Cisco Secure Intrusion Detection Systems

Implement an around-the-clock network surveillance system with an authorized self-study guide Organizations continue to deploy firewalls as their central gatekeepers to prevent unauthorized users from entering their networks. However, network security is in many ways similar to physical security in that no one technology serves all needs-rather, a layered defense provides the best results. Organizations are increasingly looking to additional security technologies to counter risk and vulnerability that firewalls alone cannot address. Network-based intrusion detection systems (IDSs) provide around-the-clock network surveillance. The Cisco Secure Intrusion Detection System (CSIDS) is a real-time, network-based IDS designed to detect, report, and terminate unauthorized activity throughout a network. Based on the official instructor-led training course of the same name, Cisco Secure Intrusion Detection System provides a clear explanation of why network security is crucial in today's converged networking environment, how CSIDS improves the security on a network, and how to install and configure CSIDS. Following the course outline and enhanced with real-world case studies, this book is divided into seven parts: In Part I, you are exposed to how networks are attacked, along with ways to secure networks. This leads into Part II, which provides an explanation of the components of CSIDS and how they fit into a secure network design. The installation of CSIDS is examined in Part III. Part IV discusses the management of alarms. Normal traffic generates many alarms, both from actual attacks as well as false positives. Without proper management, this flood of alarms can render the IDS ineffective. Part IV also explains how the various types of alarm signatures are classified, along with the severity levels that can be associated with an alarm signature. Part V analyzes the configuration of the major features of CSIDS. This information allows you to configure your CSIDS in an efficient manner, thus providing the best security for the network. Part VI looks at the configuration of the Cisco Secure Intrusion Detection Director (CSIDD) platform, as well as the Cisco IOS(r) Firewall IDS. This book concludes with Part VII on upcoming features and enhancements planned for the CSIDS. Whether you are preparing for the Cisco Security Specialist 1 certification or simply want to understand and make the most efficient use of intrusion detection systems, Cisco Secure Intrusion Detection System provides you with a complete solution for designing, implementing, and managing CSIDS networks. Official study materials for the Cisco Security Specialist 1 IDSPM exam Provides a comprehensive reference for the design, deployment, and management of the Cisco Secure Intrusion Detection System Understand the basic concepts of network security and the Cisco Security Wheel Learn about the concept of intrusion detection, the philosophy behind various IDSs, and the major components of the CSIDS Evaluate CSIDS Sensor deployment by using both 4200 Series Sensors and Catalyst 6000 IDS modules to determine where to place sensors in your network Install and configure CSPM as a Director platform to manage your CSIDS Sensors and analyze alarm information Examine the multitude of signatures supported by CSIDS and understand how to effectively manage CSIDS alarms Configure the major features of CSIDS, including IP blocking, sensor configuration, and signature filtering Install and configure the Cisco Secure ID Director platform, the configuration management utility, and the Cisco IOS Firewall IDS Examine feature updates and performance enhancements planned for the Cisco Secure IDS product line Earl Carter is a Security Research Engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems, Inc.(r), wheCarter, Earl is the author of 'Cisco Secure Intrusion Detection Systems' with ISBN 9781587050343 and ISBN 158705034X.