Flylib.com

Books Software

 
 
 

Category list


Similar pages

Need to Know More?


Buy on amazon.com >>
Newman D.P. Manalo K.M.
    << Previous page
    Table of contents
    Next page >>
    [ LiB ]  

    Need to Know More?

    graphics/www.gif For a comprehensive guide to IDS Maintenance Tasks using the Cisco IDS MC, refer to the document Using Management Center for IDS Sensors 1.2 at http://www.cisco.com/en/US/products/sw/cscowork/ps3991/index.html.

    graphics/www.gif The documents and material located on the Cisco Web site can help solidify complex topics. More details appear at http://www.cisco.com/en/US/products/sw/secursw/ps5052/index.html.

    [ LiB ]  
    [ LiB ]  

    Chapter 13. Monitor a Cisco IDS Protection Solution for Small and Medium Networks Using Cisco IDM and Cisco IEV

    Terms you'll need to understand:

    • IDS (Intrusion Detection System) Device Manager (IDM)

    • IDS Event Viewer (IEV)

    • Network Security Database (NSDB)

    • Context data buffer

    • Realtime Dashboard

    • Realtime Graph

    • Statistic Graph

    Techniques you'll need to master:

    • Adding devices to IEV

    • Creating custom views and filters on IEV

    • Navigating IEV to view alarm details

    • Performing database administration

    This chapter covers the features, requirements, and installation of Cisco IDM and how it's used to configure the IDS sensor. In addition, this chapter also describes the steps required to configure filters and views to help in alarm management with IEV. Finally, we cover the NSDB and IEV database administration functions and application settings and preferences.

    [ LiB ]  
    [ LiB ]  

    Cisco IDM and IEV Overview

    You can think of the Cisco IDM and IEV as the small office/home office (SOHO) equivalent to the IDS Management Center (MC) and Security Monitor for Virtual Private Network (VPN)/Security Management Solution (VMS), respectively. As scaled-down versions of their enterprise cousins IDS MC and Security Monitor, IDM and IEV offer features that are designed for use in smaller IDS deployments. Although IDM provides a graphical interface to manage a single sensor device, IEV allows you to monitor up to five IDS sensor devices.

    [ LiB ]  
    [ LiB ]  

    Cisco IDM

    The Cisco IDM is a compact Web graphical user interface (GUI) allowing you to tune signatures, configure signature groups, create custom signatures, and perform sensor administration and management tasks for an individual sensor. Its interface is similar to those of the IDS MC and Security Monitor for VMS. The main difference is that IDM doesn't include functions for configuring multiple sensors; for example, the configuration deployment workflow for sensors and sensor groups that is a core part of the IDS MC does not appear in IDM. The four tab sheets in IDM are Devices, Configuration, Monitoring, and Administration, allowing you to perform single-device configuration, management, monitoring, and administration tasks.

    We don't go into IDM in great detail because it's self-explanatory and it incorporates a comprehensive online help. More importantly, by mastering the navigation and configuration tasks using the IDS MC that are covered throughout this book, you will inevitably gain a strong command of IDM. As a final note on IDM, it has the Network Security Database (NSDB) built-in. The NSDB , which we introduced in Chapter 3, "Intrusion Detection Overview," is a component of IEV that provides information and vulnerabilities that signatures protect against. Simply click on a signature ID to display its associated entry in the NSDB.

    graphics/alert_icon.gif

    IDM recommends Netscape 4.79 or Internet Explorer 5.5 with Service Pack 2 (SP2) or higher as client browsers.


    [ LiB ]  

    Buy on amazon.com >>
    Newman D.P. Manalo K.M.
      << Previous page
      Table of contents
      Next page >>
       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy