Cisco Ccnp Iscw Certification Exam Tutorial: The Key Difference Between Ips And Ids}

Cisco CCNP ISCW Certification Exam Tutorial: The Key Difference Between IPS And IDS

by

Chris Bryant, CCIE #12933

When it comes to your Cisco CCNP certification exams, success is in the details, and that’s particularly true of your ISCW exam.

You’re going to need to know all the vital details of configuring and troubleshooting Cisco’s Intrusion Prevention System (IPS), both from the command line and via Security Device Manager (SDM).

We first need to draw a clear line between the operation of the Intrusion Prevention System and the Intrusion Detection System (IDS). Those terms sound similar, but they’re quite different in operation.

An IDS does just what its name tells us – it detects network intrusion. Simple enough! However, the IDS is basically a “town crier” in that it will notify other network devices about the attack, but does not directly defend against the attack itself.

The IDS does not receive traffic flows directly. Instead, the traffic flows are mirrored to the IDS.

When infected traffic does hit the network, the IDS will see this and take appropriate action. The problem is that this appropriate action is not direct action; since the IDS is not in the traffic flow, it has to inform a network device that is in that flow that action must be taken.

By the time the IDS detects an issue and notifies the appropriate network devices, the beginning of the infected traffic flow is already in the network.

In contrast, our Intrusion Prevention System (IPS) does sit in the middle of the traffic flow – in this case, the IPS will actually be our Cisco router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the network.

Cisco’s website describes the IPS as a “restructuring” of the IDS. While you’ll see more of IPS than IDS in today’s real-world networks, we have to be crystal clear on the differences between the two for the ISCW exam. Make sure youre comfortable with configuring IPS from the command line and by using SDM as well!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free

CCNP certification

and

CCNA certification

tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages. Visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! A free 7-part course, “How To Pass The CCNA”, is also available. Earn your

CCNA

with The Bryant Advantage!

Article Source:

Cisco CCNP ISCW Certification Exam Tutorial: The Key Difference Between IPS And IDS}