)# ip http server R1(config)# ip ips notify sdee R1(config)# ip ips notify log R1(config)# 3 – SDEE and Syslog notification are enabled 3 © 2009 Cisco Learning Institute. 29
  • 30. 4. Enable IOS IPS R1(config)# ip ips signature-category R1(config-ips-category)# category all R1(config-ips-category-action)# retired true R1(config-ips-category-action)# exit R1(config-ips-category)# R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# retired false R1(config-ips-category-action)# exit R1(config-ips-category)# exit Do you want to accept these changes? [confirm] y R1(config)# 1 – The IPS all category is retired 2 – The IPS basic category is unretired. 1 2 R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip ips iosips in R1(config-if)# exit R1(config)#exit 3 – The IPS rule is applied in a incoming direction R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip ips iosips in R1(config-if)# ip ips iosips out R1(config-if)# exit R1(config)# exit 4 – The IPS rule is applied in an incoming and outgoing direction. 3 4 © 2009 Cisco Learning Institute. 30
  • 31. 5. Load Signature Package 1 – Copy the signatures from the FTP server. R1# copy ftp://cisco:cisco@10.1.1.1/IOS-S376-CLI.pkg idconf Loading IOS-S310-CLI.pkg !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 7608873/4096 bytes] *Jan 15 16:44:47 PST: %IPS-6-ENGINE_BUILDS_STARTED: 16:44:47 PST Jan 15 2008 *Jan 15 16:44:47 PST: %IPS-6-ENGINE_BUILDING: multi-string - 8 signatures - 1 of 13 engines *Jan 15 16:44:47 PST: %IPS-6-ENGINE_READY: multi-string - build time 4 ms - packets for this engine will be scanned *Jan 15 16:44:47 PST: %IPS-6-ENGINE_BUILDING: service-http - 622 signatures - 2 of 13 engines *Jan 15 16:44:53 PST: %IPS-6-ENGINE_READY: service-http - build time 6024 ms - packets for this engine will be scanned <Output omitted> *Jan 15 16:45:18 PST: %IPS-6-ENGINE_BUILDING: service-smb-advanced - 35 signatures - 12 of 13 engines *Jan 15 16:45:18 PST: %IPS-6-ENGINE_READY: service-smb-advanced - build time 16 ms - packets for this engine will be scanned *Jan 15 16:45:18 PST: %IPS-6-ENGINE_BUILDING: service-msrpc - 25 signatures - 13 of 13 engines *Jan 15 16:45:18 PST: %IPS-6-ENGINE_READY: service-msrpc - build time 32 ms - packets for this engine will be scanned *Jan 15 16:45:18 PST: %IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 31628 ms 2 – Signature compiling begins immediately after the signature package is loaded to the router. 1 2 © 2009 Cisco Learning Institute. 31
  • 32. Verify the Signature R1# show ip ips signature count Cisco SDF release version S310.0 ← signature package release version Trend SDF release version V0.0 Signature Micro-Engine: multi-string: Total Signatures 8 multi-string enabled signatures: 8 multi-string retired signatures: 8 <Output omitted> Signature Micro-Engine: service-msrpc: Total Signatures 25 service-msrpc enabled signatures: 25 service-msrpc retired signatures: 18 service-msrpc compiled signatures: 1 service-msrpc inactive signatures - invalid params: 6 Total Signatures: 2136 Total Enabled Signatures: 807 Total Retired Signatures: 1779 Total Compiled Signatures: 351 ← total compiled signatures for the IOS IPS Basic category Total Signatures with invalid parameters: 6 Total Obsoleted Signatures: 11 R1# © 2009 Cisco Learning Institute. 32
  • 33. Configuring IOS IPS in CCP LAB © 2009 Cisco Learning Institute. 33