Best Practices for IDS/IPS Sensor that are discussed in Chapter 14, apply to the IDSM-2 blade as well. In addition to the best practices listed there, here are some recommendations for implementing IDSM-2:
Use VACL instead of SPAN when possible to filter out unnecessary traffic.
Assign a Command and Control interface to a secured VLAN that is isolated from the rest of the network so that the security policy may be applied to the VLAN to secure the IDSM-2 blade.
Be mindful of the amount of traffic spanning to the IDSM-2 blade. If the traffic volume crosses the limit that the IDSM-2 blade can handle, the IDSM-2 may become unresponsive or crash.
Implement AAA on the switch so that IDSM-2 access can be limited for certain users using authorization configuration.