When it comes to your Cisco CCNP certification exams, success is in the details, and that's particularly true of your ISCW exam.
You're going to need to know all the vital details of configuring and troubleshooting Cisco's Intrusion Prevention System (IPS), both from the command line and via Security Device Manager (SDM).
We first need to draw a clear line between the operation of the Intrusion Prevention System and the Intrusion Detection System (IDS). Those terms sound similar, but they're quite different in operation.
An IDS does just what its name tells us - it detects network intrusion. Simple enough! However, the IDS is basically a "town crier" in that it will notify other network devices about the attack, but does not directly defend against the attack itself.
The IDS does not receive traffic flows directly. Instead, the traffic flows are mirrored to the IDS.
When infected traffic does hit the network, the IDS will see this and take appropriate action. The problem is that this appropriate action is not direct action; since the IDS is not in the traffic flow, it has to inform a network device that is in that flow that action must be taken.
By the time the IDS detects an issue and notifies the appropriate network devices, the beginning of the infected traffic flow is already in the network.
In contrast, our Intrusion Prevention System (IPS) does sit in the middle of the traffic flow - in this case, the IPS will actually be our Cisco router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the network.
Cisco's website describes the IPS as a "restructuring" of the IDS. While you'll see more of IPS than IDS in today's real-world networks, we have to be crystal clear on the differences between the two for the ISCW exam. Make sure you're comfortable with configuring IPS from the command line and by using SDM as well!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNP certification and CCNA certification tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.
Visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions!
A free 7-part course, "How To Pass The CCNA", is also available.
An illustrated version of this CCNP ISCW exam tutorial is available on the website.
Beckie Stewart(774) Beckie Stewart (3 days 16 hours ago.)
I suppose if I wanted to take a test in order to see if I know all this stuff, this article would be very practical for me. I am sure it will be useful for those who need to know this. Respond to this comment
Was
this article helpful to you? Leave a Public Comment or Question:
This Article has been viewed 14 times.
Article added to SearchWarp.com on Friday, May 09, 2008 View other articles written by Chris Bryant CCIE 12933(12,811)
If you found this article
interesting, you may want to check out:
Disclaimer: All information on this site is
provided for informational purposes only! By no means is any
information presented herein intended to substitute for the advice
provided to you by any health care or other professional or
organization.
