|[ LiB ]|
Before reading further about blocking in this chapter, you need to understand some terms and definitions. The following list defines these terms and explains how they relate specifically to IDS and blocking:
Blocking A Cisco IDS feature; also called shunning for the PIX Firewall, when no ACLs are used.
Device management The ability of a Sensor to interact with a Cisco device so that the device is dynamically reconfigured to block the source of an attack in real time.
Managed device Also called the blocking device, the managed device is the Cisco device that blocks the attack.
Blocking sensor The Sensor that instructs the blocking device to initiate blocking.
Interface/direction (ACLs only) The combination of a device's interface and a direction, in or out, which specifies the blocking of inbound or outbound packets on a particular interface. You configure blocking separately for each device's interface/direction combination. The Sensor supports blocking for up to 10 interface/directions across all devices.
Managed interface/virtual LAN (VLAN) The interface or VLAN on the managed device where the Sensor applies the dynamically created ACL or VLAN ACL (VACL). This interface or VLAN is also referred to as a blocking interface or VLAN.
Active ACL or VACL This ACL or VACL is dynamically created and maintained by the Sensor, which is applied to the managed interface or VLAN.
Figure 11.1 shows the blocking sensor, managed device, managed interfaces, and ACL interface/directions.
|[ LiB ]|