From the course: Cisco Network Security: Intrusion Detection and Prevention

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

Trigger actions and responses

Trigger actions and responses - Cisco Routers Tutorial

From the course: Cisco Network Security: Intrusion Detection and Prevention

Start my 1-month free trial

Trigger actions and responses

- [Instructor] When there is a signature match, the intrusion detection/intrusion prevention system executes the corresponding action, alert, or logging function. The signature can trigger any of the following actions. It can generate an alert. An atomic alert is generated every time a signature triggers. A summary alert is a single alert that indicates multiple occurrences of the same signature from the same source address or port. It can log the activity so it can be analyzed later in more detail. For example, using a honeypot-based intrusion detection where the network administrator is simply monitoring the activity. It can drop and prevent the activity. This can stop an attack before it has a chance to perform malicious activity. It could reset a TCP connection to terminate a session that is suspicious which you might see the initial SYN packet come in and a SYN-ACK, but the intrusion prevention system will send a reset and stop the connection before it does any damage. It could…

Contents