Cisco IPS 4200 Series of sensor appliances. The Cisco IPS 4200 Series greatly increases the scalability and throughput of the
security solution. Cisco also provides intrusion detection and prevention modules for the Cisco Catalyst 6500 Series. This illustrates the ability of Cisco security solutions to integrate natively into the infrastructure. The advanced intrusion prevention capabilities supported by Cisco IPS 4200 Series dedicated IPS appliances are also integrated into the Cisco ASA family. So it support doth radius as well as syslog.
I concur that there is nothing in the documentation regarding syslog or Radius.
The fact that IPS devices are often on the perimeter of a network means they shouldn't be made capable of sending Syslog or Radius back to the Trusted network. The only thing we should hear from IPS devices are requests for NTP, the Alerts they send, and the SSH requests to log in made by admins or boxes like MARS.
No, he's not kidding, and this is (yet another) disappointment of this product line. And no, don't go slapping pam_radius or other such under the hood yourself. With 5.x and 6.x, the underlying Linux OS is heavily stripped down and modified to run on flash only, rewrites many of its configs during boot, and overwrites most of the OS (or all) whenever there is a service pack.
There are many valid reasons to want to login to the box itself, CSM isn't always the answer (and please don't tell me MARS is, sigh). There needs to be radius/tacacs support on these boxes, but it hasn't happened yet.
I'll second the notion that modifying the sensor to support additional auth mechanisms might be a challenge. I think the v4 IDS used redhat or a variant of. They use busybox linux now, which is really stripped down.
CSM will probably make most auditors happy, but technically the sensors aren't using AAA. IMHO, CSA with AAA solves operational problems not security ones.
What's really sad is that MARS doesn't process IDS/IPS status events.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...