Filter
Top Products
Networking and Security Basics
The Intrusion Prevention System (IPS)
Cisco RVS4000 Security Router with VPN Administrator Guide 11
2
NOTE Since the router is a device that connects two networks, it needs two IP
addresses—one for the LAN, and one for the Internet. In this Administration Guide,
you’ll see references to the “Internet IP address” and the “LAN IP address”.
Since the router uses NAT technology, the only IP address that can be seen from
the Internet for your network is the router’s Internet IP address. However, even this
Internet IP address can be blocked so the router and network seem invisible to the
Internet.
The Intrusion Prevention System (IPS)
IPS is an advanced technology to protect your network from malicious attacks. IPS
works together with your SPI Firewall, IP Based Access Control List (ACL),
Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to
achieve the highest level of security. IPS works by providing real-time detection
and prevention as an in-line module in a router.
The RVS4000 has hardware-based acceleration for real-time pattern matching to
detect malicious attacks. It actively filters and drops malicious TCP/UDP/ICMP/
IGMP packets and can reset TCP connections. This feature prevents network
worm attacks against client PCs and servers with various operating systems
including Windows, Linux, and Solaris. However, this system does not prevent
viruses contained in email attachments.
The P2P (Peer-to-Peer) and IM (Instant Messaging) control allows the system
administrator to prevent network users from using those protocols to
communicate with people over the Internet. This helps the administrators to set up
company policies on how to use the Internet bandwidth wisely.
The signature file is the heart of the IPS system. It is similar to the Virus definition
file on your PC’s Anti-Virus software. IPS uses this file to match against packets
coming into the router and performs actions accordingly. The RVS4000 has a
signature file that contains 1000+ rules, which cover these categories: DDoS,
Buffer Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus, Worm,
and Web Attacks.
Customers are encouraged to update their IPS signature file regularly to prevent
any new types of attacks on the Internet.