In today's busy network environment, business continuity relies on effective network intrusion prevention to stop malicious attacks, worms, and application abuse before they affect your data and resources. Cisco® IPS 4200 Series Sensors and Cisco IPS Sensor Software are core components of Cisco's intrusion prevention solution. Using Cisco IPS Sensor Software's inline prevention technology, Cisco IPS 4200 Series Sensors accurately detect, classify, and stop malicious traffic on IPv4 and IPv6 networks.
Product Overview
Cisco IPS 4200 Series Sensors deliver high-performance intelligent detection with precision response, extending the diverse Cisco IPS solution from the network edge to the data center for both IPv4 and IPv6 networks.
Intelligent Detection
Cisco IPS 4200 Series Sensors accurately identify, classify, and stop malicious traffic before it affects your business.
• Cisco IPS technology is engineered to prevents malicious activity, including worms, directed attacks, distributed denial of service attacks, reconnaissance, and application abuse.
• Built on advanced Cisco security and network intelligence, modular inspection capabilities can detect and prevent threats to the entire network stack, from applications to Address Resolution Protocol (ARP). Cisco IPS technology extends this expertise by providing industry-leading protection from evasion.
• Cisco IPS provides adaptive vulnerability and anomaly detection. Signatures are focused on vulnerabilities, so your ability to detect threats remains intact, even as exploits change. For emerging "zero-day" threats, a Cisco IPS sensor learns about your network, detects behavioral anomalies, and mitigates attacks without a signature update.
• Cisco IPS is the only intrusion prevention systems that use Global Correlation. Global Correlation harnesses the power of Cisco Security Intelligence Operations, the world's largest threat monitoring network, to achieve unprecedented threat management efficacy. Global threat information is turned into actionable intelligence, such as reputation scores, and pushed out to all enabled technologies. Using Global Correlation, Cisco IPS can stop twice the amount of malicious activity that traditional signature-only IPS technologies can, and with fewer false positives. With Global Correlation updates every five minutes, the Cisco IPS can also adjust to changing threat conditions 100 times faster than signature updates alone.
• Cisco IPS technology and signature services are developed by an extensive global team of Cisco security experts. These experts conduct ongoing research into emerging threats, inspection methods, and prevention strategies, in order to continue to deliver up-to-date vulnerability-based signatures and advanced intrusion prevention capabilities.
Precision Response
Cisco IPS 4200 Series Sensors deliver precision threat-impact analysis, enabling you to respond to threats with confidence.
• Cisco IPS sensors provide you with the most knowledge of potential threat impact by calculating a real-time measurement of risk for every event. An adaptive multidimensional algorithm combines attack and attacker details with live global and network knowledge to produce a calibrated risk measurement.
• Cisco IPS sensors have the richest set of response actions for flexible and precise response policies. You can tailor your IPS policy to each network environment and threat-directly dropping packets, terminating sessions, and rate limiting, or implementing access control and rate limiting on routers and other security appliances throughout the network.
• Cisco IPS threat rating assesses post-response residual risk, enabling incident handlers to focus on the highest-impact events. Risk measurements are updated following an active response to prioritize events with the greatest potential to impact your business.
• Cisco IPS sensors record live, in-depth information on every alert, enabling incident handlers to rapidly diagnose and resolve events. Context data and session logging provide packet-level detail before, during, and after each event.
Intrusion Prevention for the Self-Defending Network
Integrated
• The most diverse line of IPS sensors provides the right tool for the right job, anywhere in the network
• Intrusion prevention is integrated into the fabric of the network
• Solution is built on Cisco security and network intelligence
• Adaptive
• Modular inspection engines provide rapid response with minimal downtime
• Behavioral anomaly detection protects against zero-day attacks
• Dynamic risk-based threat rating adapts policy to attacks in real time
• Collaborative
• On-box, networkwide, and global correlation provides greater confidence
• Network and endpoint collaboration provide greater visibility and effectiveness
• A common, solution-based management interface helps reduce operational costs
Policy-Based Management
• Cisco IPS 4200 Series Sensors reduce the time and effort required to implement security measures by using management and correlation tools that focus on policy, yet provide the granularity you need to fine-tune your IPS configuration.
• Instantly increase your security visibility and define your inspection policy, with integrated graphical management and event viewing tools.
• Reduce the cost of change and configuration management activities, using the rich Cisco Security Manager graphical interface to update policies on thousands of devices in a few simple steps.
Enterprise Resilience
• Cisco IPS 4200 Series Sensors are designed to withstand failures and minimize downtime, giving you the assurance that your IPS solutions can bear the most strenuous peaks of your day-to-day operations.
• Built-in, comprehensive monitoring detects potential failures at every level of operation, including devices, services, communications, and monitoring link failures.
• Automated and manual fail-open options enable you to define the right policy for a worst-case scenario, whether no packet should pass unexamined, or your traffic must flow-no matter what. Integrated hardware bypass enables you to extend this policy to total system and power failures.
Flexible Deployment
As part of the most diverse line of IPS technologies available, Cisco IPS 4200 Series Sensors can be deployed in a variety of IPv4 and IPv6 network environments. The wide range of performance and interface configurations in the IPS 4200 Series enable you to achieve effective intrusion prevention with unparalleled flexibility throughout the edge, campus, and data center.
• Cisco IPS 4200 Series Sensors can be deployed in an inline IPS configuration, a promiscuous IDS configuration, or both inline and promiscuous simultaneously.
• Your critical assets on IPv4 and IPv6 networks can be protected with a single Cisco IPS 4200 Series Sensor for maximum deployment flexibility and lower total cost of ownership. Cisco IPS 4200 Series Sensors provide investment protection for customers planning or considering migration to IPv6 or hybrid IPv4 and IPv6 networks.
• Appliances in the Cisco IPS 4200 Series are available in a variety of multiple-interface configurations, featuring copper and fiber Gigabit Ethernet, and 10 Gigabit Ethernet interfaces. You can also configure thousands of logical interfaces and implement intrusion prevention within your VLAN environment, giving you the design flexibility to address all of your deployment requirements, from simple to complex.
• Cisco IPS technologies also feature industry-leading virtualization capabilities. Virtual sensors enable the virtualization of both the configuration and the sensor state.
As shown in Figure 1, sensors can be placed on almost any enterprise network segment where security visibility is required to effectively stop worms and viruses.
Figure 1. Deployment Scenarios for Cisco IPS 4200 Series Sensors
Delivering Performance
Cisco IPS 4200 Series Sensors are designed to meet the rigors of a broad range of applications and network use. In today's enterprises, applications are using the Internet as never before. Voice over IP, e-commerce, streaming video, and Web 2.0 enable higher productivity and employee collaboration. These networked applications pose different and varying demands on resources such as connection rates, concurrent connections, flow length, transaction size, etc. From a performance perspective, there is a spectrum of application types ranging from media-rich environments that feature converged content to highly transactional environments populated by rapid-fire, lightweight connections.
Cisco IPS technology evaluates a diverse suite of metrics in both "media-rich" and "transactional" environments, enabling you to anticipate true IPS performance based on the unique characteristics of your real-world environment.
Media-Rich
Media-rich environments are characterized by content. Content seen on most popular websites falls on the media-rich end of the spectrum, as do video content and file transfers. If your environment is driven by access to large amounts of data and converged, immersive experiences, your environment is more media-rich.
Transactional
Transactional environments are characterized by connections. Many types of e-commerce environments fall on this end of the spectrum, as can instant messaging and voice. If your environment is driven by connection-intensive applications and small transaction sizes, your environment is more transactional.
Figure 2 shows the spectrum between media-rich and transactional environments.
Figure 2. Network Environment Spectrum: Transactional to Media-Rich
Product Specifications
Table 1 lists product specifications for the Cisco IPS 4200 Series.
Table 1. Product Specifications
Cisco IPS 4270
Cisco IPS 4260
Cisco IPS 4255
Cisco IPS 4240
Performance: Media-rich
4 Gbps
2 Gbps
600 Mbps
300 Mbps
Performance: Transactional
2 Gbps
1 Gbps
500 Mbps
250 Mbps
Standard monitoring interface
Four 10/100/1000BASE-TX or four 1000BASE-SX
10/100/1000BASE-TX
Four 10/100/1000BASE-TX
Four 10/100/1000BASE-TX
Standard command and control interface
10/100/1000BASE-TX
10/100/1000BASE-TX
10/100BASE-TX
10/100BASE-TX
Optional monitoring interfaces
• Four 10/100/1000BASE-TX
• Two 1000BASE-SX (fiber) (up to 16 total monitoring interfaces)
• Four 10/100/1000BASE-TX (up to 9 monitoring interfaces)
• Two 1000BASE-SX (up to 4 fiber monitoring interfaces)
None
None
Redundant power supply
Yes
Optional
No
No
Automated hardware fail- open
Yes*
Yes*
Yes**
Yes**
Form factor
Four rack units
Two rack units
One rack unit
One rack unit
Height
6.94 in. (17.6 cm)
3.45 in. (87.6 mm)
1.72 in. (4.37 cm)
1.72 in. (4.37 cm)
Width
19 in. (48.3 cm)
17.14 in. (435.3 mm)
17.25 in. (43.82 cm)
17.25 in. (43.82 cm)
Depth
26.5 in. (67.3 cm)
20 in. (508 mm)
14.5 in. (36.83 cm)
14.5 in. (36.83 cm)
Weight
80 lb (36.3 kg)
40 lb (18.14 kg) (when fully loaded)
20 lb (9.07 kg)
20 lb (9.07 kg)
Rack-mountable
Yes
Yes
Yes
Yes
Auto-switching
100 to 240 VAC
100 to 240 VAC
100 to 240 VAC
100 to 240 VAC
Frequency
50 to 60 Hz, single-phase
47 to 63 Hz, single-phase
47 to 63 Hz, single-phase
47 to 63 Hz, single-phase
Operating current
12.0A (100 VAC), 4.9A (200 VAC)
8.9A (100 VAC), 4.5A (200 VAC)
3.0A
3.0A
Operating temperature
10 to 35°C (50 to 95°F)
10 to 35°C (50 to 95°F)
0 to 40°C (32 to 104°F)
0 to 40°C (32 to 104°F)
Nonoperating temperature
-40 to 70°C
(-104 to 158°F)
-40 to 70°C
(-104 to 158°F)
-20 to 65°C
(-4 to 149°F)
-20 to 65°C
(-4 to 149°F)
Operating relative humidity
10 to 90% (noncondensing)
10 to 85% (noncondensing)
10 to 85% (noncondensing)
10 to 85% (noncondensing)
Nonoperating relative humidity
5 to 95% (noncondensing)
5 to 95% (noncondensing)
5 to 95% (noncondensing)
5 to 95% (noncondensing)
Heat dissipation @ full power
1893 Btu/hr
648 Btu/hr
614.2 Btu/hr
614.2 Btu/hr
* With bypass interface card
** With third-party products
Ordering Information
Table 2 lists ordering information for Cisco IPS 4200 Series Sensors. To place an order, visit the Cisco Ordering Home Page.
Table 2. Ordering Information
Product Number
Product Description
IPS-4240-K9
Cisco IPS 4240 Sensor (chassis, software, SSH, four 10/100/1000BASE-TX interfaces with RJ-45 connector)
IPS4240-DC-K9
Cisco IPS 4240 NEBS-Compliant Sensor with DC power (chassis, software, SSH, four 10/100/1000BASE-TX interfaces with RJ-45 connector)
IPS-4255-K9
Cisco IPS 4255 Sensor (chassis, software, SSH, four 10/100/1000BASE-TX interfaces with RJ-45 connector)
IPS-4260-K9
Cisco IPS 4260 Sensor (chassis, software, SSH, two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector)
IPS-4260-4GE-BP-K9
Cisco IPS 4260 Sensor with an included 4-GE copper NIC with hardware bypass (chassis, software, SSH, two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector, and four 10/100/1000BASE-TX interfaces with built-in bypass)
IPS-4260-2SX-K9
Cisco IPS 4260 Sensor with an included NIC card (chassis, software, SSH, two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector, and two fiber interfaces)
IPS4270-20-K9
Cisco IPS 4270 Sensor (chassis, redundant power, software, SSH, two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector)
IPS4270-20-4GE-K9
Cisco IPS 4270 Sensor (chassis, redundant power, software, SSH, two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector, and four 10/100/1000BASE-TX interfaces)
IPS4270-20-4SX-K9
Cisco IPS 4270 Sensor (chassis, redundant power, software, SSH, two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector, and four fiber interfaces)
IPS-4GE-BP-INT=
Spare 4-port copper interface card with built-in hardware bypass for the Cisco IPS 4260 and 4270
IPS-2SX-INT=
Spare 2-port fiber interface card for the Cisco IPS 4260 and 4270
CE Marking
EMC-FCC (CFR 47 Part 15) Class A, CISPR 22 Class A, EN 55022 Class A, EN 55024, EN61000-3-2, EN61000-3-3, VCCI Class A, AS/NZS 3548 Class A, CE marking, ICES-003 Class A, FCC Part 15 (CFR7 47) Class A, EN50082-1, EN61000-6-1, Safety-UL 60950, CSA 22.2 No.60950, IEC 60950, EN 60950, AS/NZS 3260, CE marking; EN 60950, IEC 60950
Cisco Services for IPS
Cisco Services for IPS is an integral part of Cisco IPS solutions, enabling operators to receive time-critical signature file updates and alerts. As part of the Cisco Technical Support Services portfolio, Cisco Services for IPS offers a comprehensive security service that allows your Cisco IPS solution to stay current on the latest threats so that malicious or damaging traffic is accurately identified, classified, and stopped. Cisco Services for IPS features include:
• Signature file updates and alerts
• Registered access to Cisco.com for online tools and technical assistance
• Access to Cisco Technical Assistance Center (TAC)
Cisco IPS 4200 Series sensors are subject to export controls. For guidance, please refer to the export compliance website at http://www.cisco.com/wwl/export/crypto/. For specific export questions, contact export@cisco.com.
Additional Information
For more information about Cisco IPS solutions, including modules for Cisco switches and routers, visit http://www.cisco.com/go/ips.
