Chapter 11
Enterprise IDS Management

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-1


Objectives

Upon completion of this chapter, you will be
able to perform the following tasks:
• Define features and key concepts of the IDS MC.
• Describe the IDS MC Architecture.
• Install the IDS MC.
• Understand the IDS MC deployment.

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-2


Introduction

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-3


What is the IDS MC?

The IDS MC is a web-based application that
centralizes and accelerates the deployment and
management of multiple IDS Sensors or IDSMs.
SSH
SSL
PC

Sensor

SSH
SSL
IDS MC

Laptop

© 2003, Cisco Systems, Inc. All rights reserved.

SSH

Sensor

Sensor

CSIDS 4.0—11-4


IDS MC Features
Features of the IDS MC Sensor are as follows:
• Web-based management platform
• Enterprise management of IDS devices

– IDS appliance running version 3.0(1) S4 or higher
– IDSM running version 3.0(5) S23 or later
– Up to 300 Sensors
• Provides the ability to create Sensor groups
• Provides a mechanism to require approval of
configurations
• Provides the ability to import Sensor configurations
• Pushes signature and service pack updates to the IDS
devices
© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-5


Windows Installation

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-6


Server Requirements—Windows
• Hardware
– IBM PC-compatible computer, 1 GHz Pentium CPU or faster
– Color monitor with video card capable of viewing 16-bit of color
– CD-ROM drive
– 100 Mbps network connection or faster
• Memory
– 1 GB of RAM minimum
– 2 GB of virtual memory minimum

• Hard drive space
– 12 GB of free space minimum
– NTFS
• Software
– Windows 2000 Server or Professional with Service Pack 3
– Microsoft ODBC Driver Manager 3.510 or later

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-7


Client Access Requirements—Windows
• Hardware—IBM PC-compatible computer, 300 MHz or faster
• Memory
– 256 MB of RAM minimum
– 400 MB virtual memory
• Operating system
– Windows 98
– Windows NT 4.0
– Windows 2000 Professional with Service Pack 2 or 3
– Windows 2000 Server with Service Pack 2 or 3
– Windows 2000 Advanced Server
– Windows XP Professional
• Browser
– Internet Explorer 5.5 with Service Pack 2
– Internet Explorer 6.0
– Netscape Navigator 4.76

© 2003, Cisco Systems, Inc. All rights reserved.


CSIDS 4.0—11-8


Installation Overview

• CiscoWorks Common Services are required for
the IDS MC.
• CiscoWorks Common Services provide the
CiscoWorks Server-based components software
libraries, and software packages developed for
the IDS MC.

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-9


Installation Process

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-10


Installation Process (cont.)

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-11



Installation Process (cont.)

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-12


Upgrade Process

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-13


Solaris Installation

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-14


Server Requirements—Solaris

• Hardware
– UltraSPARC II, IIi, or IIe chipsets
– UltraSPARC III or IIIc chipsets
• Memory—1 GB of RAM minimum
• System Software—Solaris 2.7 or Solaris 2.8


© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-15


Client Access Requirements—Solaris

• Hardware—Solaris SPARCstation or Sun Ultra
10 with a 333 MHz processor with one of the
following operating systems:
– Solaris 2.7
– Solaris 2.8
• Memory—1 GB of RAM minimum
• Browser—Netscape Navigator 4.79

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-16


Installation Overview

• CiscoWorks Common Services are required for
the IDS MC.
• CiscoWorks Common Services provide the
CiscoWorks Server-based components software
libraries, and software packages developed for
the IDS MC.


© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-17


Installation Process
SETUPDIR=/cdrom/idsmc1.02002-11-14
======================================================================
Started : Wed Dec 11 17:01:19 CST 2002
======================================================================
===============- Software Install Tool Started. -=====================
===- Welcome to the IDS Management Center and Security Monitor 1.0 Setup program.
======================================================================
INFO: This server architecture is 32-bit compatible.
INFO: /tmp directory has 777 permissions.
INFO: /etc/hosts is readable by all.
INFO: OS major is 5 and OS minor is 8
INFO: OS major or minor patch version not set.
INFO: Checking group entry casusers.....
INFO: Group created for installable packages is casusers.
INFO: Checking user entry casuser.....
INFO: casuser for installable packages exists.
INFO: No user added to the system.
INFO: Warning - No PRMOPT_INSTALL_TYPE section in TOC-file.
INFO: Warning - No installation default mode set.
© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-18



Installation Process (cont.)
1) IDS Management Center
2) Security Monitor
3) All of the Above (IDS Management Center + Security Monitor)
Select one of the items using its number or enter q to quit [q] 1
INFO: You entered 1 as the option
Loading properties from info files, working...
Making a list of dependencies, working...
Making a list of dependencies for CSCOids, working...
Making a list of dependencies for CSCOnsdb, working...
Making a list of dependencies for CSCOossh, working...
Making a list of dependencies, working...
INFO: performing prerequisite: /cdrom/idsmc1.02002-11-14/info/idscom/prerequisite
INFO: performing prerequisite: CSCOids: /cdrom/idsmc1.02002-11-14/packages/CSCOids/
Enter IDS MC/Security Monitor Database Password:
Confirm Password :
INFO: Password Encryption is Successful.
Enter IDS MC/Security Monitor Database Location : [/opt/CSCOpx/MDC/Sybase/Db/IDS]
Entered value is /opt/CSCOpx/MDC/Sybase/Db/IDS
Creating file /tmp/cscotmp/idsinstall.properties....
.
.
.
© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-19


Installation Process (cont.)


======================================================================
Finished: Wed Dec 11 17:13:19 CST 2002
======================================================================
===============- Software Install Tool Completed.

-=====================

======================================================================

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-20


Architecture

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-21


IDS MC Architecture Overview

SSH

IDS device

HTTP/HTTPS
User


© 2003, Cisco Systems, Inc. All rights reserved.

IDS MC
Data Store

CiscoWorks Common Services

CSIDS 4.0—11-22


IDS MC Directories

IDS MC home
directory

\Apache

\Sybase

\Tomcat

\Etc\ids

\updates

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-23



IDS MC Processes
The IDS MC is composed of the following
processes:
•
•
•
•
•
•
•

IDS_Analyzer
IDS_Backup
IDS_DbAdminAnalyzer
IDS_DeployDaemon
IDS_Notifier
IDS_Receiver
IDS_ReportScheduler

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-24


Getting Started

© 2003, Cisco Systems, Inc. All rights reserved.

CSIDS 4.0—11-25