Cisco IPS: Anomaly detection Introduction

Introduction Cisco IPS 4240 establishes a baseline (normal traffic) and uses this baseline to check for deviation from traffic patterns to determine if there is anomaly in the network. This detection technique mainly detects worm attacks originated from host/s in the network. Worm propagated by email, instant messages and file sharing cannot be detected by … Continue reading Cisco IPS: Anomaly detection Introduction

Cisco IPS: Inline Vlan Pair

Inline Vlan Pair scenario Traffic between Vlan 10 and 20 has to be inspected by IPS, in order to achieve this and to save valuable IPS interface inline vlan pair mode is selected for this setup. Step by step explanation on how the traffic flow works 1. Attacker initiates an attack from vlan 10, the … Continue reading Cisco IPS: Inline Vlan Pair