Solutions Fast Track
What Is Cisco Intrusion Detection?
-
Cisco Intrusion Detection is a holistic approach to security based on accurate threat detection, intelligent threat investigation and mitigation, ease of management, and flexible deployment options.
-
Cisco delivers each of these concepts through flexible Network IDS hardware and Host IDS software, well-crafted Cisco IDS software, and powerful, scalable Cisco IDS management software.
-
Cisco's Intrusion Detection approach is backed by the power of Cisco Support and by the Cisco Countermeasures Research Team (C-CRT) for up-to-date network defense and expertise.
Cisco's Network Sensor Platforms
-
Cisco offers a wide range of IDS performance capability starting at 45 Mbps with the Cisco 4210 IDS Sensor and ending at 1 Gbps with the Cisco 4250 XL Sensor.
-
Organization can leverage existing infrastructure by deploying IDS Modules in Catalyst 6500 switches and in 2600, 3600, and 3700 routers.
-
All of Cisco Network Sensors run Cisco IDS 4.0 software, providing a holistic and easily managed IDS infrastructure.
Cisco's Host Sensor Platforms
-
Cisco provides Host IDS sensors for Sun Solaris and Microsoft Operating Systems that incorporate signature detection and behavior anomaly analysis functionality.
-
The Host Sensor is available in two forms: the Standard Agent and the Web Edition Agent.
-
The Cisco Web Edition Agent host sensor provides additional, web-server focused protection for Apache, iPlanet, and Microsoft web server software.
Managing Cisco IDS Sensors
-
Cisco Network IDS sensors can be managed via CLI, IVE, and IDM. These are all provided as part of the Cisco IDS 4.0 software.
-
Larger, enterprise environments can use CiscoWorks VMS instead of IVE and IDM to provide more centralized, scalable management capabilities.
-
The Cisco Host IDS Sensors can be managed by the Cisco IDS Host Sensor Console software or by the CiscoWorks VMS.
Deploying Cisco IDS Sensors
-
Before deploying IDS sensors, security administrators should have a well-developed security policy and comprehensive understanding of the network and services infrastructure.
-
IDS sensors are typically deployed near critical services and network infrastructures such as server farms, ingress/egress points, and alternative access network locations.
-
Because IDS sensor performance is capable of gigabit speeds, it may be advisable to place IDS in the core of some networks