Is the sensor any good without the director? [Why doesn't Cisco just sell a director appliance. it says on the software that the Director needs either HP-UX or Solaris (two OS's that we don't use).] What is the best thing to do in terms of the director and managing the IDS sensors? Are we really going to need to budget a server to get the IDS in place?
- The sensor is useless without an IDS manager. First of all, you telnet or use the monitor/ keyboard ports to configure IDS sensor communication parametres so the IDS sensor can communicate with the IDS manager. Then you use IDS manager to configure IDS sensor to monitor network traffic, detect attacks, generate alarms, block IPs, and whatever it is supposed to do. But without IDS manager, you can do nothing. - There's a Windows version of IDS manager. CSPM, Cisco Secure Policy Manager, it runs on Win NT. There are some function differences between CSPM and IDS Director (UNIX based), but the main function is the same: configre IDS sensor to work. The sensors look like a rack mount server - complete with floppy, CD-ROM and expansion slots. Do you really need to hook up anything other than power and ethernet? Do you manage them like any other Cisco device through Telnet, or do you control them with the director? - Normally you don't need the floppy, CD-ROM... on IDS sensor, I think they are there because it is a PC with Cisco software. You might need the monitor and keyboard for your first time configuration: configure an IP for furture communication. Then, you can telnet to the sensor. - I have a question here. Could somebody tell me what command I can use to shut down the IDS sensor safely before I power off it? Thanks. Hope this helps your start-up. Fei. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
