Where in the network would be the best place to deploy Cisco IOS IPS?

You are the security administrator for a large enterprise network with many remote locations. You
have been given the assignment to deploy a Cisco IPS solution.
Where in the network would be the best place to deploy Cisco IOS IPS?

You are the security administrator for a large enterprise network with many remote locations. You
have been given the assignment to deploy a Cisco IPS solution.
Where in the network would be the best place to deploy Cisco IOS IPS?

A.
Inside the firewall of the corporate headquarters Internet connection

B.
At the entry point into the data center

C.
Outside the firewall of the corporate headquarters Internet connection

D.
At remote branch offices

Explanation:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet
0900aecd803137cf.html
Product Overview
In today’s business environment, network intruders and attackers can come from outside or inside
the network.
They can launch distributed denial-of-service attacks, they can attack Internet connections, and they
can exploit network and host vulnerabilities. At the same time, Internet worms and viruses can
spread across the world in a matter of minutes. There is often no time to wait for human
intervention-the network itself must possess the intelligence to recognize and mitigate these
attacks, threats, exploits, worms and viruses.
Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection-based solution that
enables Cisco IOS Software to effectively mitigate a wide range of network attacks. While it is
common practice to defend against attacks by inspecting traffic at data centers and corporate
headquarters, distributing the network level defense to stop malicious traffic close to its entry point
at branch or telecommuter offices is also critical.
Cisco IOS IPS: Major Use Cases and Key Benefits
IOS IPS helps to protect your network in 5 ways:

Key Benefits
• Provides network-wide, distributed protection from many attacks, exploits, worms and viruses
exploiting vulnerabilities in operating systems and applications
• Eliminates the need for a standalone IPS device at branch and telecommuter offices as well as
small and medium-sized business networks
• Unique, risk rating based signature event action processor dramatically improves the ease of
management of IPS policies
• Offers field-customizable worm and attack signature set and event actions
• Offers inline inspection of traffic passing through any combination of router LAN and WAN
interfaces in both directions

• Works with Cisco IOS® Firewall, control-plane policing, and other Cisco IOS Software security
features to protect the router and networks behind the router
• Supports more than 3700 signatures from the same signature database available for Cisco
Intrusion Prevention System (IPS) appliances



Leave a Reply 0

Your email address will not be published. Required fields are marked *