CISCO IDS ARCHITECTURE AND COMMUNICATIONS PROTOCOLS

Previous page
Table of content
Next page
[ LiB ]  

  1. mainApp Configures the sensor's OS and IP address; responsible for starting and stopping all other IDS applications.

  2. logApp Handles writing all application log messages to the log file and writes application error messages to the EventStore.

  3. NAC Network Access Control is used to control managed devices.

  4. ctlTransSource Controls transactions between sensors; enables NAC's master blocking capability.

  5. sensorApp Sensing engine; processes signature and alarm channel configurations and generates alert events in the EventStore.

  6. EventStore A 4GB, shared, memory-mapped file where all events are stored. Only sensorApp can store alert events in the EventStore.

  7. cidWebServer Consists of the following servlets:

    • IDM IDS Device Manager; a Web-based device management interface.

    • Event Server Serves events to external systems such as IDS Event Viewer (IEV).

    • Transaction Server Allows external management applications to initiate control transactions with the sensor.

    • IP log server Used to serve IP logs to external systems.

    • The Event Server, Transaction Server, and IP log server all use Remote Data Exchange Protocol (RDEP).

  8. Account privileges:

    • Administrator Account used to perform all operations on the sensor.

    • Operator A user who can perform all viewing and some administrative operations on the sensor.

    • Viewer A user who can perform all viewing operations.

    • Service A special role that allows the user to log in to a native OS shell; there can only be one service account at a time.

  9. The default sensor administrator username and password is cisco , cisco .

  10. Event Messages Contain IDS status, alarms, and error messages stored on sensors. Client applications such as IEV and Security Monitor use PostOffice Protocol or RDEP to collect these messages from sensors.

  11. IP logs Messages used by the management stations to collect actual packet data detected off the sensing ports.

  12. PostOffice A pushing protocol used in version 3.x and below to allow Event Messages collection. PostOffice requires a HostID, HostName, OrganizationID, and OrganizationName.

  13. RDEP A pull-based application-level communication protocol that formats the event messages and IP log messages into Extensible Markup Language (XML) documents.

  14. RDEP uses HTTPS (TLS/SSL) or HTTP communication between RDEP clients such as IEV and Security Monitor and the sensor.

  15. Communication protocols:

    Device

    IDS 4.0+ Communication Protocol

    IDS 4.0 (Master Blocker)

    RDEP (HTTP/HTTPS)

    IDS Event Viewer (IEV)

    RDEP (HTTP/HTTPS)

    Security Monitor

    RDEP (HTTP/HTTPS)

    IDS MC

    Telnet/Secure Shell (SSH)

    PIX Firewalls

    Telnet/SSH

    IOS Routers

    Telnet/SSH

    IDS 3.x

    PostOffice


[ LiB ]  

Previous page
Table of content
Next page
CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
101 Microsoft Visual Basic .NET Applications
GO! with Microsoft Office 2003 Brief (2nd Edition)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy