Chapter 14. Enterprise IDS Management with the Cisco IDS Management Center for VMS

Terms you'll need to understand:

• Virtual Private Network (VPN)/Security Management (VMS)

• Sensor device

• Sensor group

• Management Center for Intrusion Detection System Sensors (IDS MC) workflow

• Device tab sheet

• Configuration tab sheet

• Deployment tab sheet

• Pending deployment jobs

Techniques you'll need to master:

• Understanding the IDS MC architecture

• Identifying the IDS MC installation requirements

• Deploying configurations to sensor devices and sensor groups

• Configuring IDS MC communications settings

You might recall from Chapter 3, "Intrusion Detection Overview," that the IDS MC is a component of the VMS; the IDS MC works with Security Monitor for VMS to provide a Web-based interface for configuring, managing, maintaining, and monitoring multiple IDS sensors. You use the IDS MC to manage configurations for sensor devices and sensor groups; configuration files are stored in a database and deployed using the IDS MC workflow.

The IDS MC can manage sensor appliances with software version 3.0(1) S4, 4.0 and higher, and IDS Modules (IDSMs) with software version 3.0(5) S23 or higher. The IDS MC can manage configurations for up to 300 sensors and can import sensor configurations that have been configured by other IDS management tools. The IDS MC also allows you to push signature and sensor software updates out to sensors and sensor groups.

This chapter provides an overview of Enterprise IDS and its hierarchical elements, walks you through the IDS MC installation process and interface, and then guides you through configuration and management tasks using the IDS MC workflow.