Cisco Secure IDS Director Support

The Cisco IOS Firewall intrusion detection capabilities have an enhanced reporting mechanism that permits logging to the Cisco Secure IDS Director console in addition to a Syslog server to provide a consistent view of all intrusion detection sensors throughout a network. Administrators can deploy the IOS Firewall IDS to complement their existing IDS systems. This allows IDS protection to be deployed to areas that might not support a Cisco Secure IDS Sensor. The IOS Firewall IDS signature features can be deployed alongside or independent of other Cisco IOS Firewall features.

The Cisco Secure IDS consists of three components:

• Sensor

• Director

• Post Office

Cisco Secure IDS Sensors, dedicated high-speed network appliances, analyze the content and context of individual packets to determine if traffic constitutes a threat. If a data stream appears unauthorized or suspicious, such as a ping sweep or a SATAN attack, the sensors can detect the policy violation in real-time, forward alarms to a Cisco Secure IDS Director management console, and remove the offender from the network.

The Cisco Secure IDS Director is a software-based management system that can monitor the activity of multiple Cisco Secure IDS Sensors located on local or remote network segments. Events are sent to the Director by an IDS Sensor or an IDSM that detects a security violation. The smid daemon on the Director interprets this event information and passes it to the nrdirmap daemon, which is responsible for displaying this information on the Director’s maps.

The Cisco Secure IDS Post Office Protocol is the communication backbone that allows Cisco Secure IDS services and hosts to communicate with each other. All communication is supported by a proprietary, connection-based protocol that can switch between alternative routes to maintain point-to-point connections.