cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
671
Views
0
Helpful
5
Replies

How to choose a suitable IDS ??

ayue
Level 1
Level 1

Hi...my customer has an enquiry about implementing a IDS solution in his office. There is about 60 users in his office and they using 256K leased line to access internet and send/receive e-mail. Now they don't have firewall and they are using IP IOS in their 2651 router.

In this case, how can I propose a suitable IDS for them ??

What are the difference between they use IOS with FW/IDS and Cisco IDS Network Sensor ??

5 Replies 5

pbobby
Level 1
Level 1

The IDS module for switches or IDS on the PIX uses a subset of signatures to do it's job.

Not having a module myself I don't know exactly, but the signatures relate more to router/network device traffic rather than Windows networking, CGIs etc.

The 4230/4210 IDS sensor appliances are identical in the sense that they implement the full IDS capability offered by Cisco. The appliances however are constructed for different network data rates. The 4230 claims to handle up to 100MBps.

For your environment, I would suggest the 4210 sensor appliance. If you've got money go for it, ($15k for your solution), otherwise use Snort :)

mhossain
Cisco Employee
Cisco Employee

The IDS functionality supports in the IOS FW Feature Set supports a subset(57)of the signatures that are available on the full blown appliance sensors (400+).

Our IDS 4210 sensor can handle upto 45 Mbps of traffic and can easily be positioned in your network.

For more info. on the IDS product portfolio, pls. refer to www.cisco.com/go/ids

A little clarification to what pbobby and mhossain have posted::

PIX IDS functionality - signature subset (57 approx.)

IOS Firweall IDS functionality - signature subset (57 approx.)

IDS-42xx Appliances - Full signature set with signatures updates on average every 2 weeks

IDS-4210 - 45Mpbs

IDS-4230 - 100Mbps

IDSM - IDS Module for the Catalyst 6000 - WS-x6381-IDS - Full signature set with signature updates coming out less often than the appliance, the IDSM is usually 1 to 2 signature versions behind the appliance

IDSM - 120 Mbps approx.

The IDSM for the Cat 6K differs from the IDS Functionality in the IOS Firweall Feature set.

How can you run IDS on Cisco PIX? I've looked on the website but I could not find any information on it.

Thanks

Refer to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/advanced.htm#xtocid622919

The config note is for version 5.2 but should apply to all later versions as well.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: