I noticed, especially in the last year of my classroom instruction, special attention being given to password management on all Cisco security devices. This post provides an overview of notable enhancements to the IOS® router and Intrusion Prevention System platforms. The reader will note that many of these enhancements were made to code releases issued in the past one to two years.

As I mentioned in a previous post„this third part of the series about parallel features of the Cisco ASA and IPS covers the topic of asymmetric packet flow.

This is a highly specialized exception condition (to be deliberately avoided, if possible!) where either (or both!) the ASA and IPS appliances see traffic in one direction only. We’ll briefly examine how this situation can be handled and the implications of its use.

To continue a post from several weeks ago, I’d like to compare another parallel feature between the Cisco ASA security appliance and the Cisco Intrusion Prevention System (IPS): the normalizer function. On both device platforms this component is a valuable defense mechanism against both fragmentation and denial-of-service (DoS) attacks. Once more I’ll highlight key operational characteristics.

The more I teach the new Cisco FIREWALL and the newest version (7.0) of the Implementing Cisco Intrusion Prevention Systems classes, the more I’m struck by the similarities of functions between the two major platforms. Now to some that would seem like a silly statement since it’s common knowledge that an IPS card can be installed into an ASA chassis; however, what I’ll illustrate in this post is the similar functionalities in processing that can take place either with the ASA chassis CPU or the IPS appliance/module CPU. This first part of a two-part series will deal with Application Inspection and Control, sometimes referred to as DPI or Deep Packet Inspection. Rather than give detailed commands, this will serve as a high-level comparison.

In each Cisco Intrusion Prevention System (IPS) signature specification, there are a number of fields immediately following the Signature Name that can be administratively defined. These are configured beneath the Sig Description subheading and include:

* Signature Name (if customized)
* Alert Notes
* User Comments
* Alert Traits

One desired feature in the Cisco Intrusion Prevention System (IPS) product line is the ability to centralize logins through the use of an external TACACS+ or RADIUS server. The Cisco MARS appliance, frequently coupled with one or more IPS sensors, obtained this capability in its 6.0 OS release more than two years ago. This article will explore the implementation of RADIUS on the IPS sensor as first implemented in OS 7.0.

The newest (and greatly preferred) GUI tool to configure the Cisco Intrusion Prevention System sensor is IPS Manager Express, a product that actually replaces two alternatives. Originally a network administrator required IPS Device Manager (IDM) to configure the device and IPS Event Viewer to display the event alarms; now both provisioning and monitoring are part of a single elegant platform. This article gives a “brief tour” of the product’s demo mode.

Every once in a while I will have a student in one of my classes who is an employee of Cisco Systems. When questioned by curious fellow students as to either forthcoming products or enhancements to current ones, the standard reply is often “…it’s on the roadmap”. Over the years I’ve come to conclude that […]

According to the Cisco 2Q10 Global Threat Report, IPS SQL injection signature firings increased substantially in 2Q10, coinciding with outbreaks of SQL-injection-compromised websites. So, just what is a SQL Injection? SQL is used to manage the data contained in relational databases, and administer the SQL servers that house that data. A SQL injection attack uses […]

Last month Cisco announced a Cisco IOS TCP Denial of Service Vulnerability. What is more notable than the vulnerability itself (limited only to release 15.1(2)T and concerning the TCP state table being “stuck” in SYNSENT or SYNRCVD states) is the reference cited as a guide for hardening of the IOS on the router. Immediately upon […]