[ LiB ]  
  1. mainApp Configures the sensor's OS and IP address; responsible for starting and stopping all other IDS applications.

  2. logApp Handles writing all application log messages to the log file and writes application error messages to the EventStore.

  3. NAC Network Access Control is used to control managed devices.

  4. ctlTransSource Controls transactions between sensors; enables NAC's master blocking capability.

  5. sensorApp Sensing engine; processes signature and alarm channel configurations and generates alert events in the EventStore.

  6. EventStore A 4GB, shared, memory-mapped file where all events are stored. Only sensorApp can store alert events in the EventStore.

  7. cidWebServer Consists of the following servlets:

    • IDM IDS Device Manager; a Web-based device management interface.

    • Event Server Serves events to external systems such as IDS Event Viewer (IEV).

    • Transaction Server Allows external management applications to initiate control transactions with the sensor.

    • IP log server Used to serve IP logs to external systems.

    • The Event Server, Transaction Server, and IP log server all use Remote Data Exchange Protocol (RDEP).

  8. Account privileges:

    • Administrator Account used to perform all operations on the sensor.

    • Operator A user who can perform all viewing and some administrative operations on the sensor.

    • Viewer A user who can perform all viewing operations.

    • Service A special role that allows the user to log in to a native OS shell; there can only be one service account at a time.

  9. The default sensor administrator username and password is cisco , cisco .

  10. Event Messages Contain IDS status, alarms, and error messages stored on sensors. Client applications such as IEV and Security Monitor use PostOffice Protocol or RDEP to collect these messages from sensors.

  11. IP logs Messages used by the management stations to collect actual packet data detected off the sensing ports.

  12. PostOffice A pushing protocol used in version 3.x and below to allow Event Messages collection. PostOffice requires a HostID, HostName, OrganizationID, and OrganizationName.

  13. RDEP A pull-based application-level communication protocol that formats the event messages and IP log messages into Extensible Markup Language (XML) documents.

  14. RDEP uses HTTPS (TLS/SSL) or HTTP communication between RDEP clients such as IEV and Security Monitor and the sensor.

  15. Communication protocols:


    IDS 4.0+ Communication Protocol

    IDS 4.0 (Master Blocker)


    IDS Event Viewer (IEV)


    Security Monitor


    IDS MC

    Telnet/Secure Shell (SSH)

    PIX Firewalls


    IOS Routers


    IDS 3.x


[ LiB ]  

CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
Year: 2004
Pages: 213 © 2008-2017.
If you may any questions please contact us: