Intrusion detection systems (IDS) are becoming a concern and requirement for many organizations after the installation of firewall. IDS offer protection from users working from within the organization and also from external attackers where traffic does not go past the firewall. It is important to note that an IDS is not the ultimate solution an organization and therefore requires that other security measures be put in place.
The vendor that this paper will address is Cisco with their Intrusion Prevention System. the system is designed to be able to detect, classify and bring to a stop the attempts of attacks of the firewall. The system has a firewall, virtual private network and hardware accelerated IPS. This is in form of a device, Cisco ASA 5500 IPS Solution, and is designed to help companies and organizations to secure and protect their assets and networks. There are two modules, Cisco Advanced Inspection and Prevention Security Services and Security Services Cards help to strengthen the firewall protection by inspecting deeper into the packets that are sent on the network to give real-time IPv4 and IPv6 securing against worms, Trojans and all forms of exploits against application and operating systems vulnerabilities. One evident component of the Cisco Secure Borderless Network architecture, which is found in the Cisco ASA 5500 Series IPS Solution is that it is powerful, intuitive and offers real-time protection for critical assets that are used for storing information. This is achieved by use of IPS with Global Correlation, firewall and VPN technology.
Basically, the system comprises of management console and sensors. The management console is the reporting and management interface. on the other hand, the sensors are the agents that are tasked with monitoring the hosts and the networks to know what is taking place on a real-time basis. Like any intrusion system, it has a database that keeps attack signatures. The management interface is connected to the management VLAN (VLAN0). This is not to say that the management VLAN cannot be connected to any other VLAN it only means that it has to have some connectivity with the management VLAN.
References
Barnard, R., & Barnard, R. L. (1988). Intrusion detection systems. New Jersey: Gulf Professional Publishing.
Benantar, M. (2006). Access control systems: Security, identity management and trust models . New York: Springer.
Burton, J. (2003). Cisco security professional's guide to secure intrusion detection systems. New York: Syngress.
Pietro, R. D., & Mancini, L. (2008). Intrusion detection systems. New York: Springer.
Pitts, A., Warren, M., & Ubiversity, D. (2000). Intrusion detection systems: An overview of protection. Deakins: Deakins University Press.