Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ids > 03 > 070938.html (Request Expert securityfocus.com Support)

RE: Cisco Catalyst IDS comments

From: Fitton, Robert (Bob) <Rfitton(at)laborready.com>
Date: Wed Jul 09 2003 - 12:17:44 EDT


I would avoid the IDSM1; it worked for us, but it was very frustrating to watch Cisco put out regular updates for the appliances, and very infrequent updates for the IDSM itself (which also did not capture packets). I can't speak for the IDSM2, but the IDSM did NOT automatically watch the whole backplane: you had to use SPAN or security VACLs to designate the desired traffic to watch. We switched to their appliances when they became trunk-capable; we use the same SPAN/VACLs to copy traffic to the trunked appliances.

I would hope that the IDSM2 will be an improvement; we liked the concept, but not the initial implementation.

Bob Fitton
Network Specialist
Labor Ready Inc.
Tacoma WA

-----Original Message-----
From: Carles Fragoso i Mariscal [mailto:cfragoso@cesca.es] Sent: Tue 7/8/2003 2:51 PM
To: focus-ids@securityfocus.com
Cc:
Subject: Cisco Catalyst IDS comments

Hi,

I would appreciate any comments regarding IDSM1 and IDSM2 blade-modules for the Cisco Catalyst 6500 Series.

I found detailed comparison among them at Cisco website (max bandwidth, signature tuning, log mechanism,...): http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/

IDSM2 seems to be quite more powerful than IDSM1 and looks more stable because of it is Linux Based instead of Windows NT.

Do you need help?X

I would like to know if any of you has played with them and could give me its 'practical' opinion. Constructive/destructive comments are welcomed! ;)

At first sight, it seems flexible and powerful to deal with the switch backplane. Any known disadvantage of blade cards in front of 'appliances/black boxes'?

Thanks in advance for your help, 

         __
        / /           Carlos Fragoso Mariscal
  C E / S / C A   Communications & Operations Dept.
      /_/              

         Supercomputing Center of Catalonia
        CATalonian Neutral Internet eXchange
        Tlf: +34932056464  Fax: +34932056979

____________________________________________________




-------------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, and distributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.

Received on Fri Jul 11 13:00:19 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:16 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library