Contents
xii
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
A P P E N D I X
A
System Architecture
A-1
System Overview
A-1
System Design
A-1
IPS 5.0 New Features
A-3
User Interaction
A-4
Security Features
A-5
MainApp
A-5
MainApp Responsibilities
A-6
Event Store
A-7
About Event Store
A-7
Event Data Structures
A-8
IPS Events
A-8
NotificationApp
A-9
CtlTransSource
A-11
Network Access Controller
A-12
About Network Access Controller
A-12
Network Access Controller Features
A-13
Supported Blocking Devices
A-15
ACLs and VACLs
A-16
Maintaining State Across Restarts
A-16
Connection-Based and Unconditional Blocking
A-17
Blocking with Cisco Firewalls
A-18
Blocking with Catalyst Switches
A-19
LogApp
A-19
AuthenticationApp
A-20
AuthenticationApp Responsibilities
A-20
Authenticating Users
A-20
Configuring Authentication on the Sensor
A-21
Managing TLS and SSH Trust Relationships
A-21
Web Server
A-22
SensorApp
A-22
Responsibilities and Components
A-23
Packet Flow
A-24
SEAP
A-25
New Features
A-26
CLI
A-28
User Roles
A-28
Service Account
A-29
CLI Behavior
A-30