User Interaction - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

System Overview
•
•
•
•
•
•
•
•
•
IPS 5.0 no longer contains the following features:
•
•
•

User Interaction

You interact with IPS 5.0 in the following ways:
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
A-4
New IPS manager
ASDM is a browser-based, Java applet used to configure and monitor the software on security
appliances. ASDM is loaded from the security appliance, then used to configure, monitor, and
manage the device.
Revised configuration XML
IDCONF is now the supported method for configuration. It specifies messages for creating, editing,
removing, and retrieving configuration data. The older configuration components from IDIOM are
no longer supported in IPS 5.0.
Ability to configure deny actions when policy violations (signatures) are detected
Application Inspection and Control engine
AIC provides deep analysis of web traffic. It provides granular control over HTTP sessions to
prevent abuse of the HTTP protocol. It allows administrative control over applications that try to
tunnel over specified ports, such as instant messaging, and tunneling applications, such as
gotomypc. It can also inspect FTP traffic and control the commands being issued.
New monitoring using SNMP
Support for PEP information on hardware that supports PEP
PEP is the UDI information that consists of the PID, VID, and SN of the product.
Support added to Network Access Controller to control ASA and FWSM
Client-side IDM GUI
The GUI is now a Java applet rather than HTML.
Limited IPv6 support
IPv4 packets tunneled within IPv6 packets will be processed and have policy enforced on the packet.
However, all analysis is done with the IPv4 packet and none of the IPv6 packet information is used.
Router ACL policy violations being reported via syslog sent to the sensor's management interface
Support for the SYSLOG engine that translates syslog output from routers into IPS alerts has been
removed from IPS 5.0. The management stations can now receive and present syslog information.
Server-side IDM GUI
The web-based GUI is replaced by a Java applet.
Configuration XML from IDIOM
The main configuration XML is now from SDEE.
Configure device parameters
You generate the initial configuration for the system and its features. This is an infrequent task,
usually done only once. The system has reasonable default values to minimize the number of
modifications you must make. You can configure IPS 5.0 through the CLI, IDM, IDS MC, ASDM
or through another application using RDEP2 and IDCONF.
Appendix A System Architecture
78-16527-01