Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
6
Replies

IDS 4125 , web interface access, CLI access, monitoring

zillah2004
Level 1
Level 1

‎11-25-2006 11:58 PM - edited ‎03-10-2019 03:20 AM

I knew that we can use ciscowork 2000 to monitor IDS.

1- But can I use Cisco security agent to monitor IDS as well ?

2- Are there any other software for monitoring IDS beside ciscowork 2000 ?

3- Does IDS 4125 itself have web interface for monitoring ?

4- We have got IDS 4125 at work (production line), I tried to access it through web interfaces, I tried all of these without any success:

https(with s)://192.168.x.x,and https(with s)://192.168.x.x:443, http(without s)://192.168.x.x, I could not, then I tried to access it through console without any success.

I can telent to it.

Regards

Regards

Labels:
0 Helpful
6 Replies 6

zillah2004
Level 1
Level 1

‎11-27-2006 04:18 AM

Any help or comment ?

Thanks

0 Helpful

mhellman
Level 7
Level 7

‎11-27-2006 05:58 AM

1) No. CSA is a host based IDS. Do you mean Cisco Security Manager? I'm not positive, but I don't think the CSM supports event monitoring like the old CiscoWorks/VMS did.

http://www.cisco.com/en/US/customer/products/ps6498/products_data_sheet0900aecd803ffd5c.html

2)Here are the Cisco tools:

IDS Event Viewer (free): http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

CSMARS: http://www.cisco.com/en/US/products/ps6241/index.html

CiscoWorks SIM(netforensics): http://www.cisco.com/en/US/products/sw/cscowork/ps5209/index.html

Otherwise, just do a google search for "Security Event Management" or similar. The Cisco IDS/IPS has enough market share that most vendors support them.

3) I'm not familiar with that model. Do you mean 4215? The 5.x version has an event monitoring web interface. I don't remember if the 4.x code does.

4) By default, the 5.x sensor will be listening on tcp port 443 for https connections and tcp port 22 for ssh connections. telnet is disabled by default. These can all be modified though.

0 Helpful

zillah2004
Level 1
Level 1
In response to mhellman

‎11-27-2006 06:28 AM

[cut]

CSA is a host based IDS

[/cut]

I see

[cut]

Do you mean Cisco Security Manager

[/cut]

i menat Cisco Security Agent (CSA) not Manager

[cut]

IDS Event Viewer (free)

[/cut]

no it is not free unfortunatly

[cut]

I'm not familiar with that model. Do you mean 4215?

[/cut]

yes, my mistake, sorry.

[cut]

I don't remember if the 4.x code does.

[/cut]

Yes we have got 4.1(1)S47 not 5

0 Helpful

mhellman
Level 7
Level 7
In response to zillah2004

‎11-27-2006 06:41 AM

[cut]

IDS Event Viewer (free)

[/cut]

no it is not free unfortunatly

How is it "not free"? You probably have to have a valid contract for an IPS device, but otherwise isn't it free? I know I've downloaded it and used it without giving anyone money;-)

0 Helpful

zillah2004
Level 1
Level 1
In response to mhellman

‎11-27-2006 07:22 AM

Could you please send me an email how to configure that ?

Regards

zillah

forwardtruth@yahoo.com

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to mhellman

‎11-27-2006 08:55 AM

IEV is available for "no additional charge" for users with an Cisco Services for IPS maintenance contract on their sensors.

So it is not technically free; it is already included in the base costs of the sensor and maintenance contracts.

Latest IEV for 5.x sensors is version 5.2(1):

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

Latest IEV for 4.x sensors is version 4.1(1):

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

(Note: the 4.1(1) IEV is no longer being updated as signature support for version 4.x sensors has ended.)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card