Cisco Secure Intrusion Detection System

  • Published: Oct 10, 2001
  • Copyright 2002
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 912
  • Edition: 1st
  • Book
  • ISBN-10: 1-58705-034-X
  • ISBN-13: 978-1-58705-034-3

Register your product to gain access to bonus material or receive a coupon.

Exam preparation for IDSPM exam #9E0-572

More Information

DescriptionExtrasReviewsSample ContentUpdates

Product Description

Implement an around-the-clock network surveillance system with an authorized self-study guide

Organizations continue to deploy firewalls as their central gatekeepers to prevent unauthorized users from entering their networks. However, network security is in many ways similar to physical security in that no one technology serves all needs-rather, a layered defense provides the best results. Organizations are increasingly looking to additional security technologies to counter risk and vulnerability that firewalls alone cannot address. Network-based intrusion detection systems (IDSs) provide around-the-clock network surveillance. The Cisco Secure Intrusion Detection System (CSIDS) is a real-time, network-based IDS designed to detect, report, and terminate unauthorized activity throughout a network.

Based on the official instructor-led training course of the same name, Cisco Secure Intrusion Detection System provides a clear explanation of why network security is crucial in today's converged networking environment, how CSIDS improves the security on a network, and how to install and configure CSIDS. Following the course outline and enhanced with real-world case studies, this book is divided into seven parts: In Part I, you are exposed to how networks are attacked, along with ways to secure networks. This leads into Part II, which provides an explanation of the components of CSIDS and how they fit into a secure network design. The installation of CSIDS is examined in Part III. Part IV discusses the management of alarms. Normal traffic generates many alarms, both from actual attacks as well as false positives. Without proper management, this flood of alarms can render the IDS ineffective. Part IV also explains how the various types of alarm signatures are classified, along with the severity levels that can be associated with an alarm signature. Part V analyzes the configuration of the major features of CSIDS. This information allows you to configure your CSIDS in an efficient manner, thus providing the best security for the network. Part VI looks at the configuration of the Cisco Secure Intrusion Detection Director (CSIDD) platform, as well as the Cisco IOS(r) Firewall IDS. This book concludes with Part VII on upcoming features and enhancements planned for the CSIDS.

Whether you are preparing for the Cisco Security Specialist 1 certification or simply want to understand and make the most efficient use of intrusion detection systems, Cisco Secure Intrusion Detection System provides you with a complete solution for designing, implementing, and managing CSIDS networks.

  • Official study materials for the Cisco Security Specialist 1 IDSPM exam
  • Provides a comprehensive reference for the design, deployment, and management of the Cisco Secure Intrusion Detection System
  • Understand the basic concepts of network security and the Cisco Security Wheel
  • Learn about the concept of intrusion detection, the philosophy behind various IDSs, and the major components of the CSIDS
  • Evaluate CSIDS Sensor deployment by using both 4200 Series Sensors and Catalyst 6000 IDS modules to determine where to place sensors in your network
  • Install and configure CSPM as a Director platform to manage your CSIDS Sensors and analyze alarm information
  • Examine the multitude of signatures supported by CSIDS and understand how to effectively manage CSIDS alarms
  • Configure the major features of CSIDS, including IP blocking, sensor configuration, and signature filtering
  • Install and configure the Cisco Secure ID Director platform, the configuration management utility, and the Cisco IOS Firewall IDS
  • Examine feature updates and performance enhancements planned for the Cisco Secure IDS product line

Earl Carter is a Security Research Engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems, Inc.(r), where he performs security evaluations on numerous Cisco products, including everything from the PIX(r) Firewall and VPN solutions to Cisco CallManager and other VoIP products. Earl started with Cisco doing research for Cisco Secure Intrusion Detection System (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar).

Links

Read an interview with Earl Carter, courtesy of Help Net Security. Help Net Security's site receives more than 430,000 page views per month.

