The Cisco 6500 Series IDS Services Module

The Cisco 6500 Alternation IDS Services Module

Like the IDS Bore for Cisco routers, Cisco additionally offers a bore for the Cisco 6500 alternation switch. Referred to as the IDSM, the bore occupies one or added slots in the 6500 chassis, authoritative it an accomplished IDS sensor best in networks area the 6500 belvedere is already deployed. There are two revisions of the IDSM, the IDSM-1 and the IDSM-2. The IDSM-2 is a far added able accessory alms bristles times the achievement of the IDSM-2. The IDSM-1 has been EOL and is no best accurate either with account packs or signature updates. Some of the added differences in functionality amid the revisions are accent in Table 2.2.

Table 2.2: IDSM-1 vs. IDSM-2 Comparison

Functionality

IDSM-1

IDSM-2

Performance

250 Mbps

600 Mbps

SPAN/RSPAN

X

X

VACL Capture

X

X

Shunning

X

X

IEV

X

X

VMS

X

X

IDM

X

TCP Resets

X

IP Logging

X

CLI

X

Signature Micro Engines

X

Same Code as Appliances

X

Fabric Enabled

X

SNMP

Unix Director

X

CSPM

X

Event retrieval method

PostOffice

RDEP

Slot Size (form factor)

1 RU

1RU

Local Accident Store

100,000 Events

N/A, retrieved

As can be seen, the IDSM-2 bore has far greater capabilities. Indeed, because it runs the Cisco IDS 4.0 software, it incorporates all of the functionality of the Cisco 4200 IDS alternation accessories while carrying 600 Mbps of performance. The account of the IDSM is that it takes abstracts anon from the about-face backplane and can adviser any cartage beatific beyond the switch. Abstracts to be monitored can be defined by SPAN and RSPAN or by VLANS via VACL abduction mechanisms.

Besides performance, noteworthy differences amid the two revisions accommodate added administration capabilities and added aegis features. For instance, the IDSM-2 bore facilitates administration via the Cisco VPN/Security Administration Band-aid (VMS), Cisco IDS Accessory Manager (IDM), IDS Accident Viewer (IEV), and via the CLI. Additionally, the IDSM-2 supports avant-garde IDS appearance such as TCP Resets, IP Logging, and Signature Micro Engines while the IDSM-1 does not. Also, the new IDSM supports Cisco's new adjustment of accident retrieval, Remote Abstracts Exchange Protocol (RDEP) admitting IDSM-1 supports PostOffice Protocol only.

On the IDSM-2 there is no absolute to the cardinal of VLANs monitored on the bore and no appulse to cartage traversing the switch. Furthermore, the alone absolute to the cardinal of IDS modules in a Catalyst 6500 is the cardinal of chargeless slots in the chassis. Finally, it should be acclaimed that Cisco no best sells the IDSM-1 as of April, 2003. All of this advice and added will be discussed in detail in Chapter 6, which focuses on the IDSM band-aid specifically.