Cisco ASA 5510 with IPS Module

Posted on 2006-04-22
Last Modified: 2013-11-16
I am interested in hearing from anyone that knows about or uses the IPS features in the Cisco ASA.  I'm looking to see how's it used, best practices, etc.  How do you like it? User friendly?  What kind of ongoing administration do you do with it?  Do you do more logging or actually blocking certain traffic?  I look forward to your responses.

Question by:rvthost
    LVL 23

    Expert Comment

    by:Tim Holman
    If you are familiar with Cisco IDS, then you'll have no problems with Cisco IPS, as they are virtually the same.  The IPS software runs on an Intel/PCI/Red Hat core within the ASA, along with PIX v7.0 and a subset of the VPN3000 software.
    Taking a step back, what are you looking for, and why have you concluded that IPS features are an answer to your problems?
    If you get led down the Cisco path, bear in mind ASA technology, plus their IPS, is relatively immature technology and there are many ways to defeat it with rate-based and zero-day attacks.  As Cisco IPS is signature based, they need the signature before they can block the exploit.  If a new exploit is released into the wild, there will be a period of time before that exploit is discovered, and a signature included in the IPS code.
    LVL 11

    Author Comment

    Tim, thanks for your comments.  We currently have a PIX that will be replaced later this year, most likely with the ASA 5510.  I'm still toying with the IPS module.  I am not familiar with Cisco IDS, and quite frankly, not real familiar with any IDS.  I'm wondering if it's a decent starting point to become familiar.  The main objective is to begin learning, so we are better able to handle future challenges as we open more services to the public.
    LVL 23

    Accepted Solution

    A good grounding could be to start with the free versions of Smoothwall or Snort to gain grounding in firewall/IDS, then look at applying the 2 principles to whether or not you need more advanced IPS-style protection.
    Don't discount host-IPS, like Tripwire, or specific tools designed to protect webservers -Teros, Netcontinuum, Netscaler and the likes.
    Is there anything specific we can help with here?
    LVL 11

    Author Comment

    Tim - Thanks for the info.  Nothing specific at this time, but I'm sure there will be!  Thanks again.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now