1-2
Installing Cisco Intrusion Prevention System Appliances and Modules 5.0
78-16124-01
Chapter 1 Introducing the Sensor
How the Sensor Functions
Figure 1-1
Comprehensive Deployment Solutions
Note
IDS-4210 and NM-CIDS do not operate in inline mode.
The command and control interface is always Ethernet. This interface has an assigned IP address, which
allows it to communicate with the manager workstation or network devices (Cisco switches, routers, and
firewalls). Because this interface is visible on the network, you should use encryption to maintain data
privacy. SSH is used to protect the CLI and TLS/SSL is used to protect the manager workstation. Both
SSH and TLS/SSL are enabled by default on the manager workstations.
When responding to attacks, the sensor can do the following:
•
Insert TCP resets via the monitoring interface.
Note
The TCP reset action is only appropriate as an action selection on those signatures that are
associated with a TCP-based service. If selected as an action on non-TCP-based services, no
action is taken. Additionally, TCP resets are not guaranteed to tear down an offending
session because of limitations in the TCP protocol. On IDS-4250-XL, TCP resets are sent
through the TCP reset interface.
Public services segment
Campus core
Attacker
Internet
Main campus
Sensor deployed
in IDS mode
Sensor deployed
in IPS mode
Sensor deployed
in IPS mode
Sensor deployed in hybrid
mode to deliver IDS services
outside router and IPS
services inside the firewall
Service provider,
partner, or branch
office network
Multiple IPS sensors
deliver a highly scalable,
load-balanced solution
via Cisco Etherchannel
technology on Cisco
Catalyst Switches
92614