Network Access Controller Features - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuration guide
Hide thumbs Also See for 4215 - Intrusion Detection Sys Sensor:
Table of Contents

Advertisement

Appendix A
System Architecture
Figure A-3
Figure A-3
Sensor
Routers and Firewalls
Master Blocking Sensor
Routers and Firewalls
A Network Access Controller instance can control 0, 1, or many network devices. Network Access
Note
Controller does not share control of any network device with other Network Access Controller
applications, IPS management software, other network management software, or system administrators.
Only one Network Access Controller instance is allowed to run on a given sensor.
Network Access Controller initiates a block in response to one of the following:
When you configure Network Access Controller to block a device, it initiates either a Telnet or SSH
connection with the device. Network Access Controller maintains the connection with each device. After
the block is initiated, Network Access Controller pushes a new set of configurations or ACLs (one for
each interface direction) to each controlled device. When a block is completed, all configurations or
ACLs are updated to remove the block.

Network Access Controller Features

Network Access Controller has the following features:
78-16527-01
illustrates Network Access Controller.
Network Access Controller
Block
Subscription
Network
Block Event
Access
Block CT
Controller
Block CT
Response
Network
Block CT
Access
Controller
Block CT
Response
An alert event generated from a signature that is configured with a block action
A block configured manually through the CLI, IDM, or ASDM
A block configured permanently against a host or network address
Communication through Telnet and SSH 1.5 with 3DES (the default) or DES encryption
Only the protocol specified in the Network Access Controller configuration for that device is
attempted. If the connection fails for any reason, Network Access Controller attempts to reestablish
it.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Block
Subscription
Event Store
Block Event
IDAPI
Block CT
CT Source
Block CT
Response
Block CT
Web Server
Block CT
IDAPI
CT Server
Block CT
Response
Block CT
Response
MainApp
A-13

Advertisement

Table of Contents
loading

Table of Contents