Notes

Outline

Chapter 15 Cisco Secure Intrusion Detection

Location of IDS Sensor Deployment

Interaction between IDS Sensor and Management Console

IDS Sensor

Sensor Response to Intrusions No action Shun Block attack by creating ACLs dynamically Log TCP Reset

IDS Signatures Signatures supported by Cisco IDS appliances and IDSM (1000+) http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl Signatures supported by IDS software in Cisco IOS router (< 100) http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/ios_ids.htm#xtocid127

Using a Router as the IDS Sensor