Network-based Intrusion Prevention products use sensors to analyze network traffic at numerous locations throughout your network. These sensors are deployed in various form factors, such as the following:
Regardless of the form factor of your sensors, your sensors must receive the network traffic that needs to be analyzed. Capturing network traffic varies depending on whether you are using inline mode or promiscuous mode. After your sensors have captured network traffic, their analysis of the traffic falls into the following categories based on the way that the signatures used to analyze the network traffic:
After it analyzes network traffic, the sensor uses one or more of the following types of actions to respond to the identified traffic:
The results of the traffic analysis performed by your IPS sensors are usually monitored via a centralized monitoring console. Similarly, a centralized management application enables you to effectively configure a large number of IPS sensors across your network. This chapter provides an in-depth explanation of the various Network Intrusion Prevention System (NIPS)/Network Intrusion Detection System (NIDS) components. It divides the major elements into subcomponents and illustrates implementation approaches for each of these subcomponents. Cisco IPS sensors are used as a practical example throughout this chapter to provide real examples of the various NIPS components. |