A-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
APPENDIX
A
System Architecture
This appendix describes the IPS system architecture, and contains the following sections:
• IPS System Design, page A-1
• System Applications, page A-3
• User Interaction, page A-5
• Security Features, page A-5
• MainApp, page A-6
• SensorApp, page A-23
• CollaborationApp, page A-28
• SwitchApp, page A-30
• CLI, page A-30
• Communications, page A-32
• Cisco IPS File Structure, page A-35
• Summary of Cisco IPS Applications, page A-36
Understanding the IPS System Architecture
The purpose of the Cisco IPS is to detect and prevent malicious network activity. You can install the
Cisco IPS software on two platforms: appliances and the modules. The Cisco IPS contains a management
application and a monitoring application. The IDM is a network management JAVA application that you
can use to manage and monitor the IPS. The IME is an IPS network monitoring JAVA application that
you can use to view IPS events. The IME also contains the IDM configuration component. The IDM and
the IME communicate with the IPS using HTTP or HTTPS and are hosted on your computer.
IPS System Design
The Cisco IPS software runs on the Linux operating system. We have hardened the Linux OS by
removing unnecessary packages from the OS, disabling unused services, restricting network access, and
removing access to the shell.