Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco IDS Management Options, please help

I need to deploy two CSIDS network probes now with a possibility of adding upto 20 more. To start with, I don't want to build a central CSIDS mangement system. I would prefer to go with just the network probes for now and manage them using the web interfaces. When I add more network probes, can I build the central CSIDS management system and get all the probes to report to the central system? If yes, what are my options? Are there any considerations I need to know about right now? Please help. Thanks.

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Cisco IDS Management Options, please help

It is very easy to add VMS to the setup. You do not have to re-image or re-install the sensors. On the sensor side, it only involves setting up the sensors to forward events to the VMS box. On the VMS side, it involves setting up the VMS box to receive events from and manage the sensors.

If your IDS Event Vjiewer box is the same as your VMS box, then you won't need to make any changes on your sensors - that is, assuming the IP address and hostname is the same for both boxes.

8 REPLIES
New Member

Re: Cisco IDS Management Options, please help

There are two things you need to be concerned with: managing alerts and managing the sensors.

You can manage the sensors with the IDS Device Manager. You cannot manage the alerts with the IDS device manager.

You can manage the alerts with the IDS Event Viewer or with VMS Security Monitor. IDS Even Viewer is free. In your case, I would recommend using the IDS Event Viewer until you're ready to purchase VMS.

Alternatively, you can manage the sensors by telneting to them and running commands, by using the menu, or by editing files if you know Solaris/UNIX pretty well.

In fact, you will need to do the initial setup with the menu if I remember correctly, but this doesn't involve much more than giving the command and control interface an IP address.

New Member

Re: Cisco IDS Management Options, please help

First, thanks for the quick post.

If I deploy 2 sensors right now using the IDS DM and IDS EV only or using CLI methods and decide to go with the VMS solution later, would that involve re-imaging or re-installation on the sensors? Or would it be a simple setting on the sensors to forward events and receive policy changes and config info from the VMS box? In other words, how easy is it to add the VMS to the setup?

Thanks.

New Member

Re: Cisco IDS Management Options, please help

It is very easy to add VMS to the setup. You do not have to re-image or re-install the sensors. On the sensor side, it only involves setting up the sensors to forward events to the VMS box. On the VMS side, it involves setting up the VMS box to receive events from and manage the sensors.

If your IDS Event Vjiewer box is the same as your VMS box, then you won't need to make any changes on your sensors - that is, assuming the IP address and hostname is the same for both boxes.

Bronze

Re: Cisco IDS Management Options, please help

It's even easier to upgrade to VMS when using 4.0 sensors. You probably won't need to do anything on the sensors other than allow the VMS system to talk to the sensor's IP address. With 4.0, the sensors don't push information to a mgmt. console. The mgmt. console subscribes to the sensor and pulls the information, so almost all of the command & control configuration setup occurs on the mgmt. side.

New Member

Re: Cisco IDS Management Options, please help

My understanding is that we have the VMS option or using the IDS DM and IDS EV and maybe with or without some unix utilities.

For Ver 4.x, does Cisco support the Unix Director or the CSPM?

Cisco Employee

Re: Cisco IDS Management Options, please help

CSPM and Unix Director do not support Version 4.x sensors.

Enterprise users will need to upgrade to VMS ( IDS Management Center and Security Monitor ) when they upgrade to version 4.x sensors.

New Member

Re: Cisco IDS Management Options, please help

Is VMS scalable to this size deployment? Is there a msg/second or device # limitation???

Cisco Employee

Re: Cisco IDS Management Options, please help

Hi Cheri,

The VMS is quite scalable. Security monitor can sustain upto 500 alarms/sec for IDS, 200 syslog/sec and the MCs can handle upto 300 devices.

Hope this helps you.

Thanks,

yatin

113
Views
15
Helpful
8
Replies
This widget could not be displayed.