Sensor Management and Monitoring

Previous page
Table of content
Next page

To effectively use NIPS on your network, you need to be able to effectively configure your IPS sensors and monitor the alerts and other signature actions. Managing your NIPS sensors normally falls into the following two categories:

  • Small sensor deployments

  • Large sensor deployments

Small Sensor Deployments

With small sensor deployments, you need to manage only a few sensors. Configuring only a few sensors can usually be accomplished on an individual sensor basis. Monitoring alerts, however, is done across all your sensors to help correlate the events that are happening across your entire network.

In addition to an extensive command-line interface (CLI), each Cisco IPS network sensor runs an IPS Device Manager (IDM) application that enables you to configure the sensor using a secure graphical web-based interface. Both of these options enable you to easily configure your IPS sensors when you deploy only a few IPS sensors.

Note

The CLI interface on your Cisco sensors is accessible via the console port on the sensor and across the network. The default network CLI access is provided through Secure Shell (SSH). Telnet is also available but disabled by default because of security risks; the traffic is not encrypted.


For monitoring alerts, Cisco provides a simplified version of the Cisco Works Monitoring Center for Security (also known as Security Monitor) software. Security Monitor provides numerous features, such as the following:

  • Device monitoring

  • Web-based monitoring

  • Custom reporting

Using a compatible web browser, you can access the Security Monitor to administer and monitor the alerts from your IPS devices. Furthermore, you can easily use an extensive list of common reports to support your reporting requirements.

The functionality being provided by Security Monitor is also being integrated into Cisco Security Monitoring, Analysis and Response System (CS-MARS) software. The CS-MARS software provides a high-performance solution that supplies the following functionality:

  • Network-intelligent correlation

  • Incident validation

  • Attack visualization

  • Automated investigation

  • Leveraged mitigation

  • Compliance management

Eventually, MARS will become the primary software utilized to correlate security events from Cisco intrusion devices.

Large Sensor Deployments

If you deploy a large number of sensors across your network, configuring each sensor individually can become impractical. Just tuning a signature (across all your sensors) is an extremely time-consuming task unless you can automate the process.

Cisco provides the CiscoWorks Management Center for IPS Sensors (IPS MC) software to manage large deployments of IPS sensors. With the graphical web-based application, you can easily and efficiently configure large groups of sensors. For example, you can create a new signature and apply it to all the sensors that are members of a specific group of sensors.

As with small sensor deployments, you use CS-MARS or Security Monitor to monitor large sensor deployments. If you use the full version of the Security Monitor software, you can receive intrusion events from up to 300 Cisco IDS/IPS-capable devices, such as the following:

  • Sensor appliances

  • IDS modules

  • Router modules

  • IOS routers

  • PIX firewalls



Previous page
Table of content
Next page
Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115
Authors: Earl Carter, Jonathan Hogue
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
C++ GUI Programming with Qt 3
Cisco Voice Gateways and Gatekeepers
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
The Java Tutorial: A Short Course on the Basics, 4th Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy