Saturday, July 17, 2010

CCNA Security 20

On the IOS, we have the Security Device Manager. For sensors, we have the IDM. IDM Stands for the IPS Device Manager. The IDM is similar to SDM in terms of look and feel.
IDM can be accessed with TLS/SSL/HTTPS. HTTPS is not a protocol itself, it is simply HTTP over SSL/TLS. SSL came out first and is designed for only HTTP, but TLS is a replacement which can be used for HTTP as well as just about any communication methods.

The IDM uses RDEP to configure the sensor. It stands for Remote Data Exchange Protocol. SDEE is a notification method used by the sensor to send event information to management software. SDEE stands for Security Device Event Exchange. XML is a universal way to represent information with tags. Configuration are in XML over SDEE. IDCONF is the DTD applied to XML.

To access the IDM, we simply visit the sensor's IP through the browser using HTTPS. Like the SDM, you have the Configuration and Monitoring tabs. You can manage networking, SSH, certificates, etc. through the Configuration tab. You can even reboot or shutdown the sensor.

In the Monitoring tab, you can see the denied attackers, blocks, logging, events and system information. In the event screen, we can view more detailed information about the event by double-clicking it.

No comments :

Post a Comment