The Cisco Intrusion Detection System (IDS) provides an in-depth, self-healing mechanism to provide network administrators a defense against attacks from inside and outside the network. The Cisco definition of a self-healing network is a network that is intelligent enough to stop unwanted traffic and correct any security vulnerabilities before they occur.
Beginning with Cisco IDS 4.0, the network IDS sensors use the Remote Data Exchange Protocol (RDEP) for communication. With RDEP, the network operator can subscribe to specific IDS event types and better control which events are received or ignored.
The sensor software was re-architected in Cisco IDS 4.0. All of the pre-4.0 software applications, such as nr.postoffice, nrConfigure, nr.packetd, and nr.managed, have been replaced with 4.0 software applications. Postoffice protocol has been replaced with RDEP, which uses the HTTP/ HTTPs protocol to communicate with XML documents between the sensor and external systems.
Sensor configuration, control, log, and event information are communicated and stored in XML documents. Version 4.0 provides an open interface that is accessible by clients that can communicate over HTTP/HTTPs and process XML documents.
So, in summary, RDEP allows IDS sensors to communicate with external systems. RDEP uses HTTP and SSL to pass XML documents over an encrypted session, between the sensor and the external system. XML files located on the IDS sensors can control the configuration and operation of the sensor.
NOTE Although RDEP is listed as a blueprint item, RDEP is a propriety protocol, and you can expect the exam to test you only lightly on this protocol. RDEP is a subset of the HTTP/1.1 protocol and uses a client request/server response model; it replaces the old IDS Postoffice protocol. The IDS sensor is the RDEP server, and management stations are the clients.
Was this article helpful?