tailieunhanh - cisco security professional's guide to secure intrusion detection systems phần 2

Cisco hiểu những khó khăn tiềm năng liên quan đến quản lý mạng và bảo mật làm giảm bớt những trở ngại quản lý, Cisco cung cấp một loạt các tùy chọn quản lý cung cấp dễ sử dụng và quản lý tập trung. Với các công cụ như Viewer Cisco IDS sự kiện, thiết bị quản lý IDS, Giám đốc Chính sách bảo mật | 42 Chapter 2 Cisco Intrusion Detection Cisco understands the potential difficulties involved with managing network and security infrastructure. To alleviate management impediments Cisco provides a series of management options that offer ease of use and centralized management. With tools like the Cisco IDS Event Viewer IDS Device Manager Secure Policy Manager and the CiscoWorks VPN Security Management Solution administrators have many powerful options at their fingertips. The Cisco Network IDS solution set includes appliance-based intrusion detection through the Cisco 4200 line of sensors. Ranging from performance options between 45 Mbps to 1 Gbps the 4200 series offers multiple options for security administrators and can be quickly and easily integrated into network environments. Cisco also helps companies leverage existing switching and routing infrastructures through use of the Cisco Catalyst 6500 IDSM and Cisco IDS Module for 2600 3600 and 3700 modules integrate seamlessly into existing hardware to provide additional network security. And last but certainly not least network IDS functionality is available in routers through an integrated but limited IOS functionality. Cisco Host IDS works on the service endpoints in the network. Installed on hosts such as web and mail servers the host sensor software protects operating systems and application-level functionality through tight integration. This is accomplished by inspecting all interaction with the operating system and comparing the requests for service against a database of known attacks. Should the request match a known exploit the request for service will be terminated by the sensor software. Along with preventing known attacks the Host sensor can also protect against generic or unknown exploits by preventing dangerous situations such as buffer overruns a typical result of hacker exploits. Finally the Host IDS software acts as a shield against intentional file corruption attempts such as Trojan .