Deployment is a rapid affair thanks to Cisco?s Policy Manager software. This stores policy information on a local machine and distributes settings when changed. This means expansion of the network or hardware replacements are simple to manage.
As this can be overkill in a smaller network Cisco has developed a web interface for three sensors or less.
Inside the policy manager are the sensor options. Each has settings that govern the way it works, including the networks it monitors and whether to reassemble IP fragments or not ? worth doing, as crackers often fragment attacks to avoid IDS.
Next, a signature library has to be associated. This library defines which attacks should be looked for and the action to take when they?re found. Each signature can be manually modified with options including resetting or blocking the attack, and changing the priority level.
Attack reporting can be seen in the Event Viewer application. For the most part, it only generated one message per attack and at no point were we flooded with hundreds of alerts.
This can be further fine-tuned with the help of signature debug mode. This mode reports the number of packets that caused the event to trigger. In a production environment false negatives can be tuned out by upping the set value. Signatures can also be altered to only fire once in a given time period. This prevents the console being flooded in the event of an attack.
You can even write your own pattern-matching signature files which helps if you want to block a new attack or virus before the appropriate signature is released.
Our testing showed the system to be fast and accurate in its detection. We noticed the engine is better working with generic network attacks, and tends to miss out on backdoor and Trojan detection.
Product Details
Installation: 4/5
Management: 5/5
Features: 4/5
Performance: 4/5
Value: 4/5
Overall: 4/5
Price From £5,000
Contact Cisco 020 8884 1000
www.cisco.com
No comments:
Post a Comment