• Explain the functions and features of CIDS

• List all CIDS Sensor platforms and their features

• Classify all CIDS Director platforms and their features

• Understand the function and features of the IDS PostOffice protocol

• Apply the addressing scheme used by the PostOffice protocol

• List and understand the common daemons used with CIDS

• Use common commands to configure and view the configurations of CIDS components

• Understand the architecture of both the sensor and director platforms

• Recognize the directory structure of CIDS

• Understand the type of log files generated by the CIDS infrastructure

Cisco’s IDS (CIDS) is a network-based intrusion detection system that uses signatures to trigger alarms and detect attacks. The Cisco IDS is composed of network probes that provide constant real-time monitoring of the network and the director platform that’s used to display alarms and manage the IDS environment. Communication between the sensors and the director platforms is facilitated by the Cisco proprietary PostOffice protocol. With network probes and the accompanying director platforms, CIDS allows security managers to have real-time views of their network security. As the network grows and changes, probes can be added or moved to provide continual IDS coverage, regardless of network size.

This chapter focuses on the functions and features of the Cisco IDS system. Additionally, this chapter discusses Cisco’s two director platforms, Cisco’s 4200 series network sensors, and the Intrusion Detection System Module (IDSM) for the Catalyst 6500 series switch.