×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to choose a suitable IDS ??

Unanswered Question
Dec 14th, 2001
User Badges:

Hi...my customer has an enquiry about implementing a IDS solution in his office. There is about 60 users in his office and they using 256K leased line to access internet and send/receive e-mail. Now they don't have firewall and they are using IP IOS in their 2651 router.

In this case, how can I propose a suitable IDS for them ??

What are the difference between they use IOS with FW/IDS and Cisco IDS Network Sensor ??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pbobby Fri, 12/14/2001 - 05:49
User Badges:

The IDS module for switches or IDS on the PIX uses a subset of signatures to do it's job.


Not having a module myself I don't know exactly, but the signatures relate more to router/network device traffic rather than Windows networking, CGIs etc.


The 4230/4210 IDS sensor appliances are identical in the sense that they implement the full IDS capability offered by Cisco. The appliances however are constructed for different network data rates. The 4230 claims to handle up to 100MBps.


For your environment, I would suggest the 4210 sensor appliance. If you've got money go for it, ($15k for your solution), otherwise use Snort :)



mhossain Fri, 12/14/2001 - 07:10
User Badges:
  • Cisco Employee,

The IDS functionality supports in the IOS FW Feature Set supports a subset(57)of the signatures that are available on the full blown appliance sensors (400+).


Our IDS 4210 sensor can handle upto 45 Mbps of traffic and can easily be positioned in your network.


For more info. on the IDS product portfolio, pls. refer to www.cisco.com/go/ids

marcabal Fri, 12/14/2001 - 11:38
User Badges:
  • Cisco Employee,

A little clarification to what pbobby and mhossain have posted::


PIX IDS functionality - signature subset (57 approx.)


IOS Firweall IDS functionality - signature subset (57 approx.)


IDS-42xx Appliances - Full signature set with signatures updates on average every 2 weeks

IDS-4210 - 45Mpbs

IDS-4230 - 100Mbps


IDSM - IDS Module for the Catalyst 6000 - WS-x6381-IDS - Full signature set with signature updates coming out less often than the appliance, the IDSM is usually 1 to 2 signature versions behind the appliance

IDSM - 120 Mbps approx.


The IDSM for the Cat 6K differs from the IDS Functionality in the IOS Firweall Feature set.


leo.vaughn Fri, 12/14/2001 - 11:42
User Badges:

How can you run IDS on Cisco PIX? I've looked on the website but I could not find any information on it.

Thanks

Actions

This Discussion