Document Sample
OSIPS Powered By Docstoc
					                           Cisco IOS IPS                                                                                                                            At-A-Glance
                           Value-Added Security Services in Cisco IOS Software

Integrated Router Security                                                                                            • Provides networkwide, distributed
Solutions                                                                                                                 protection from many attacks, exploits,
                                                                             Cisco SDM                                    worms, and viruses
Comprehensive network-security
                                                                                                                      •   Eliminates the need for a standalone
features in Cisco® routers help com-                                        IPS         W
                                                                                     Filtereb                             IPS device at branch and telecommuter
panies protect their infrastructures,                                                      ing                            offices, as well as small and medium-sized
devices, and important information,                                                                                       business networks

while reducing costs.                                                                                                 •   Unique, risk-rating-based signature event



                                                                                                             IP SLA
                                                                                                                          action policy processor dramatically
Use Cisco IOS® IPS to protect your                                                                                        improves the ease of management of
network from attacks, exploits, and                                          Cisco IOS                                    IPS policy
worms                                                                        Software

                                                                Flex ket
                                                                                                                      •   Offers field-customizable worm and

                                                                 Pac hing

In today’s business environment, network                                                                                  attack signature set and event actions

intruders and attackers can come from outside                                                                         •   Works with Cisco IOS Firewall, control-

or inside the network. They can attack Internet                                                                           plane policing, and other Cisco IOS

connections, launch distributed denial-of-                                  NA           ure

                                                                                                                          Software security features to protect
                                                                              C       Sec ice

service attacks, and exploit network and


                                                                  S                                                       the router and the networks behind

host vulnerabilities. At the same time, Internet                                                 y
                                                                                              rit                         the router
worms and viruses can spread across the world                                              ecu                        •   Supports about 2000 attack signatures
in a matter of minutes. There is often no time to                                   Cisco S                               from the same signature database
wait for human intervention—the network itself
                                                                                                                          available for Cisco IPS appliances
must possess the intelligence to instantaneously
recognize and mitigate these attacks, threats,
exploits, worms, and viruses.
                                                         Business Challenges                 The Cisco Solution
Cisco IOS Intrusion Prevention System (IPS) is
an inline, deep-packet-inspection-based feature          Low Cost of Ownership               Ability to use existing integrated services router in the branch to layer security
                                                                                             features and eliminate point products
that enables Cisco IOS Software to effectively
mitigate a wide range of network attacks. While          Protection against sophisticated    IPS provides additional layer of protection for network attacks, exploits,
it is common practice to defend against attacks          attacks and exploits                worms, and viruses by using advanced, protocol-aware IPS inspection
by inspecting traffic at the data centers and cor-
porate headquarters, it is also critical to              Service Integration at the Branch   Numerous services are available in Cisco IOS Software that run on the
                                                                                             integrated services router
distribute the network-level defense to stop
malicious traffic close to its entry point at            Regulatory Compliance               Integrated security services help meet regulatory compliance and reduce
the branch or telecommuter offices.
                                                 Cisco IOS IPS                                                                                                                                                                                                         At-A-Glance
                                                 Value-Added Security Services in Cisco IOS Software

Protect Branch PC from Internet Worms                                                            Move Worm Protection to the Network                                                             Protect Branch Office Servers
Cisco IOS IPS is ideal for small branch offices                                                  Edge                                                                                            Cisco IOS IPS and Cisco IOS Firewall can also
and home offices. Branch offices and home                                                        Your network is only as secure as its least secure                                              protect your critical business assets, such as
offices are directly exposed to the Internet                                                     segment. As businesses expand their networks                                                    database and Web servers, at your branch
when connecting through a broadband                                                              to include branch offices and home offices, it                                                  offices. Without the added cost of additional
connection; this opens the offices up to the risk                                                becomes extremely important to extend network                                                   hardware, using Cisco IOS IPS and Cisco IOS
of being attacked or exploited. With Cisco                                                       security to these offices as well. Moving worm,                                                 Firewall together on Cisco integrated services
integrated services routers, customers can                                                       virus, and exploit protection to the edge of your                                               routers, traffic destined to your business-critical
protect the branch office or home office PC                                                      network will greatly increase its security posture                                              assets can be monitored by Cisco IOS stateful
from Internet worms, viruses, and exploits by                                                    and provide an end-to-end, highly secure com-                                                   firewall to prevent unwanted access while it is
using Cisco IOS IPS and Cisco IOS Firewall.                                                      munications environment.                                                                        being scanned by the IPS to remove any
Cisco IOS IPS protects customer office assets                                                                                                                                                    malicious traffic.
in a real-time, inline fashion, helping to ensure
the security and safety of Internet access and
reducing the risk of outside attacks.

Figure 1. Protect Branch PC from Internet Worms                                                  Figure 2. Move Worm Protection to the Network Edge                                              Figure 3. Protect Branch Office Servers

Branch Office                                                                                    Branch Office                                                                                   Branch Office

                  Router IPS                                                                                       Router IPS                                                                                       Router IPS
                 and Firewall                                                                                     and Firewall                                                                                     and Firewall
Client PCs                                                                                        Hacked
                                                                                                 Client PCs
                                              Internet                                                                                        Internet                                           Client PCs                                    Internet
                                 IPsec Tunnel or WAN link                                                                         IPsec Tunnel or WAN link                                                                         IPsec Tunnel or WAN link

                                        Int                                                                                                                                                                                              Int
                                           ern                                                                                                                                                      Servers                                 ern
                                              et                  Corporate Office                                                                                 Corporate Office                                                             et                 Corporate Office

                  Protect branch offices                                                                          move worm, virus and                   protect corporate                                         Protects branch office
                  from Internet attacks,                                                                          exploit protection to                  office, preserves                                         servers from attacks,
                  worms and exploits                                                             Client PCs       the edge of the network                WAN bandwidth                                             virus and worms
Client PCs                                                                                                                                                                                                         without the added cost
                                                                                                                                                                                                                   of additional hardware

                                                         Hacker                                                                                                                                                                                           Hacker

Copyright © 2007 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.       C45-400589-00 4/07

Shared By: