CCNAS V1.2 Chapter 05 Implementing Intrusion Prevention

The security challenges that face today's network administrators cannot be successfully managed by any single application. Although implementing device hardening, AAA access control, and firewall features are all part of a properly secured network, these features still cannot defend the network against fast-moving Internet worms and viruses. A network must be able to instantly recognize and mitigate worm and virus threats.

Also, it is no longer possible to contain intrusions at a few points in the network. Intrusion prevention is required throughout the entire network to detect and stop an attack at every inbound and outbound point.

A networking architecture paradigm shift is required to defend against fast-moving and evolving attacks. This must include cost-effective detection and prevention systems, such as intrusion detection systems (IDS) or, the more scalable, intrusion prevention systems (IPS). The network architecture integrates these solutions into the entry and exit points of the network.

When implementing IDS and/or IPS, it is important to be familiar with the types of systems available, host-based and network-based approaches, the placement of these systems, the role of signature categories, and possible actions that a Cisco IOS router can take when an attack is detected.

In a comprehensive hands-on lab for the chapter, “Configuring an Intrusion Prevention System (IPS) Using the CLI and Cisco Configuration Professional”, learners configure IPS using the CLI, modify IPS signatures, verify IPS functionality, and log IPS messages to a syslog server. Next, learners configure IPS using Cisco Configuration Professional, modify signatures, use a scanning tool to simulate an attack, and use Cisco Configuration Professional Monitor to verify IPS functionality.

A Packet Tracer activity “Configure IOS Intrusion Prevention System (IPS) using CLI” provides learners additional practice implementing the technologies introduced in this chapter. Learners configure IPS using CLI, modify IPS signatures, and verify IPS functionality.