Solutions Fast Track

Solutions Fast Track

What Is Cisco Intrusion Detection?

  • Cisco Intrusion Detection is a holistic approach to security based on accurate threat detection, intelligent threat investigation and mitigation, ease of management, and flexible deployment options.

  • Cisco delivers each of these concepts through flexible Network IDS hardware and Host IDS software, well-crafted Cisco IDS software, and powerful, scalable Cisco IDS management software.

  • Cisco's Intrusion Detection approach is backed by the power of Cisco Support and by the Cisco Countermeasures Research Team (C-CRT) for up-to-date network defense and expertise.

Cisco's Network Sensor Platforms

  • Cisco offers a wide range of IDS performance capability starting at 45 Mbps with the Cisco 4210 IDS Sensor and ending at 1 Gbps with the Cisco 4250 XL Sensor.

  • Organization can leverage existing infrastructure by deploying IDS Modules in Catalyst 6500 switches and in 2600, 3600, and 3700 routers.

  • All of Cisco Network Sensors run Cisco IDS 4.0 software, providing a holistic and easily managed IDS infrastructure.

Cisco's Host Sensor Platforms

  • Cisco provides Host IDS sensors for Sun Solaris and Microsoft Operating Systems that incorporate signature detection and behavior anomaly analysis functionality.

  • The Host Sensor is available in two forms: the Standard Agent and the Web Edition Agent.

  • The Cisco Web Edition Agent host sensor provides additional, web-server focused protection for Apache, iPlanet, and Microsoft web server software.

Managing Cisco IDS Sensors

  • Cisco Network IDS sensors can be managed via CLI, IVE, and IDM. These are all provided as part of the Cisco IDS 4.0 software.

  • Larger, enterprise environments can use CiscoWorks VMS instead of IVE and IDM to provide more centralized, scalable management capabilities.

  • The Cisco Host IDS Sensors can be managed by the Cisco IDS Host Sensor Console software or by the CiscoWorks VMS.

Deploying Cisco IDS Sensors

  • Before deploying IDS sensors, security administrators should have a well-developed security policy and comprehensive understanding of the network and services infrastructure.

  • IDS sensors are typically deployed near critical services and network infrastructures such as server farms, ingress/egress points, and alternative access network locations.

  • Because IDS sensor performance is capable of gigabit speeds, it may be advisable to place IDS in the core of some networks