The Intrusion Prevention System (Ips) - Cisco RVS4000 - Gigabit Security Router Administration Manual

4-port gigabit security router with vpn

Hide thumbs Also See for RVS4000 - Gigabit Security Router:

Datasheet (4 pages)

User manual (83 pages)

Quick start manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

Table of Contents

Networking and Security Basics

The Intrusion Prevention System (IPS)

NOTE

The Intrusion Prevention System (IPS)

Cisco RVS4000 Security Router with VPN Administrator Guide

Since the router is a device that connects two networks, it needs two IP

addresses—one for the LAN, and one for the Internet. In this Administration Guide,

you'll see references to the "Internet IP address" and the "LAN IP address".

Since the router uses NAT technology, the only IP address that can be seen from

the Internet for your network is the router's Internet IP address. However, even this

Internet IP address can be blocked so the router and network seem invisible to the

Internet.

IPS is an advanced technology to protect your network from malicious attacks. IPS

works together with your SPI Firewall, IP Based Access Control List (ACL),

Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to

achieve the highest level of security. IPS works by providing real-time detection

and prevention as an in-line module in a router.

The RVS4000 has hardware-based acceleration for real-time pattern matching to

detect malicious attacks. It actively filters and drops malicious TCP/UDP/ICMP/

IGMP packets and can reset TCP connections. This feature prevents network

worm attacks against client PCs and servers with various operating systems

including Windows, Linux, and Solaris. However, this system does not prevent

viruses contained in email attachments.

The P2P (Peer-to-Peer) and IM (Instant Messaging) control allows the system

administrator to prevent network users from using those protocols to

communicate with people over the Internet. This helps the administrators to set up

company policies on how to use the Internet bandwidth wisely.

The signature file is the heart of the IPS system. It is similar to the Virus definition

file on your PC's Anti-Virus software. IPS uses this file to match against packets

coming into the router and performs actions accordingly. The RVS4000 has a

signature file that contains 1000+ rules, which cover these categories: DDoS,

Buffer Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus, Worm,

and Web Attacks.

Customers are encouraged to update their IPS signature file regularly to prevent

any new types of attacks on the Internet.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

The Intrusion Prevention System (Ips) - Cisco RVS4000 - Gigabit Security Router Administration Manual

The Intrusion Prevention System (IPS)

Hide quick links:

Related Manuals for Cisco RVS4000 - Gigabit Security Router

Related Content for Cisco RVS4000 - Gigabit Security Router

Table of Contents