Cisco Intrusion Detection System

As the central element in the Cisco® Intrusion Detection System (IDS) portfolio, Cisco IDS Sensor Software Version 4.x provides unprecedented security against known and unknown threats targeting your network, including worms, denial-of-service (DoS) attacks, and application attacks. Cisco IDS 4.x helps ensure comprehensive coverage by employing multiple detection methods and providing the capability to prevent execution of detected attacks. It also offers several integrated ease-of-use features to maximize efficiency.

• Multiple detection methods - Cisco IDS 4.x uses multiple methods to accurately detect threats, including stateful pattern recognition, protocol analysis, traffic anomaly detection, and protocol anomaly detection. Additionally, Cisco IDS delivers a Layer 2 signature engine to provide protection from Address Resolution Protocol (ARP) spoofing techniques.
• Extensive protocol monitoring - All major TCP/IP protocols are monitored, including IP, Internet Control Message Protocol (ICMP), TCP, and User Datagram Protocol (UDP). Cisco IDS 4.x also statefully decodes application layer protocols, such as FTP, Simple Mail Transfer Protocol (SMTP), HTTP, Domain Name System (DNS), remote-procedure call (RPC), NetBIOS, Network News Transport Protocol (NNTP), Telnet, and peer-to-peer (P2P).
• Comprehensive attack detection - Cisco IDS 4.x has the most comprehensive detection capabilities in the following categories:
  • Exploitation activity indicative of attempts to gain access or compromise network systems
  • DoS activity indicative of attempts to consume bandwidth or compute resources to disrupt normal operations
  • Reconnaissance activity indicative of attempts to probe or map your network to identify targets, such as ping sweeps and port sweeps
  • Misuse activity indicative of attempts to violate corporate policy; detected by configuring the sensor to look for custom text strings in the network traffic

Cisco IDS 4.x responds immediately to stop attacks that can cost you time and money. After an attack is accurately identified and classified, the system can deny the intruder by dropping the packet, terminating the session, reconfiguring access control lists (ACLs) on routers and switches, or dynamically modifying the firewall policy. Additionally, Cisco IDS 4.x blocks source and destination port numbers as well as source and destination IP addresses.

• Flexible policy language - Using the innovative Cisco Threat Analysis Micro Engine (TAME) policy language, users can create and modify policies to specifically suit the environment in which their security objectives are deployed. Because Cisco TAME policies are decoupled from the sensing application, changes do not affect the sensor performance or reliability. Cisco TAME also allows users to take full advantage of the underlying protocol analysis capabilities. Cisco IDS 4.x simplifies the policy management with improved navigation, allowing implementation of global changes across categories. Additionally, Cisco IDS 4.x now gives detailed information about the alarm trigger, providing users with forensic and advanced analysis data to speed the decision support process.
• Automated updates, streamlining management - Cisco IDS Active Update technology automates the distribution of new signature files and application upgrades to sensors, thereby streamlining the process of regularly updating remote sensors and lowering recurring operational costs.