worm. . worm

Zero-day attack, Software
software software .

. are

attack tries to unknown

IDS- . . log fileIntrusion Detection Systems (IDSs) .Intrusion Detection System worm. . traffictraffic monitored traffic .IDSforward log file.

. .Intrusion Prevention System IDS IDS- Intrusion Prevention System (IPS) inline mode . profile-based. signatureintrusion detection .IPS . . . IPS traffic- IPS monitorattack- Cisco IPS based. Layer 3 Layer 4 traffic packetLayers 27 . .

IDS. . IDS platform sensor packet . IDS virus- Users deploying IDS sensor response actions must have a well thought-out security policy. Finally. attack- . because IDS sensors are not inline. an IDS implementation is more vulnerable to network evasion techniques used by various network threats. . Network module- install- IDS IDS platform IDS sensor inline . . sensor .router. Cisco IOS IPS software IDS IPS Router switch . mode. . . . traffic . Users must spend time tuning IDS sensors to achieve expected levels of intrusion detection.IDS IDS IDS : IPS IPS IPS sensor share . mode. wormemail. . combined with a good operational understanding of their IDS deployments.

modulesignature. packet source IP address source IP . ISR router. inline . . . Network-based IPS Network-based IPS . packet .IPS sensor . . . IPS errortraffic . . IPS sensor Host-Based IPS IDS y y end-to-end IPS network-based host-based . Catalyst 6500 . IDS trigger packet- IPS sensor packet . IPS. . ASA firewall monitortraffic .IPS IPS platform- mode inline- .

log ± HIPS manage . HIPS system. Cisco Security Agent (CSA) . hostfile system. . .Host-based IPS Host-based computerhost prevention system (HIPS) . CSA software and host- host. HIPS hostlog file.log. labor-intensive .

CSA 2 : Management Center - . Security Agent . .host system. .

Sign up to vote on this title
UsefulNot useful