Hi, I noticed that there is a monitoring piece in my PDM that includes IDS. But when I looked at the histories, there wasn't anything there. Is there something special to make it work, or is it a separate piece of hardware ?
PIX IOS has IDS with Limitied features. These features can identify certain attack signatures. Based on the configuration the malicious packets can be blocked etc.
My understanding is that IDS is already active by default. As Murthy suggested, it is an option to buy for more Intrusion Detection Signatures. By default I believe it comes with some standard 50 to 55 signatures.
The IDS features of the Pix are VERY limited and are not enabled by default. They are enabled per interface using the [ip audit] commands.
They are very basic and cannot be upgraded as an option. New Pix code releases are the only method to "upgrade" the IDS signatures. For example, pix 6.3.1 code included a few new signatures above 6.2.2.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
