Introducing Idsm-2; Introducing Nm-Cids - Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Installation Manual

Intrusion prevention system appliances and modules 5.0

Hide thumbs Also See for IPS-4240-K9 - Intrusion Protection Sys 4240:

Installation instructions manual (14 pages)

Getting started manual (12 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

page of 196

/ 196
Contents
Table of Contents
Bookmarks

Table of Contents

Modules

Introducing IDSM-2

The Cisco Catalyst 6500 Series Intrusion Detection System Services Module (IDSM-2) is a switching

module that performs intrusion prevention in the Catalyst 6500 series switch and 7600 series router. You

can use the CLI or IDSM to configure IDSM-2. You can configure IDSM-2 for promiscuous or inline

mode.

IDSM-2 performs network sensing—real-time monitoring of network packets through packet capture

and analysis. IDSM-2 captures network packets and then reassembles and compares the packet data

against attack signatures indicating typical intrusion activity. Network traffic is either copied to IDSM-2

based on security VACLs in the switch or is copied to IDSM-2 through the switch's SPAN port feature.

These methods route user-specified traffic to IDSM-2 based on switch ports, VLANs, or traffic type to

be inspected (see

Figure 1-3

Destination traffic

IDSM-2 searches for patterns of misuse by examining either the data portion and/or the header portion

of network packets. Content-based attacks contain potentially malicious data in the packet payload,

whereas, context-based attacks contain potentially malicious data in the packet headers.

You can configure IDSM-2 to generate an alert when it detects potential attacks. Additionally, you can

configure IDSM-2 to transmit TCP resets on the source VLAN, generate an IP log, and/or initiate

blocking countermeasures on a firewall or other managed device. Alerts are generated by IDSM-2

through the Catalyst 6500 series switch backplane to the IPS manager, where they are logged or

displayed on a graphical user interface.

Introducing NM-CIDS

The Cisco Intrusion Detection System Network Module (NM-CIDS) integrates the Cisco IDS

functionality into a branch office router. With NM-CIDS, you can implement full-featured IDS at your

remote branch offices. You can install NM-CIDS in any one of the network module slots on the Cisco

2600, 3600, and 3700 series routers. NM-CIDS can monitor up to 45 Mbps of network traffic. See

Software and Hardware Requirements, page 8-2

supported per router.

Installing Cisco Intrusion Prevention System Appliances and Modules 5.0

1-12

Figure

1-3).

IDSM-2 Block Diagram

Source traffic

Figure 1-4 on page 1-13

Cisco 6500 switch

Switch

backplane Copied VACL traffic

or SPAN traffic to

IDSM-2 monitor port

IDSM-2

Alarms and configuration through

IDSM-2 command and control port

IPS management console

for a list of supported routers. Only one NM-CIDS is

shows the router in a branch office environment.

Chapter 1

Introducing the Sensor

Destination traffic

Source traffic

78-16124-01

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Ids-4210 Ids-4215 Ids-4235 Ids-4250 Idsm-2 Ips-4240 ... Show all

Introducing Idsm-2; Introducing Nm-Cids - Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Installation Manual

Introducing IDSM-2

Introducing NM-CIDS

Hide quick links:

Related Manuals for Cisco IPS-4240-K9 - Intrusion Protection Sys 4240

Related Content for Cisco IPS-4240-K9 - Intrusion Protection Sys 4240

This manual is also suitable for:

Table of Contents