ch20lev1sec2.html

Network Intrusion Prevention Overview

Networks today have grown both in size and complexity while the environment has remained highly exposed and vulnerable. Because of the evolving network landscape, networks require a security solution that works throughout the network in collaboration with all the network devices, servers, and endpoints within the network.

There are several challenges for securing modern-day networks to provide in-depth defense:

Security incidents and evolving threats are on the rise and are increasing exponentially.
The complexity and sophistication of malicious codes and network exploits continues to rise.
The potential impact resulting from these attacks is significant.
Multiple technologies are working together, in contrast to the point products deployed independently in the past.

The Cisco Network Intrusion Prevention solution is an integral part of the Cisco Self-Defending Network strategy that provides network intelligence to identify and prevent malicious traffic including network viruses, worms, spyware, adware, and application abuse. The solution offers comprehensive threat prevention and protection for a wide range of network intrusions and attacks.

The Cisco Network-based Intrusion Prevention solution protects the network from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic at Layers 2 through 7, across the entire network.

Table 20-1 lists the various Cisco Network-based Intrusion Prevention solutions available on various platforms.

Table 20-1. Cisco Network-Based Intrusion Prevention Solutions
Solution Product Description
Cisco IPS 4200 Series Appliance Sensor Dedicated hardware appliance platform
Cisco IDS Services Module 2 (IDSM-2) Security module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco Advanced Inspection and Protection Security Services Module (AIP-SSM) Security module for Cisco ASA 5500 Series Adaptive Security Appliances
Cisco IPS Advanced Integration Module (IPS-AIM) Network module for Cisco Integrated Services Routers (ISR), providing IPS capabilities
Cisco Internetwork Operating System (IOS) IPS Focused set of IPS capabilities using Cisco IOS Software on the router

Table 20-1. Cisco Network-Based Intrusion Prevention Solutions
Solution Product	Description
Cisco IPS 4200 Series Appliance Sensor	Dedicated hardware appliance platform
Cisco IDS Services Module 2 (IDSM-2)	Security module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco Advanced Inspection and Protection Security Services Module (AIP-SSM)	Security module for Cisco ASA 5500 Series Adaptive Security Appliances
Cisco IPS Advanced Integration Module (IPS-AIM)	Network module for Cisco Integrated Services Routers (ISR), providing IPS capabilities
Cisco Internetwork Operating System (IOS) IPS	Focused set of IPS capabilities using Cisco IOS Software on the router

The following sections will briefly highlight the features and provide an overview of Cisco network-based IPS solutions.