With regard to the Upgrading of the above IDS device, just reading through the "Cisco IPS Active Update Bulletin: 06-05-2007" that was emailed to me it states:
"The S289 signature update can ONLY be applied to version 5.1(5)E1 or later sensors as follows:
This signature update is supported on the IDS-4210, IDS-4215, IDS-4235, IPS-4240, IDS-4250, IPS-4255 and IPS-4260 Series Sensor Appliances"
But reading the Readme file on the Website it states:
"The IPS-sig-S289-req-E1.pkg upgrade file can be applied to
the following sensor platforms:
- IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
- IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except the IDS-4210, IDS-4220, and IDS-4230)"
Which one is right?
It is a grey area.
The IDS-4210 was End-of-sale back on Dec 6, 2003:
By Cisco's Policy it will support signature updates on an End-of-sale sensor for a minimum of 3 years from the End-of-sale. So Signature Update support was guaranteed by policy only up till this past Dec 3, 3006.
However, nothing has been done to intentionally prevent signature udpates newer than Dec 2006 from being installed on an IDS-4210.
I am not aware of any plan at this point to intentionally prevent installation of siganture updates on an IDS-4210.
In addition understand that the policy is a minimum of 3 years, but I am not sure how much longer than 3 years it would be officially supported.
IPS 5.1 software will continue to receive signature updates for another 18 months, and it is possible these 5.1 sig updates will continue to be installable on an IDS-4210.
This confusion is likely why the 2 documents are not in sync.
In addition the E1 signature update readme was originally written for 6.0 updates and IDS-4210 is not supported in 6.0. The 5.1 versions did not switch to E1 until later. When the readme was updated to cover both 5.1 and 6.0 it is possible that the supported platform list change (to add back in IDS-4210) was just overlooked. So I am not sure if it was intentionally put in not to support the IDS-4210 or if it was an editing mistake.
Personally I would recommend going ahead and installing it (save off your config before upgrading just in case).
If it installs OK (no bugs pop up during installation), then you should be fine running it on your IDS-4210.
But if problems do arise in installation of a future signature update, then you hit that grey area. And I am not sure what the response would be if that were to happen.
I will send an email out to our internal team and see what the "official" word is on IDS-4210 sig update support.
I would, however, recommend that you go ahead and see about upgrading to a newer sensor model.