Guest

CiscoWorks Management Center for IPS Sensors

CiscoWorks Management Center for IPS Sensors 2.2

  • Viewing Options

  • PDF (54.2 KB)
  • Feedback
Data Sheet

PRODUCT OVERVIEW

CiscoWorks Management Center for IPS Sensors is a tool for configuring Cisco ® network sensors, switch intrusion prevention system (IPS) sensors, IPS network modules for routers, and inline intrusion prevention software in routers. The tool allows administrators to save time by using group profiles to configure multiple sensors concurrently. It also provides a powerful signature management feature that increases the accuracy and specificity of detecting possible network intrusions.
CiscoWorks Management Center for IPS Sensors is a component of the CiscoWorks VPN/Security Management Solution (2.3) , which combines Web-based tools for configuring, monitoring, and troubleshooting:

• VPNs

• Firewalls

• Network IPSs

• Network intrusion prevention systems (IPSs)

• Host-based IPSs

• Router-based IPSs

An integral part of the SAFE Blueprint from Cisco, CiscoWorks VMS is an integrated security management solution that addresses the needs of both small- and large-scale VPN and security deployments by helping to protect productivity gains and to reduce operating costs. Unlike point security products from multiple vendors that can leave vulnerable gaps, CiscoWorks VMS provides a comprehensive solution that brings separate security and VPN technologies together into a single secure network. Many enterprises have increased the number of IPS sensors to provide security against network attacks. With a scalable architecture, CiscoWorks Management Center for IPS Sensors helps centrally manage these sensors and provides added security in a way that helps reduce management time and cost of operations.

NEW FEATURES

CiscoWorks Management Center for IPS Sensors 2.2 includes the following new features:

Additional Support for Cisco IPS Sensor Software 5.1-Cisco IPS Sensor Software is an inline, network-based solution that accurately identifies, classifies, and stops malicious traffic, including worms, spyware and adware, network viruses, and application abuse, before business continuity is affected.

Support for the Cisco Incident Control System-The Cisco Incident Control System helps prevent new worm and virus outbreaks by enabling the network to rapidly adapt and provide a distributed response. Today, worm or virus outbreaks can spread around the world in minutes. A rapid response after an outbreak is detected is necessary to help ensure the safety of enterprise networks. Collaborating with existing Cisco outbreak prevention solutions, the Cisco Incident Control System provides rapid distribution of worm and virus immunization capabilities throughout the network. This fast, proactive approach helps to ensure network availability and to decrease the costs associated with damage cleanup.

The primary features of the Cisco Incident Control System include:

– Uses up-to-the-moment threat intelligence from Trend Micro, an industry-leading antivirus and worm expert

– Provides rapid response, enabling proactive prevention of worms and viruses

– Empowers existing Cisco network and security devices to adapt in real time for a coordinated, networkwide response

CiscoWorks Management Center for IPS Sensors detects changes to devices affected by Cisco Incident Control System and notifies the user via the tool's Sensor Health and Welfare feature. The Management Center for IPS Sensors also handles configuration of proactive prevention signatures used by the Cisco Incident Control System. It provides user-detailed information pertaining to:

Support of Distributed Threat Mitigation-Distributed Threat Mitigation is a collaborative solution that proactively identifies and distributes IPS signatures for the most active threats detected on the network. It provides distributed and rapid threat mitigation using Cisco IOS® IPS. CiscoWorks Management Center for IPS Sensors detects changes to devices affected by Distributed Threat Management and notifies the user via Sensor Health and Welfare.

Support of Cisco IOS IPS-With inline intrusion capabilities, Cisco IOS IPS is the first system in the industry to provide an inline, deep-packet-inspection-based IPS solution that helps enable Cisco routers to effectively mitigate a wide range of network attacks without compromising traffic forwarding performance. Armed with the intelligence to accurately identify, classify, and stop malicious or damaging traffic in real time, Cisco IOS IPS is a core component of the Cisco Self-Defending Network, which enables the network to protect itself. This technology uses Cisco IPS Sensor Software and signatures. Because Cisco IOS IPS is inline, it can drop traffic, send an alarm, or reset a connection, enabling the router to respond immediately to security threats. CiscoWorks Management Center for IPS Sensors provides in-depth configuration of Cisco IOS IPS

• Support of Cisco IOS IPS signature definition files (SDFs)

Signature Definition File (SDF)

The SDF is integral to Cisco IOS IPS. The SDF is an Extensible Markup Language (XML) file with a definition of each signature, along with relevant configurable actions. Cisco IOS IPS reads in the SDF, parses the XML, and populates its internal tables with the information necessary to detect each signature. Actions such as alarm, drop, or reset can be selected for individual signatures within the SDF. The SDF can be modified so the router will only detect specific signatures; as a result, it can contain all or a subset of the signatures supported in Cisco IOS IPS. The user specifies the location of the SDF. The SDF can reside on the local flash file system (recommended) or on a remote server. Remote servers can be accessed via Trivial File Transfer Protocol (TFTP), FTP, Secure Copy Protocol (SCP), or Remote Copy Protocol (RCP).
If the Cisco IOS IPS-enabled router is configured to scan packets using the SDF, it will get signature and engine information from the SDF. All or a subset of the routers in a network can use the same SDF or use a different SDF, depending on the requirements of the network. Some routers may allow for activating more signatures than less powerful routers.

SDFs Posted on Cisco.com

Cisco IOS IPS ships with one of three preconfigured SDFs: 128MB.sdf, 256MB.sdf, and attack-drop.sdf. These files are available in flash memory on all Cisco IOS IPS-enabled routers that are shipped with Cisco IOS Software Release 12.3(14)T or higher. These SDFs contain the latest high-fidelity (low false positives) worm, virus, instant messaging, and peer-to-peer (P2P) blocking signatures for detecting security threats, allowing easier deployment and signature management for the user. Pre-built SDFs provide a good starting point for users-they do not have to create their own SDFs from the wide range of signatures available in Cisco IOS Software. Signatures can be appended or modified from these SDFs.

128MB.sdf and 256MB.sdf

As of Cisco IOS Software Release 12.3(14)T, two pre-built SDFs have been introduced: 128MB.sdf and 256MB.sdf. 128MB.sdf is primarily created for routers with 128 MB of DRAM and contains 300 signatures. 256MB.sdf is primarily created for routers with 256 MB of DRAM and contains 500 signatures. These two SDFs contain signatures that are supported by the newly introduced STRING engines, namely STRING.TCP, STRING.UDP, and STRING.ICMP. These engines are supported in Cisco IOS Software Release 12.3(14)T. In the event that these SDFs are loaded on a router with an image prior to Release 12.3(14)T, the STRING signatures will not load.

Attack-drop.sdf

The attack-drop.sdf contains 82 high-fidelity signatures, providing customers with the latest available detection of security threats. The attack-drop.sdf file is available in flash memory on all Cisco access routers that are shipped with Cisco Router and Security Device Manager (SDM) 1.2 or higher. The attack-drop.sdf file can also be downloaded onto a router from Cisco.com.

Support for Single Interface, Multi-VLAN IPS Configuration-With introductory inline support, CiscoWorks Management Center for IPS Sensors now gives the user the ability to assign VLAN pairs to a single interface.

Support of Rate-Limiting Configuration-Allows the IPS device to limit certain types of traffic by preventing the traffic from using an excessive amount of bandwidth. This feature can also signal external devices such as Cisco IOS Software routers to perform rate limiting to accomplish the same function.

Multi-user Support-Automatically puts tasks such as sensor import and deployments in the background. This allows users to continue with the full functional use of CiscoWorks Management Center for IPS Sensors.

Auto-Apply Signature Update-Allows the user to download and automatically update Cisco IPS sensors with signature updates, minor releases, and patches from Cisco.com.

Copy Signature Wizard-Provides the ability to copy signature tunings from one device to many devices.

Global Event Configurations-Makes it possible to globally apply event action overrides, event action filters, and event variables to all Cisco IPS sensors.

Out-of-Band Configuration Detection-Detects out-of-band configuration made to devices by other management components. Once an out-of-band configuration is detected, users can be notified via Sensor Health and Welfare.

FEATURES AND BENEFITS

Easy to Use

• Easy to use Web-based interface

• Wizards that walk the user through common management tasks

• Access to the Network Security Database, which provides meaningful information about alarms to assist operators without IPS security expertise

Centralized Management

Ability to define a hierarchy of sensors, containing groups and subgroups.

Scalability

• Support for several hundred sensor deployments from each console

• Use of a robust relational database to store a high volume of data

Security

Five authorization roles to delegate responsibility to different administrators.

Workflow Model

Ability to determine which administrators can generate, approve, and deploy configurations.

Enhanced Signature Management

Ability to create and customize signatures for further tuning.

Block Attacks

Sensors can be configured to block an attack by generating access control list (ACL) rules for a Cisco router or firewall.

PLATFORMS SUPPORTED

Cisco network IDS/IPS Sensors-Cisco IDS Sensor Software 4.0 and 4.1; Cisco IPS Sensor Software 5.0 and 5.1

Cisco switch IDS/IPS Sensors-IDSM 4.0, 4.1, and IPS 5.0, 5.1

Cisco IDS/IPS Network Modules for Cisco Routers-Cisco IDS Sensor Software 4.1; Cisco IPS Sensor Software 5.0 and 5.1

• Cisco 1700, 2600, and 7200 series routers

• Cisco 3725 and 3745 multiservice access routers

• Cisco 2691 multiservice platforms

• Cisco IOS Software Release 12.3(8)T4 and higher, with inline IPS support

SYSTEM REQUIREMENTS

For comprehensive hardware and operating requirements, see the CiscoWorks VMS overview at http://www.cisco.com/go/vms.

ORDERING INFORMATION

CiscoWorks Management Center for IPS Sensors is a featured component of CiscoWorks VMS. For ordering details, review the product bulletin at http://www.cisco.com/go/vms. To place an order, visit the Cisco Ordering Home Page.

TO DOWNLOAD THE SOFTWARE

Visit the CiscoWorks VPN/Security Management Solution to download CiscoWorks Management Center for IPS Sensors 2.2.

SERVICE AND SUPPORT

Cisco offers a wide range of services programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services.

FOR MORE INFORMATION

For more information about CiscoWorks Management Center for IPS Sensors, visit http://www.cisco.com/go/vms, contact your local account representative, or send e-mail to ciscoworks@cisco.com.
Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205524.O_ETMG_KL_12.05Printed in the USA Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205524.O_ETMG_KL_12.05Printed in the USA