Table of Contents
Advertisement
Intrusion Prevention System
Cisco SA500 Series Security Appliances Administration Guide
The SA500 Series uses an Intrusion Prevention System (IPS) to protect the
security zones for a given set of categories. IPS monitors network traffic for
malicious or unwanted behavior on the device and can react, in real-time, to block
or prevent those activities.
When an attack is detected, offending packets are dropped or alerts are logged
depending on the administrative settings, but all other traffic is unaffected. Unlike
traditional firewalls, an IPS makes access control decisions based on application
content, rather than IP address or ports.
You can configure IPS to protect network services such as web, instant messaging
applications, email, file transfer, Windows services and DNS. It also protects
applications against vulnerabilities such as viruses and worms, peer-to-peer (P2P)
applications, and backdoor exploits.
This chapter describes how to configure the IPS features. It includes the following
sections:
•
Configuring IPS
•
Configuring the IPS Policy
•
Configuring the Protocol Inspection Settings
•
Configuring Peer-to-Peer Blocking and Instant Messaging
To access the IPS pages click IPS from the Configuration Utility menu bar.
5
130
Hide quick links:
Advertisement
Table of Contents
