Lab Ex.

No: 4 Date : Apr 02, 2021

Reg.No: 17MIS0222 Name: D.UMA MAHESH

Topic : Configuration of IPS in Packet Tracer

Aim : To do the configuration of IPS on Cisco Packet Tracer.

Background :

IPS:
Intrusion Prevention System is also known as Intrusion Detection and
Prevention System. It is a network security application that monitors network or
system activities for malicious activity. Major functions of intrusion prevention
systems are to identify malicious activity, collect information about this activity,
report it and attempt to block or stop it.

The Intrusion Prevention System scans traffic to look for known attack patterns to
block. It watches packets and sessions as they flow through the router and scans each
packet to match any of the Cisco IPS signatures. When it detects suspicious activity,
it is designed to log or block it. It is important to update the IPS and Antivirus
databases and definitions. These can be updated manually or automatically.

Types:

Intrusion Prevention System (IPS) is classified into 4 types:

1. Network-based intrusion prevention system (NIPS):It monitors the entire

network for suspicious traffic by analyzing protocol activity.

2. Wireless intrusion prevention system (WIPS):It monitors a wireless network

for suspicious traffic by analyzing wireless networking protocols.
3. Network behavior analysis (NBA):It examines network traffic to identify
threats that generate unusual traffic flows, such as distributed denial of service
attacks, specific forms of malware and policy violations.

4. Host-based intrusion prevention system (HIPS):It is an inbuilt software

package which operates a single host for doubtful activity by scanning events
that occur within that host.

NETWORK ARCHITECTURE:

Tasks:

• Enable IOS IPS.

• Configure logging.

• Modify an IPS signature.

• Verify IPS.

 Verifying the Network Connectivity:

 Ping was successful

 Create an IOS IPS configuration directory in flash:

 Configure the IPS Signature Storage Location
 Create an IPS Rule
 Enable Logging
 Configure IOS IPS to use the signature categories
  Apply the IPS rule to interface

MODIFY THE SIGNATURE:

 Change the event-action of a signature

PC-C_UMA MAHESH:

This is because the IPS rule for event-action of an echo request was set to
“denypacket-inline”.
Ping was successful. Because the IPS rule does not cover echo reply. When PC-
A pings PC-C. PC-C responds with an echo reply.

 View the syslog messages.

1. Click the Syslog server.

2. Select the Services tab.
3. In the left navigation menu,select SYSLOG to view the log file.