As mentioned in Chapter 1, "Introduction to Network Security," intrusion detection systems (IDSs) alert security administrators when they detect unauthorized or malicious activity. It also covers how the new intrusion prevention systems provide a more sophisticated way of protecting your network. There are two types of IDS and intrusion prevention systems (IPS):
Cisco offers the Cisco Security Agent (CSA) for host-based intrusion prevention software (HIPS) and the Cisco 4200 Series Sensors for network-based IDS/IPS, along with modules for Catalyst switches and IOS routers. The Cisco 4200 Series includes the following models:
The IDS Services Module-2 (IDSM-2) for Cisco Catalyst 6500 offers a solution for large enterprises. It is designed to protect switched environments in the Cisco Catalyst chassis. Cisco also offers an IDS network module (CIDS-NM) for IOS routers. Similarly, Cisco ASA offers an integrated Intrusion Prevention System (IPS) solution with Cisco ASA 5510, 5520, and 5540 IPS Security Services Modules (ASA-SSM-AIP-10 and ASA-SSM-AIP-20). The Cisco ASA AIP-SSM modules accelerate security application execution by offloading IDS/IPS processing from the main chassis and offer numerous enhanced IPS and Anti-X features. Anti-x is the Cisco codename for features that deliver a new generation of highly accurate and intelligent in-line prevention services. These features include network anti-virus, anti-spyware, and worm mitigation capabilities for improved threat defense.