09-18-2003 04:41 PM - edited 03-09-2019 04:51 AM
I have been told that for the upcoming CCIE security lab, once they add the IDS sensor to it, will only focus on IDS device maanager and there will be nothing on the policy manager. Can anyone confirm this? And being new to IDS, is this also the case in the field? Has IPM replaced CSPM by a large extent in real world implementations?
09-18-2003 07:52 PM
I can confirm this in context to CCIE.
IDM is going to be used and not CSPM in the lab.
R/Yusuf
09-19-2003 08:34 AM
And in answer to real world.
Version 4.x of the sensors can not be managed by CSPM or the older Unix Director.
The only options available for managing the 4.x sensors are:
1) IDM (Intrusion Detection Device Manager) which runs from within a web server directly on each sensor and designed for configuring that one sensor.
(used by many customers with small deployments)
2) IDS MC (Intrusion Detection System Management Cetner) which is part of VMS (VPN and Security Management Solution). It is also web based and designed for configuring multiple sensors.
(used by most customers with multiple sensor deployments)
The options available for monitoring:
1) IEV (Intrusion Detection Event Viewer) which is a Windows based application for viewing alarms from up to 5 sensors.
(used by many of the same users as IDM)
2) SecMon (Security Monitor) which is part of VMS. It is web based and designed for viewing alarms from larger sensor deployments.
(used by the same users as IDS MC)
3) CTR (Cisco Threat Response) which is a web based application on a windows machine. It designed to receive alarms from up to 5 sensors and then do end target verification to determine if the attack was successful. This is currently a trial version. (several users are currently evaluating and using this technology)
4) SIMS (Cisco Security Information Management Solution) which is also web based and designed for monitoring of larger deployments. It is an OEM of the product from NetForensics.
5) Other vendors. There are several other vendors of security monitoring software that are able to receive our IDS alarms and display them in their viewer.
CSPM and Unix Director are not able to communicate using the new protocol over HTTP(S) used for configuring and monitoring the version 4.x sensors. Customers using these tools are encouraged to upgrade to VMS with IDS MC and SecMon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide