Contents
xxiii
Cisco Intrusion Prevention System Manager Express Configuration Guide for IPS 7.1
OL-19891-01
Installing the ASA 5585-X IPS SSP System Image Using the hw-module
Command
27-31
Installing the ASA 5585-X IPS SSP System Image Using ROMMON 27-33
APPENDIX
A System Architecture A-1
Purpose of Cisco IPS A-1
System Design A-1
System Applications A-4
User Interaction A-5
Security Features A-5
MainApp A-6
Understanding the MainApp A-6
MainApp Responsibilities A-6
Event Store A-7
Understanding the Event Store A-7
Event Data Structures A-8
IPS Events A-9
NotificationApp A-9
CtlTransSource A-11
Attack Response Controller A-12
Understanding the ARC A-13
ARC Features A-14
Supported Blocking Devices A-15
ACLs and VACLs A-16
Maintaining State Across Restarts A-16
Connection-Based and Unconditional Blocking A-17
Blocking with Cisco Firewalls A-18
Blocking with Catalyst Switches A-19
Logger A-19
InterfaceApp A-20
AuthenticationApp A-20
Understanding the AuthenticationApp A-20
Authenticating Users A-20
Configuring Authentication on the Sensor A-21
Managing TLS and SSH Trust Relationships A-21
Web Server A-23
SensorApp A-23
Understanding the SensorApp A-23
Inline, Normalization, and Event Risk Rating Features A-24