Filter
Top Products
A-36
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix A System Architecture
Summary of Cisco IPS Applications
Summary of Cisco IPS Applications
Table A-2 gives a summary of the applications that make up the IPS.
Table A-2 Summary of Applications
Application Description
AuthenticationApp Authorizes and authenticates users based on IP address, password,
and digital certificates.
Attack Response Controller An ARC is run on every sensor. Each ARC subscribes to network
access events from its local Event Store. The ARC configuration
contains a list of sensors and the network access devices that its local
ARC controls. If an ARC is configured to send network access events
to a master blocking sensor, it initiates a network access control
transaction to the remote ARC that controls the device. These
network access action control transactions are also used by IPS
managers to issue occasional network access actions.
CLI Accepts command line input and modifies the local configuration
using the IDAPI.
CollaborationApp Shares information with other devices through a global correlation
database to improve the combined efficacy of all the devices.
Control Transaction Server
1
Accepts control transactions from a remote client, initiates a local
control transaction, and returns the response to the remote client.
Control Transaction Source
2
Waits for control transactions directed to remote applications,
forwards the control transactions to the remote node, and returns the
response to the initiator.
IDM The Java applet that provides an HTML IPS management interface.
IME The Java applet that provides an interface for viewing and archiving
events.
InterfaceApp Handles bypass and physical settings and defines paired interfaces.
Physical settings are speed, duplex, and administrative state.
Logger Writes all the log messages of the application to the log file and the
error messages of the application to the Event Store.
MainApp Reads the configuration and starts applications, handles starting and
stopping of applications and node reboots, handles software
upgrades.
NotificationApp Sends SNMP traps when triggered by alert, status, and error events.
NotificationApp uses the public domain SNMP agent. SNMP GETs
provide information about the general health of the sensor.
SDEE Server
3
Accepts requests for events from remote clients.
SensorApp Captures and analyzes traffic on the monitored network and generates
intrusion and network access events. Responds to IP logging control
transactions that turn logging on and off and that send and delete IP
log files.