Customer Reviews

3 of 3 people found the following review helpful
5.0 out of 5 stars Excellent Reference for CiscoSecure IDS, October 27, 2001
By 
"booksters" (Bridgewater, NJ USA) - See all my reviews
This review is from: Cisco Secure Intrusion Detection System (Hardcover)
Its a direct portal from Cisco's CSIDS class. If you have the class materials, then you do not need this book. Otherwise, its the only book out there by Cisco, on CiscoSecure IDS (formerly Netranger) product line.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 3 people found the following review helpful
1.0 out of 5 stars Outdated before it even hit the shelves, January 6, 2004
By 
C. F Higgins (Warrenville, Illinois United States) - See all my reviews
(REAL NAME)   
This review is from: Cisco Secure Intrusion Detection System (Hardcover)
Cisco no longer uses, nor do they recommend CSPM (Cisco Secure Policy Manager). Therefore, 60% of this book is irrelivant information.

I wasted $60 on this book, only to find out later, that it was outdated.

Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
5.0 out of 5 stars Excellent Learning Tool and Constant Reference Guide., December 11, 2001
By 
This review is from: Cisco Secure Intrusion Detection System (Hardcover)
This book is one of the most well written I've seen from Cisco Press. It covers all area of the Cisco Secure IDS System without being too Wordy.

Chapter 10 contains a complete listing of all Signatures (at print time) that the CSIDS system can detect making this an excellent Reference book.

Keep this on your shelf and close by!!!

Kudo's to Earl Carter for the excellent job in Editing!!!

Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Share your thoughts with other customers:
 See all 6 customer reviews...

Index

Download - 492 KB -- Index

Table of Contents

I. INTRODUCTION TO NETWORK SECURITY.

1. Need for Network Security.

Security Threats. Security Concepts. The Phases of an Attack. Attack Methodologies. Network Attack Points. Hacking Tools and Techniques.

2. Cisco Security Wheel.

Securing the Network. Monitoring Network Security. Testing Network Security. Improving Network Security.

II. INTRUSION DETECTION AND THE CSIDS ENVIRONMENT.

3. Intrusion Detection Systems.

IDS Triggers. IDS Monitoring Locations. Hybrid Characteristics.

4. Cisco Secure IDS Overview.

System Function and Features. Sensor Platforms and Modules. Director Platforms. Cisco Secure IDS and the PostOffice Protocol.

III. CSIDS INSTALLATION.

5. Cisco Secure IDS Sensor Deployment.

Preparing for Deployment: Analyzing Your Network Topology. Executing the Deployment: Sensor Installation Considerations.

6. Cisco Secure Policy Manager Installation.

CSPM Overview. CSPM Installation Requirements. CSPM Installation Settings and Options. Starting CSPM.

7. 4200 Series Sensor Installation Within CSPM.

Understanding the Sensor Appliance. Configuring the Sensor Bootstrap. Adding a Sensor to a CSPM Director.

IV. ALARM MANAGEMENT AND INTRUSION DETECTION SIGNATURES.

8. Working with Cisco Secure IDS Alarms in CSPM.

Managing Alarms. Customizing the Event Viewer. Preference Settings. Connection Status Pane.

9. Understanding Cisco Secure IDS Signatures.

Signature Definition. Signature Classes. Signature Types. Signature Severity.

10. Signature Series.

IP Signatures (1000 Series). ICMP Signatures (2000 Series). TCP Signatures (3000 Series). UDP Signatures (4000 Series). Web/HTTP Signatures (5000 Series). Cross-Protocol Signatures (6000 Series). String-Matching Signatures (8000 Series). Policy-Violation Signatures (10000 Series).

V. CSIDS CONFIGURATION.

11. Sensor Configuration Within CSPM.

CSPM Sensor Configuration Screens. Basic Configuration Changes. Log File Configuration. Advanced Configuration Changes. Pushing a New Configuration to Your Sensor.

12. Signature and Intrusion Detection Configuration.

Basic Signature Configuration. Signature Templates. Signature Filtering. Advanced Signature Configuration. Creating ACL Signatures.

13. IP Blocking Configurations.

Understanding ACLs. ACL Placement Considerations. Configuring the Sensor for IP Blocking.

14. Catalyst 6000 IDS Module Configuration.

Understanding the Catalyst 6000 IDS Module. IDSM Ports and Traffic Flow. Capturing Traffic. Configuration Tasks. Updating IDSM Components. Troubleshooting.

VI. CISCO SECURE INTRUSION DETECTION DIRECTOR (CSIDD).

15. Cisco Secure ID Director Installation.

Director Software Installation. Starting the Director. Sensor Configuration.

