12-14-2001 12:38 AM - edited 03-08-2019 09:24 PM
Hi...my customer has an enquiry about implementing a IDS solution in his office. There is about 60 users in his office and they using 256K leased line to access internet and send/receive e-mail. Now they don't have firewall and they are using IP IOS in their 2651 router.
In this case, how can I propose a suitable IDS for them ??
What are the difference between they use IOS with FW/IDS and Cisco IDS Network Sensor ??
12-14-2001 05:49 AM
The IDS module for switches or IDS on the PIX uses a subset of signatures to do it's job.
Not having a module myself I don't know exactly, but the signatures relate more to router/network device traffic rather than Windows networking, CGIs etc.
The 4230/4210 IDS sensor appliances are identical in the sense that they implement the full IDS capability offered by Cisco. The appliances however are constructed for different network data rates. The 4230 claims to handle up to 100MBps.
For your environment, I would suggest the 4210 sensor appliance. If you've got money go for it, ($15k for your solution), otherwise use Snort :)
12-14-2001 07:10 AM
The IDS functionality supports in the IOS FW Feature Set supports a subset(57)of the signatures that are available on the full blown appliance sensors (400+).
Our IDS 4210 sensor can handle upto 45 Mbps of traffic and can easily be positioned in your network.
For more info. on the IDS product portfolio, pls. refer to www.cisco.com/go/ids
12-14-2001 11:38 AM
A little clarification to what pbobby and mhossain have posted::
PIX IDS functionality - signature subset (57 approx.)
IOS Firweall IDS functionality - signature subset (57 approx.)
IDS-42xx Appliances - Full signature set with signatures updates on average every 2 weeks
IDS-4210 - 45Mpbs
IDS-4230 - 100Mbps
IDSM - IDS Module for the Catalyst 6000 - WS-x6381-IDS - Full signature set with signature updates coming out less often than the appliance, the IDSM is usually 1 to 2 signature versions behind the appliance
IDSM - 120 Mbps approx.
The IDSM for the Cat 6K differs from the IDS Functionality in the IOS Firweall Feature set.
12-14-2001 11:42 AM
How can you run IDS on Cisco PIX? I've looked on the website but I could not find any information on it.
Thanks
12-14-2001 02:13 PM
Refer to:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/advanced.htm#xtocid622919
The config note is for version 5.2 but should apply to all later versions as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide