Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco's NIDS Solution Grows Up

We deployed both the 4250 sensor and the beta of the new VMS 2.1 console in our Neohapsis partner lab in Chicago. A Cisco engineer helped us get the 4250 feeding data into the system. The 4250, a beefed-up sensor with a gigabit interface and hefty hardware (dual Intel Pentium III 1.2-GHz processors), can receive data in multiple formats, including Cisco POP and standard syslog. With a few configuration changes on the sensor and from the VMS interface, we were able to get everything communicating.

VMS reinstates one of our favorite event viewers, which took a brief hiatus with the release of the Cisco IEV (IDS Event Viewer). The VMS event viewer lets you dynamically sort IDS alert data based on just about any field type--source/destination IP address, alert type, reporting sensor--which makes it easy to slice and dice attack data. Although the functionality existed in earlier revisions of the Cisco Secure Policy Manager (CSPM), this iteration is completely Java-based. A Win32 interface still offers some advantages, such as right-click pull-down windows, that we missed with VMS.

Good
• IDS event viewer from CSPM was carried over.

• Best central management Cisco has put out.
• Product can aggregate data from multiple device types.

Bad
• User interface is difficult to use and not very intuitive.
• Product appears to have trouble with changes.
• Product cannot correlate data from different device types.

VMS allows for the grouping of sensors and policies, which aids in controlling large deployments. For example, by placing multiple sensors in predefined groups, administrators can push configuration changes out to multiple sensors simultaneously. VMS also tracks policy updates and configuration changes, allowing organizations some accountability regarding proper change control.