16. The Configuration File Management Utility (nrConfigure).

Working with nrConfigure. Host Types for Add Host Wizard. Connecting to a Previously Configured Sensor. Verifying That the Sensor Is Added to nrConfigure. Verifying That the Sensor Is Added to the Cisco Secure IDS Submap. Deleting a Sensor. Removing the Sensor Icon. Working with the Configuration Library.

17. Cisco IOS Firewall Intrusion Detection System.

Cisco IOS Firewall IDS and Intrusion Detection. Supported Router Platforms. Deployment Issues. Signatures. Configuration Tasks.

VII. CISCO SECURE IDS UPCOMING RELEASES.

18. Planned Cisco Secure IDS Enhancements.

Version 3.0. Version 4.0. Sensor Enhancements. Cisco Secure IDS-User-Defined Signatures.

VIII. APPENDIXES.

Appendix A: Deploying Intrusion Detection: Case Studies.

Using Cisco IOS Firewall IDS. Sending SYSLOG Data to a Cisco Secure IDS Sensor. Managing a Router with a Cisco Secure IDS Sensor. Cisco Secure IDS Tiered Director Hierarchy. Setting Up Multiple IDSM Blades in the Same Chassis.

Appendix B: Cisco Secure IDS Architecture.

Cisco Secure IDS Software Architecture. Cisco Secure IDS Communications. Cisco Secure IDS Commands. Cisco Secure IDS Directory Structure. Cisco Secure IDS Configuration Files. Communications.

Appendix C: Cisco Secure ID Director Basic Troubleshooting.

Director Problems. Sensor Problems. Oracle Problems. Data Management Package Problems. nrConfigure Problems. Online Help and NSDB.

Appendix D: Cisco Secure IDS Log Files.

Levels of Logging. Log File Naming Conventions. Log File Locations. Closing Active Files. Archived Log Files. Event Record Fields.

Appendix E: Advanced Tips 749.

Correcting a Sensor That Does Not Sniff. Using the Sensor COM Port for Console Access. Excluding False-Positive Alarms.

Appendix F: Cisco Secure IDS Signature Structures and Implementations.

Appendix G: Cisco Secure IDS Signatures and Recommended Alarm Levels.

General Signatures. Connection Signatures. String Signatures. ACL Signatures.

Appendix H: Cisco IOS Firewall IDS Signature List.

Information Signatures. Attack Signatures.

Appendix I: Cisco Secure Communications Deployment Worksheet.

Appendix J: Glossary.

Appendix K: Answers to Review Questions.

Errata

Errata. - 21 KB -- 158705034Xerrata.doc

Purchase Reward: One Month Free Subscription
By completing any purchase on Cisco Press, you become eligible for an unlimited access one-month subscription to Safari Books Online.

Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.

Related Articles

CCNP Security VPN: Advanced Easy VPN Authorization
By Howard Hooper.
Nov 12, 2012
Best Practices for Deploying Secure Cisco IP Telephony Solutions
By Akhil Behl.
Oct 31, 2012
CCNA Security Portable Command Guide: Network Foundation Protection
By Bob Vachon.
Oct 25, 2012

You May Also Like

CCNA Security 640-554 LiveLessons (Video Training)
By Keith Barker.
ISBN-13: 978-0-7897-4858-4
Dec 3, 2012
$119.99 (Save 20%)
Cisco ICND2 Self Study Guide, 3rd Edition and Cisco CLL Virtual Lab Bundle, 3rd Edition
By Stephen McQuerry, Cisco Systems, Inc..
ISBN-13: 978-1-58720-452-4
Jul 18, 2012
$106.25 (Save 15%)
CCNP Security FIREWALL 642-618 Official Cert Guide Premium Edition eBook and Practice Test
By David Hucaby, Dave Garneau, Anthony Sequeira.
ISBN-13: 978-0-13-297943-6
May 27, 2012
$55.99 (Save 20%)

Safari Bookshelf Titles

Email Security with Cisco IronPort
By Chris Porter.
Apr 23, 2012
CCIE Wireless Exam (350-050) Quick Reference
By Roger Nobel, Federico Ziliotto, Federico Lovison, Fabian Riesen, Erik Vangrunderbeek.
Apr 12, 2012
Network Security First-Step, 2nd Edition
By Thomas M. Thomas, Donald Stoddard.
Dec 30, 2011