Jason,
Thanks for the info on the exam. I'm scheduled to take it on the 21st. I
just wanted to shed some light on the CPSM/IDS products. The IDS Director
software from what I could find was the original software that NetRanger
used. It would plug in with HPOV, but Cisco is phasing the Director
software out and moving everything to the good ole' Policy Manager platform.
As it stands right now CSPM will only run on NT, but according to Cisco a
version for W2k is "on the roadmap". If I had to guess the Director
software portion of the exam will be minimal, since they are moving away
from that platform.
I don't have any exp. installing the 6k blade, so that will all be new to me
as well. Where did you get this info, and could you post a link if
possible?
I just finished an install w/CSPM and IDS, and all I have to say is that
they are a long way from having a centralized management platform that will
take care of their entire Cisco Secure product line, which is what they are
marketing. I spoke with some people at Cisco and the CSPM development team
is separated into two groups, one for IDS and one for firewalls. That is
where the CSPM 2.3(i) and (f) come into play.
If you install 2.3(i) you get all of the cool IDS reporting features, which
is what anyone that installed an IDS wants. The draw back is that CSPM
won't automatically detect firewall configs, which sucks if you already have
firewalls deployed. This also means that you have to make all
configuration/IOS changes through CSPM, and the last thing is that CSPM
doesn't support any PIX IOS above 5.3!
If you install 2.3(f) you get all of the new firewall functionality, where
it will go out and detect existing firewall configurations etc., and it does
support newer IOS versions. You still can manage all of your firewall
configurations/IOS upgrades through CSPM, but if you need to make a change
via CLI you can and then just force CSPM to update itself with these new
changes. Draw back...you lose all of your IDS reporting functionality. You
can still setup an IDS and have it doing all of your shunning, tcp resets,
etc., but you just won't be able to get automated reports. This means that
you will have to go to the CSPM box and physically go through the IDS viewer
and look at all violations. This could take hours based on how the IDS is
setup to monitor.
On the bright side there is a new version of CSPM (v3 I think), which is
again "on the roadmap". This version is suppose to merge all of the
functionality of 2.3(i) and (f) into a single platform. When this happens
CSPM will actually be able to perform what Cisco has been marketing.
Anyway....I'll get off my soapbox now! I hope that this provided some
useful information to someone! I hope everyone has a great day, even though
it's raining in KC!!
Eric McMasters
-----Original Message-----
From: Jason Roysdon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 05, 2001 10:08 PM
To: [EMAIL PROTECTED]
Subject: Re: Free CSIDS v2 BETA [7:6800]
The title of the test is "Intrusion Detection System with Policy Manager" so
I would assume: CSPM(i) and/or UNIX Director managing IDS Sensors (plus the
new Catalyst 6000 IDS blade). Basically, the IDS line.
Having taken it today, I can say those were in fact the topics. Very, very
hard test. I feel I know the CSPM(f & i) and IDS Sensor portion fairly well
(having spent the last two weeks labbing it at home, and Thursday and Friday
on an actual customer install), and scored only marginally on those sections
due to the detail in some areas (usually I could narrow it to 2 answers). A
lot of it I could do better on if I had more items memorized (directory path
info, etc.).
Having never touched, nor seen documentation on the UNIX Director, I could
only guess on those questions. HP OpenView is used by this product as well.
(I'll be researching both topics so I can pass the CSIDS v1 test for my
company' Advanced Security Specialization Certification, which only requires
me to pass this test to go from our current Security Specialization
Certification). If I didn't know better, I'd say the UNIX Director line was
getting phased out just looking on Cisco's IDS section (it's not linked nor
mentioned, but you can find it with a "UNIX Director" search).
I have documentation/hands-on lab material for the Catalyst 6000 "minime"
blade, but never read through it. Can you believe it runs on NT4? That's
about the only detail I recall (you never touch the GUI interface, all CLI).
I used this test as a minor prep for the CSIDS v1 test and had no time to
prepare for it (I was 20 minutes late to the test as is). My guess is that
this test will replace the CSIDS v1 test (which as been around for some
time, but previously wasn't a requirement for the Security Specialist Cert).
184 questions, 3.5 hours. I was done in 1.5 hours and I went slow and
steady and made comments on the items I knew and had info to add/disagree
on. 12 weeks from the test close date (June 15th) to find out if I passed
(I doubt it).
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Shahid Muhammad Shafi wrote:
>
> any idea about the objectives and contenets
>
>
> --- Jason Roysdon wrote:
> > I'm not sure if I already mentioned it, but Cisco is
> > holding a free Beta
> > exam for the CSIDS v2 (w/ IDS CSPM):
> >
> > Take the CSIDS 2.0 Beta Exam for FREE!
> >
> > For a short time, the beta exam for IDSPM (Intrusion
> > Detection System with
> > Policy Manager) will be available to take at no
> > charge. This test is based
> > on the newest version of CSIDS (2.0) and is one of
> > the exams for Cisco
> > Security Specialist 1 certification. The beta exam
> > number is 9E1-572. The
> > test will be available from June 1 through June 15,
> > 2001.You can register
> > for this beta exam beginning on June 1, 2001. This
> > exam is open to everyone,
> > so please share this wonderful opportunity within
> > your organizations.
> >
> > How to Register - Starting June 1, register for the
> > exam on-line through
> > Prometric (http://www.2test.com) or Vue
> > (http://www.vue.com) referencing
> > beta exam name: IDSPM (Intrusion Detection System
> > with Policy Manager) or
> > exam number: 9E1-572.
> [EMAIL PROTECTED]
>
>
> =====
> Shahid Muhammad Shafi
> MSc Telecommunications Candidate
> University of Colorado Boulder
> BSEE(GIKI),MCSE+I,CNA,CCNA,CCNP
>
> Please help feed hungry people worldwide
> http://www.hungersite.com/
> A small thing each of us can do to help others less fortunate
> than ourselves
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7334&t=6800
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
