You are previewing Cisco Security Professional's Guide to Secure Intrusion Detection Systems.
O'Reilly logo
Cisco Security Professional's Guide to Secure Intrusion Detection Systems

Book Description

Cisco Systems, Inc. is the worldwide leader in networking for the Internet, and its Intrusion Detection Systems line of products is making in roads in the IDS market segment, with major upgrades having happened in February of 2003.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright page
  5. Acknowledgments
  6. Contributors
  7. Technical Editor, Contributor and Technical Reviewer
  8. Foreword
  9. Chapter 1: Introduction to Intrusion Detection Systems
    1. Introduction
    2. Understanding the AVVID Architecture
    3. Understanding the SAFE Blueprint
    4. Secure
    5. Threats
    6. Network Attacks
    7. Overview of IDS
    8. Defeating an IDS
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  10. Chapter 2: Cisco Intrusion Detection
    1. Introduction
    2. What Is Cisco Intrusion Detection?
    3. Cisco’s Network Sensor Platforms
    4. Cisco’s Host Sensor Platforms
    5. Managing Cisco’s IDS Sensors
    6. Deploying Cisco IDS Sensors
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  11. Chapter 3: Initializing Sensor Appliances
    1. Introduction
    2. Identifying the Sensor
    3. Initializing the Sensor
    4. Using the Sensor Command-Line Interface
    5. Configuring the SPAN Interface
    6. Recovering the Sensor's Password
    7. Reinitializing the Sensor
    8. Upgrading a Sensor from 3.1 to 4.0
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  12. Chapter 4: Cisco IDS Management
    1. Introduction
    2. Managing the IDS Overview
    3. Using the Cisco Secure Policy Manager
    4. Using the CSID Director for Unix
    5. How to Configure the CSID Director
    6. Using the IDS Device Manager
    7. Using the Cisco Network Security Database
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  13. Chapter 5: Configuring the Appliance Sensor
    1. Introduction
    2. Configuring SSH
    3. Configuring Remote Access
    4. Applying the Sensor Configuration
    5. Configuring Logging
    6. Upgrading the Sensor
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  14. Chapter 6: Configuring the Cisco IDSM Sensor
    1. Introduction
    2. Understanding the Cisco IDSM Sensor
    3. Configuring the Cisco IDSM Sensor
    4. Updating the Cisco IDSM Sensor
    5. Troubleshooting the Cisco IDSM Sensor
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  15. Chapter 7: Cisco IDS Alarms and Signatures
    1. Introduction
    2. Understanding Cisco IDS Signatures
    3. Understanding Cisco IDS Signature Series
    4. Configuring the Sensing Parameters
    5. Excluding or Including Specific Signatures
    6. Creating a Custom Signature
    7. Working with SigWizMenu
    8. Understanding Cisco IDS Alarms
    9. Identifying Traffic Oversubscription
    10. Summary
    11. Solutions Fast Track
    12. Frequently Asked Questions
  16. Chapter 8: Configuring Cisco IDS Blocking
    1. Introduction
    2. Understanding the Blocking Process
    3. Understanding Master Blocking
    4. Using ACLs to Perform Blocking
    5. Configuring the Sensor to Block
    6. Determining the Status of the Managed Device and Blocked Addresses
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
    10. Frequently Asked Questions
  17. Chapter 9: Capturing Network Traffic
    1. Introduction
    2. Switching Basics
    3. Configuring SPAN
    4. Configuring a SET-Based Switch for SPAN
    5. Configuring RSPAN
    6. Configuring VACLs
    7. Using Network Taps
    8. Using Advanced Capture Methods
    9. The simple local SPAN for a 2900 series switch can be configured in this way (see Figure 9.10):
    10. Dealing with Encrypted Traffic and 1Pv6
    11. Summary
    12. Solutions Fast Track
    13. Frequently Asked Questions
  18. Chapter 10: Cisco Enterprise IDS Management
    1. Introduction
    2. Understanding the Cisco IDS Management Center
    3. Installing the Cisco IDS Management Center
    4. Setting Up Sensors and Sensor Groups
    5. Configuring Signatures and Alarms
    6. How to Generate, Approve, and Deploy IDS Sensor Configuration Files
    7. Configuring Reports
    8. Administering the Cisco IDS MC Server
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  19. Chapter 11: Cisco Firewall/IDS IOS
    1. Introduction
    2. Understanding Cisco IOS-Based IDS
    3. Configuring the IOS-Based IDS
    4. Configuring IOS-Based IDS Signatures
    5. Responses from the IOS-Based IDS
    6. Verifying the IOS-IDS Configuration
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  20. Appendix A: Cisco IDS Sensor Signatures
    1. IP Signatures 1000 Series
    2. ICMP Signatures 2000 Series
    3. TCP Signatures 3000 Series
    4. UDP signatures 4000 series
    5. Web/HTTP signature series 5000
    6. Cross Protocol signature series 6000 series
    7. ARP signature series 7000 series
    8. Back Door signature series 9000 series
    9. String Matching signature series 8000 series
    10. Policy Violation signature series 10000 series
    11. Sensor Status Alarms
    12. IDS signatures groupedby software release version
  21. Index