CHAPTER
9-1
Cisco 7600 Series Router Module Guide
OL-9392-05
9
Intrusion Detection System Module
This chapter describes the Intrusion Detection System Module (WS-X6381-IDS).
The Intrusion Detection System Module (IDSM) is part of the Cisco Secure Intrusion Detection System
(Cisco Secure IDS) and is managed by the Cisco Secure Policy Manager (Cisco Secure PM). (See
Figure 9-1.) Cisco Secure PM provides a graphical interface for the management of security across a
distributed network. The Intrusion Detection System Module performs network sensing, which involves
real-time monitoring of network packets: packet capture and analysis.
Note Specific combinations of supervisor engines and modules may not be supported in your chassis. Refer
to the release notes of the software version running on your system for specific information on modules
and supervisor engine combinations that are not supported.
The Intrusion Detection System Module captures network packets, and then reassembles and compares
this data against a set of rules that indicates typical intrusion activity. Network traffic is copied either to
the Intrusion Detection System Module based on security VLAN access control lists (VACLs) in the
switch or is routed to the Intrusion Detection System Module using the switch’s Switched Port Analyzer
(SPAN) port feature. Both methods allow user-specified types of traffic that are based on switch ports,
VLANs, or traffic type to be inspected.
The Intrusion Detection System Module searches for patterns of misuse by examining either the data
portion or the header portion of network packets. Content-based attacks come from the data portion, and
context-based attacks come from the header portion.
When the Intrusion Detection System Module detects an attack, it generates an alarm. Alarms are
generated by the Intrusion Detection System Module through the Cisco 7600 series router backplane to
the Cisco Secure PM, where they are logged or displayed on a graphical user interface. Alarm
communication is handled by the Cisco Secure IDS Communication service protocol, a proprietary
protocol that transmits alarms from the Intrusion Detection System Module to the Cisco Secure PM.
The front panel has a STATUS LED, a hard drive LED, a SHUTDOWN button, and a PCMCIA slot as
shown in
Figure 9-1.
Figure 9-1 Intrusion Detection System Module (WS-X6381-IDS)
NTWK ANALYSIS HDL
HD
SHUTDOWN
For Vendor Use Only
WS-X6380-NAM
STATUS
PCMCIA
SLOT
1
0
EJECT
33089
STATUS LED PCMCIA slot
SHUTDOWN button Hard drive
(HD) LED
To Next Page
Loading...
Need help?
General
