CCNA Security – Chapter 5 Case Study
Objectives
•
Describe the underlying IDS and IPS technology that is embedded in the Cisco host- and
network-based IDS and IPS solutions.
•
Configure Cisco IOS IPS using CLI and Cisco SDM.
•
Verify Cisco IOS using CLI and Cisco SDM.
Scenario
An intrusion protection system (IPS) is a key tool within the network security architecture, yet 60% of
respondents to a recent information security poll said they have yet to implement one. Intrusion detection
is vital because it is impossible to keep pace with every current and potential threat and vulnerability in a
network. These threats and vulnerabilities advance at lightning speed, and it takes time for vendors to
catch up with patches and updates. Therefore, IPS’s have become indispensable in helping to manage
these threats and vulnerabilities.
Once you decide you need an IPS, you must answer these four questions:
•
How can I use an IPS to benefit my security strategy?
•
What technologies are available to me?
•
Where do I deploy the technology on my network?
•
How do I manage the information an IPS will provide?
The transition team is responsible for answering these questions. The IPS system will be the centerpiece
to securing the internal network and DMZ at Superior Health Care System Corporation. Your group has
been asked to evaluate the network design and determine the IDS/IPS solution.
Tasks 5.1
Involve your entire team to answer these questions:
•
How can I use an IPS to benefit my security strategy?
•
What technologies are available to me?
•
Where do I deploy the technology?
•
How do I manage the information an IPS will provide?
Provide sources and documentation to support your answers in a word document format.
© 2009 Cisco Learning Institute
CCNA Security – Chapter 5 Case Study
Tasks 5.2
To stop incoming malicious traffic, the network must first be able to identify it. As sensors scan network
packets, they use signatures to detect known attacks and respond with predefined actions. A malicious
packet flow has a specific type of activity and signature. An IDS or IPS sensor examines the data flow
using many different signatures. When a sensor matches a signature with a data flow, it takes action,
such as logging the event or sending an alarm to IDS or IPS management software.
Companies like Cisco Systems investigate and creates signatures for new threats and malicious behavior
as they are discovered and publishes them regularly. Typically, lower priority IPS signature files are
published biweekly. If the threat is severe, they may be publishes within hours of identification. To protect
a network, the signature file must be updated regularly.
Please have your team put together a demonstration to show how this process will be performed
by your team. Explain how they will identify the latest signature files and authenticate the files
during installation.
Tasks 5.3
One of the most important tasks in deploying successful IPS/IDS systems is system management and
monitoring. This includes the location and implementation of the device. Please have your team use the
table below to explain the tools to manage and monitor our IPS/IDS systems.
Monitoring
Managing
© 2009 Cisco Learning Institute