Foundation Summary

The "Foundation Summary" is a condensed collection of material for a convenient review of this chapter's key concepts. If you are already comfortable with the topics in this chapter and decided to skip most of the "Foundation Topics" material, the "Foundation Summary" will help you recall a few details. If you just read the "Foundation Topics" section, this review should help further solidify some key facts. If you are doing your final preparation before the exam, the "Foundation Summary" offers a convenient and quick final review.

The following list summarizes the features of Cisco Secure for NT Windows:

■ Supports centralization of AAA access for all users, including routers and firewalls.

■ Can support a number of network access servers and is limited purely by load. The practical limit for a single Cisco Secure ACS authenticating against all its databases, internal and external, is 300,000 to 500,000 users.

■ Can manage Telnet access to routers and switches.

■ Supports many different Cisco platforms, including access servers and routers.

Table 5-2 Cisco Secure IDS Components



Cisco Secure IDS Sensor

High-speed device that analyzes the contents of data being transported across a network and determines whether that traffic is authorized or unauthorized. Unauthorized traffic includes ping requests from intruders.

Cisco IDS Device Manager

Provides real-time response to intruders in the network by blocking access to the network and terminating any active data sessions. The IDM collects the real-time information from the sensor.

The following summarizes the Cisco VPN/Security Management Solution (VMS) capabilities:

■ Manage firewalls

■ Manage network-based IDSs

■ Manage host-based IPSs

■ Monitor security

Table 5-3 IDS Terminology



False positive (benign trigger)

Occurs when the IDS reports certain benign activity as malicious, requiring human intervention to diagnose the event.

False negative

Can occur when the IDS sensor does not detect and report a malicious activity, but the system allows it to pass as nonintrusive behavior. This can be catastrophic for network operation and therefore minimizing false negatives is the highest priority.

True positive

The opposite of a false negative. In this case, an alarm has been correctly sent in response to malicious activity. These alarms cause the most concern for a network administrator.

True negative

Not an actual alarm but rather a situation in which the IDS in place does not trigger an alarm for activity permitted within a network.

Table 5-4 IDS Tuning




Identify potential locations for sensors


Apply an initial configuration


Monitor the sensor while tuning


Analyze alarms, tune out false positives, and implement signature tuning (if needed)


Selectively implement response actions


Update sensors with new signatures

0 0

Post a comment