For all practical purposes customers shouldn’t be un-retiring signatures on any Cisco IPS platform so this shouldn’t be a big deal. A retired signature is one that Cisco has decided is too outdated to be of much use anymore. Additionally, you will not be able to un-retire default retired signatures. The Cisco AIP SSC-5 does not support Cisco Global Correlation, Cisco Anomaly Detection, sensor virtualization, or custom signatures. There are a few features that Cisco took out of the SSC-5 due to its limited form factor. In fact, the IPS 6.2 code on the AIP card is almost the same as that of Cisco IPS appliances. The AIP SSC-5 supports the same signature set as its larger Cisco IPS appliance brethren. Very much like what you get with a span port on a switch. If you put the IPS card in promiscuous mode then the ASA will just send copies of the traffic to the card. You can use policies to determine what traffic you want to redirect to the IPS card and what you don’t. Inline mode is the most secure because it places the IPS directly into the traffic flow. The IPS card can be deployed in either Inline or promiscuous mode. You can either use CLI, IME, or ASDM to configure and monitor the card. The AIP SSC-5 does not have any physical ports on it so management is done through the ASA management ports. The 75Mbps performance with 4000 maximum connections per second should be able to accommodate just about any SOHO or branch office configuration, the sweet spot for the ASA5505. The AIP SSC-5 provides up to 75 Mbps of IPS or IDS throughput and supports both IPv4 and IPv6 networks. Adding full-blown IPS to the ASA5505 will substantially increase its ability to protect you. Ever wondered what that blank slot in your ASA5505 is for? Well now you know, it’s for a modular IPS card.
0 Comments
Leave a Reply. |