04-11-2003 05:44 AM - edited 03-09-2019 02:52 AM
Hello
I am new to IDS. I am experienced with Cisco security, though I have never worked with and IDS system. I was wondering if Cisco had an Example Config page like they do for the PIX firewall. I would like to see some examples on how to set it up and where to place the command and control interface and monitoring interface. Also if someone has any good white papers on the IDS that would be greatly appreciated.
Thanks
Anthony
04-11-2003 06:14 AM
Take a look at the main product page for the 4200 Series Sensors:
IDS 4200 Series Products Page
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html
White Paper on Cisco's Web Site:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper09186a0080092334.shtml
Snort's web site also has some good IDS documentation as well.
Hope this helps!
-Denny
04-11-2003 07:01 AM
I second the motion. We too have new IDS 4210's. The docs are poor when it comes to explaining things.
Most things (like shunning) are inferred, not explained.
Most options in the configs are not explained nor documented - Like in Signature Configuration, what's the definitions of the 5 different EventActions? What do you specifically edit to make a Signature create a access-list block?
Heck, anybody have an example of the rule the sends a disconnect to anyone sending a email with the word "special" in the FROM address field?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide