In this chapter, you will learn to:
Explain the functions and features of CIDS
List all CIDS Sensor platforms and their features
Classify all CIDS Director platforms and their features
Understand the function and features of the IDS PostOffice protocol
Apply the addressing scheme used by the PostOffice protocol
List and understand the common daemons used with CIDS
Use common commands to configure and view the configurations of CIDS components
Understand the architecture of both the sensor and director platforms
Recognize the directory structure of CIDS
Understand the type of log files generated by the CIDS infrastructure
Cisco’s IDS (CIDS) is a network-based intrusion detection system that uses signatures to trigger alarms and detect attacks. The Cisco IDS is composed of network probes that provide constant real-time monitoring of the network and the director platform that’s used to display alarms and manage the IDS environment. Communication between the sensors and the director platforms is facilitated by the Cisco proprietary PostOffice protocol. With network probes and the accompanying director platforms, CIDS allows security managers to have real-time views of their network security. As the network grows and changes, probes can be added or moved to provide continual IDS coverage, regardless of network size.
This chapter focuses on the functions and features of the Cisco IDS system. Additionally, this chapter discusses Cisco’s two director platforms, Cisco’s 4200 series network sensors, and the Intrusion Detection System Module (IDSM) for the Catalyst 6500 series switch.