Intrusion Prevention System
Configuring IPS
Cisco SA 500 Series Security Appliances Administration Guide
The SA 500 Series uses an Intrusion Prevention System (IPS) to protect the
security zones for a given set of categories. IPS monitors network traffic for
malicious or unwanted behavior on the device and can react, in real-time, to block
or prevent those activities.
When an attack is detected, offending packets are dropped or alerts are logged
depending on the administrative settings, but all other traffic is unaffected. Unlike
traditional firewalls, an IPS makes access control decisions based on application
content, rather than IP address or ports.
You can configure IPS to protect network services such as Web, instant
messaging applications, email, file transfer, Windows services and DNS. It also
protects applications against vulnerabilities such as viruses and worms, peer-to-
peer (P2P) applications, and backdoor exploits.
Refer to the following topics to configure the IPS features:
•
Configuring IPS, page 148
•
Configuring the IPS Policy, page 150
•
Configuring the Protocol Inspection Settings, page 150
•
Configuring Peer-to-Peer Blocking and Instant Messaging, page 151
You configure IPS from IPS Setup page. From this page you can enable IPS for the
security zone you want to protect (LAN or DMZ), update the IPS signatures, and
view the IPS status.
6
148