RE: CISCOs new IPS

["Billy Dodson" <billy () pmicromart com>]

The product I was referring to is the Cisco IOS IPS
http://www.cisco.com/warp/public/732/Tech/security/intrusion/

I was not aware of a hardware appliance...but should have known they
would have one....Cisco makes everything an appliance.

-----Original Message-----
From: Krystian Antoni [mailto:krystianantoni () gmail com] 
Sent: Friday, January 07, 2005 1:10 AM
To: Billy Dodson
Cc: loloinfo () free fr; focus-ids () securityfocus com
Subject: Re: CISCOs new IPS

can u tell me OS version of the cisco IPS you talking about?

my dealer said that Cisco IPS composes of a Cisco IDS(alternatily
called an IPS) v.5 OS which is not yet available. Currently Cisco IPS
works on v.4.1.4 IDS OS which is in every Cisco IDS (ex 4235), but
when v.5 will become available it will be replaced for free on IPS
boxes. Hence true IPS function is not yet available.


On Thu, 6 Jan 2005 14:18:10 -0600, Billy Dodson <billy () pmicromart com>
wrote:
> The cisco IPS is not quite what I thought it was going to be.  The IPS
> is intended for use at branch offices or remote users where you would
> not normally spring for a fire-walling device.  The IPS is nothing
more
> then a IOS router with IOS firewall and the IDS engine.  The IPS is
just
> software that runs on a cisco router.  It can use around 740
signatures
> from the cisco IDS to run its "prevention".  It basically turns your
> router into a small IDS/firewall.  It will be able to create access
> lists or shuns on the fly.  The same as a current cisco IDS works in
> conjunction with an IOS router or PIX firewall.  This device is not
> intended to be the first line of defense within the network.
>
> The cisco IPS is not replacing the cisco IDS.  The cisco IDS is still
a
> good product and can be used as a prevention device when used in
> conjunction with a router or firewall.  You can configure the sensor
to
> send commands to the router or firewall to Shun the connection or
create
> an access list on a router.
>
>
> -----Original Message-----
> From: loloinfo () free fr [mailto:loloinfo () free fr]
> Sent: Monday, January 03, 2005 5:52 AM
> To: Christoph Pertl (tm011081)
> Cc: focus-ids () securityfocus com
> Subject: Re: CISCOs new IPS
>
> is it CSA ??????????????
>
> Selon "Christoph Pertl (tm011081)" <tm011081 () fh-stpoelten ac at>:
>
> > Hi,
> >
> > I'm right now in the middle of a Project with the goal to implement
an
> IPS
> > in an existing infrastructure. One of our possible Partners offers
us
> the
> > new IPS Product from Cisco.
> >
> > Does anyone of you now something about this machine or at least
about
> the
> > older IDS-Box because I think the Inspection Engine will be the
same?
> > Any Information about how well it performs in a real environment
would
> be
> > great
> >
> > Christoph
------------------------------------------------------------------------
> --
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks
from
> > CORE IMPACT.
> > Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > to learn more.
------------------------------------------------------------------------
> --
> >
------------------------------------------------------------------------
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
------------------------------------------------------------------------
> --
------------------------------------------------------------------------
--
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
------------------------------------------------------------------------
--
>



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------