Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book


Cisco Secure IDS is a network-based intrusion detection system that uses a signature database to trigger intrusion alarms. Cisco Secure IDS is composed of the following two major components:

  • Sensor platform
  • Director platform

Interaction between these two components is accomplished via a communication infrastructure based on the proprietary PostOffice protocol.

Each Cisco Secure IDS Sensor has a monitoring interface and a command and control interface. Using the monitoring interface, the sensor compares network traffic against the signatures in its signature database. If unauthorized activity is detected, the sensor uses the command and control interface to inform the Director platform of the activity. Cisco Secure IDS supports two different sensor platforms:

  • 4200 Series Sensors
  • IDS Module for the Catalyst 6000 family of switches
The 4200 Series Sensors are PC appliances that can be placed at various locations throughout your network. The 4200 Series Sensors come in two varieties: IDS-4210 and IDS-4230.

IDSM is an actual integrated line card that operates directly on the Catalyst switch. It receives packets directly from the switch's backplane. The switch's performance is not impacted, however, because the IDSM operates on copies of the network packets. It is not located in the switch-forwarding path.

All of these sensors communicate with a Director platform that supplies a single GUI management interface for the end user. Cisco Secure IDS currently supports two Director platforms:

  • Cisco Secure Policy Manager (CSPM)
  • Cisco Secure Intrusion Detection Director

CSPM provides a management interface that supports many different Cisco products. IDS sensors are only one of these products. It runs on the Windows NT operating environment.

Cisco Secure IDS Director for UNIX uses HP OpenView to provide the GUI interface. The base operating system is Solaris or HPUX.

To communicate messages between the Director platform and the sensor platform, Cisco Secure IDS uses a proprietary protocol called the PostOffice protocol. This protocol provides numerous necessary features, such as the following:
  • Reliability
  • Redundancy
  • Fault tolerance
  • + Share This
  • 🔖 Save To Your Account