Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Intrusion Detection System : Managing the IDS Overview

Managing the IDS Overview

Nov 24,2008 by admin

small font medium font large font
image

Managing the IDS Overview

Many organizations often struggle with intrusion detection solutions. The solutions are not always as straightforward as you might think. One of the major drawbacks of IDS solutions is experience with intrusion analysis and what exactly is being protected. IDS sensors have to be tuned to the organization and each organization is different. Different types of traffic and traffic flow can set off alarms, even though it may be considered normal traffic for a particular organization. As always, Cisco has graced us with multiple ways to manage the IDS sensors, CSPM, Unix Director, and IDM. The goal of any of the Cisco IDS management applications is to provide a method for configuring certain features of the IDS, configuring logging and to generate reports from the IDS. With the management application, it is possible to manage more than one IDS sensor without much difficulty, greatly reducing your workload, and allowing you to do it all from one centralized location. In the past, IDS sensors did not work very well unless there was an administrator in front of the IDS sensor scrutinizing every little record or alarm. The administrator had to be careful to tune signatures precisely in order to filter out the false positives and false negatives. But Cisco—and its tools—has taken a lot of the work out of IDS monitoring.

Up to now, one of the most common tools for managing Cisco IDS sensors has been CSPM. CSPM is a very scalable solution for centralized management of IDS sensors. CSPM does not only support Cisco IDS sensors but also other components within your enterprise, such as IP Security (IPSec), virtual private networks (VPNs), PIX firewalls, and IOS firewalls. CSPM allows you, the security administrator, to implement, enforce, and audit a security policy from a central location. CSPM provides a friendly graphical user interface (GUI) that gives administrators the ability to tune signatures for all the sensors in the enterprise or a single signature on one sensor. The ability to generate reports on demand or schedule them is also a benefit of having CSPM. If incidents are not being reported, the sensors may as well not even be on the network.

Another enterprise level management solution for multiple security components is the Cisco IDS Director. It runs on a Unix platform in the flavor of HP-UX or Sun Solaris. Another feature of the Director is the fact that it also has to run on top of HP OpenView. As you can tell right away, this solution is a very costly one. But, if you already have OpenView deployed in your enterprise, it might not be a bad solution to look into. Provided you have a robust enough system, the Director software can be loaded on an already existing OpenView platform running other OpenView applications.

Unlike CSPM and the Director, IDM is a web-based management solution that only allows you to configure and manage your IDS sensors on your network. IDM Web-based management is quickly becoming the management tool of choice for the Cisco IDS sensor. You can access your sensor right from your desktop or through a remote connection via a secure session. Both Netscape and Internet Explorer can be used to access the Web server. The Web server process runs locally on each IDS sensor. The best thing about IDM is it is FREE! It comes with 4.x and later IDS sensor software. It also comes with an Event Viewer to let you peruse alarms without having to parse through the log files, and allows you the luxury of viewing them from multiple sensors. The drawback to IDM is that you can only configure one sensor at a time.

There are different approaches with each of these, and thus some tips that will make your life easier. Currently, the push is towards Web-based management with the Cisco IDS device manager. Future trends show even more of a push towards a management solution that ties together almost all functionality from the different tools for Cisco's entire product line. Expect the functionality of all of these security management solutions to be integrated into VMS VPN/Security Management Solution in the near future.


243 times read

Related news
» Sensor Installation
by alperen posted on Mar 10,2010
» Using the Cisco Secure Policy Manager
by admin posted on Nov 24,2008
» Centralized Alarm Display and Management
by alperen posted on Feb 24,2010
» Managing Cisco's IDS Sensors
by admin posted on Nov 24,2008
» Cisco IDS Management
by admin posted on Nov 24,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.