During the class I took, which had one of the lead design engineers for the
CSPM team teaching it, we were informed that IDS and Firewall versions were
going to continue to be two different products and would not meet anytime
soon. We shall see. v3 with Win2k support has been on "the road map" for
some time. Again, we shall see ;-)
Regarding the material I have, it was for an internal/partner training
program they had. I couldn't get powerpoint copies of the material, but you
might contact your CAM and see if they're running the training still.
Usually this sort of thing does the rounds once, and then goes to one of
their third-party partners.
CSPM 2.3 doesn't support PIX beyond 5.2(1), and won't let you manage
anything beyond that, which really blows in light of PIX OS 6. You're right
that everything has to be managed from CSPM, so if you've got ACLs, etc., on
your routers, you're going to have to learn to use the prolog and epilog
sections to keep them.
The product is just lagging behind where the actual PEP software
developement is at, which to me, makes it less than useful on a large
scale. On a small scale, I'd say, "What's the point" as it just seems to
add more complications than it solves.
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
McMasters, Eric wrote:
>
> Jason,
> Thanks for the info on the exam. I'm scheduled to take it on
> the 21st. I
> just wanted to shed some light on the CPSM/IDS products. The
> IDS Director
> software from what I could find was the original software that
> NetRanger
> used. It would plug in with HPOV, but Cisco is phasing the
> Director
> software out and moving everything to the good ole' Policy
> Manager platform.
> As it stands right now CSPM will only run on NT, but according
> to Cisco a
> version for W2k is "on the roadmap". If I had to guess the
> Director
> software portion of the exam will be minimal, since they are
> moving away
> from that platform.
>
> I don't have any exp. installing the 6k blade, so that will all
> be new to me
> as well. Where did you get this info, and could you post a
> link if
> possible?
>
> I just finished an install w/CSPM and IDS, and all I have to
> say is that
> they are a long way from having a centralized management
> platform that will
> take care of their entire Cisco Secure product line, which is
> what they are
> marketing. I spoke with some people at Cisco and the CSPM
> development team
> is separated into two groups, one for IDS and one for
> firewalls. That is
> where the CSPM 2.3(i) and (f) come into play.
>
> If you install 2.3(i) you get all of the cool IDS reporting
> features, which
> is what anyone that installed an IDS wants. The draw back is
> that CSPM
> won't automatically detect firewall configs, which sucks if you
> already have
> firewalls deployed. This also means that you have to make all
> configuration/IOS changes through CSPM, and the last thing is
> that CSPM
> doesn't support any PIX IOS above 5.3!
>
> If you install 2.3(f) you get all of the new firewall
> functionality, where
> it will go out and detect existing firewall configurations
> etc., and it does
> support newer IOS versions. You still can manage all of your
> firewall
> configurations/IOS upgrades through CSPM, but if you need to
> make a change
> via CLI you can and then just force CSPM to update itself with
> these new
> changes. Draw back...you lose all of your IDS reporting
> functionality. You
> can still setup an IDS and have it doing all of your shunning,
> tcp resets,
> etc., but you just won't be able to get automated reports.
> This means that
> you will have to go to the CSPM box and physically go through
> the IDS viewer
> and look at all violations. This could take hours based on how
> the IDS is
> setup to monitor.
>
> On the bright side there is a new version of CSPM (v3 I think),
> which is
> again "on the roadmap". This version is suppose to merge all
> of the
> functionality of 2.3(i) and (f) into a single platform. When
> this happens
> CSPM will actually be able to perform what Cisco has been
> marketing.
>
> Anyway....I'll get off my soapbox now! I hope that this
> provided some
> useful information to someone! I hope everyone has a great
> day, even though
> it's raining in KC!!
>
> Eric McMasters
>
> -----Original Message-----
> From: Jason Roysdon [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 05, 2001 10:08 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Free CSIDS v2 BETA [7:6800]
>
>
> The title of the test is "Intrusion Detection System with
> Policy Manager" so
> I would assume: CSPM(i) and/or UNIX Director managing IDS
> Sensors (plus the
> new Catalyst 6000 IDS blade). Basically, the IDS line.
>
> Having taken it today, I can say those were in fact the
> topics. Very, very
> hard test. I feel I know the CSPM(f & i) and IDS Sensor
> portion fairly well
> (having spent the last two weeks labbing it at home, and
> Thursday and Friday
> on an actual customer install), and scored only marginally on
> those sections
> due to the detail in some areas (usually I could narrow it to 2
> answers). A
> lot of it I could do better on if I had more items memorized
> (directory path
> info, etc.).
>
> Having never touched, nor seen documentation on the UNIX
> Director, I could
> only guess on those questions. HP OpenView is used by this
> product as well.
> (I'll be researching both topics so I can pass the CSIDS v1
> test for my
> company' Advanced Security Specialization Certification, which
> only requires
> me to pass this test to go from our current Security
> Specialization
> Certification). If I didn't know better, I'd say the UNIX
> Director line was
> getting phased out just looking on Cisco's IDS section (it's
> not linked nor
> mentioned, but you can find it with a "UNIX Director" search).
>
> I have documentation/hands-on lab material for the Catalyst
> 6000 "minime"
> blade, but never read through it. Can you believe it runs on
> NT4? That's
> about the only detail I recall (you never touch the GUI
> interface, all CLI).
>
> I used this test as a minor prep for the CSIDS v1 test and had
> no time to
> prepare for it (I was 20 minutes late to the test as is). My
> guess is that
> this test will replace the CSIDS v1 test (which as been around
> for some
> time, but previously wasn't a requirement for the Security
> Specialist Cert).
>
> 184 questions, 3.5 hours. I was done in 1.5 hours and I went
> slow and
> steady and made comments on the items I knew and had info to
> add/disagree
> on. 12 weeks from the test close date (June 15th) to find out
> if I passed
> (I doubt it).
>
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
>
>
> Shahid Muhammad Shafi wrote:
> >
> > any idea about the objectives and contenets
> >
> >
> > --- Jason Roysdon wrote:
> > > I'm not sure if I already mentioned it, but Cisco is
> > > holding a free Beta
> > > exam for the CSIDS v2 (w/ IDS CSPM):
> > >
> > > Take the CSIDS 2.0 Beta Exam for FREE!
> > >
> > > For a short time, the beta exam for IDSPM (Intrusion
> > > Detection System with
> > > Policy Manager) will be available to take at no
> > > charge. This test is based
> > > on the newest version of CSIDS (2.0) and is one of
> > > the exams for Cisco
> > > Security Specialist 1 certification. The beta exam
> > > number is 9E1-572. The
> > > test will be available from June 1 through June 15,
> > > 2001.You can register
> > > for this beta exam beginning on June 1, 2001. This
> > > exam is open to everyone,
> > > so please share this wonderful opportunity within
> > > your organizations.
> > >
> > > How to Register - Starting June 1, register for the
> > > exam on-line through
> > > Prometric (http://www.2test.com) or Vue
> > > (http://www.vue.com) referencing
> > > beta exam name: IDSPM (Intrusion Detection System
> > > with Policy Manager) or
> > > exam number: 9E1-572.
> > [EMAIL PROTECTED]
> >
> >
> > =====
> > Shahid Muhammad Shafi
> > MSc Telecommunications Candidate
> > University of Colorado Boulder
> > BSEE(GIKI),MCSE+I,CNA,CCNA,CCNP
> >
> > Please help feed hungry people worldwide
> > http://www.hungersite.com/
> > A small thing each of us can do to help others less fortunate
> > than ourselves
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7937&t=6800
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
