RE: Free CSIDS v2 BETA [7:6800]
During the class I took, which had one of the lead design engineers for the CSPM team teaching it, we were informed that IDS and Firewall versions were going to continue to be two different products and would not meet anytime soon. We shall see. v3 with Win2k support has been on the road map for some time. Again, we shall see ;-) Regarding the material I have, it was for an internal/partner training program they had. I couldn't get powerpoint copies of the material, but you might contact your CAM and see if they're running the training still. Usually this sort of thing does the rounds once, and then goes to one of their third-party partners. CSPM 2.3 doesn't support PIX beyond 5.2(1), and won't let you manage anything beyond that, which really blows in light of PIX OS 6. You're right that everything has to be managed from CSPM, so if you've got ACLs, etc., on your routers, you're going to have to learn to use the prolog and epilog sections to keep them. The product is just lagging behind where the actual PEP software developement is at, which to me, makes it less than useful on a large scale. On a small scale, I'd say, What's the point as it just seems to add more complications than it solves. Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ McMasters, Eric wrote: Jason, Thanks for the info on the exam. I'm scheduled to take it on the 21st. I just wanted to shed some light on the CPSM/IDS products. The IDS Director software from what I could find was the original software that NetRanger used. It would plug in with HPOV, but Cisco is phasing the Director software out and moving everything to the good ole' Policy Manager platform. As it stands right now CSPM will only run on NT, but according to Cisco a version for W2k is on the roadmap. If I had to guess the Director software portion of the exam will be minimal, since they are moving away from that platform. I don't have any exp. installing the 6k blade, so that will all be new to me as well. Where did you get this info, and could you post a link if possible? I just finished an install w/CSPM and IDS, and all I have to say is that they are a long way from having a centralized management platform that will take care of their entire Cisco Secure product line, which is what they are marketing. I spoke with some people at Cisco and the CSPM development team is separated into two groups, one for IDS and one for firewalls. That is where the CSPM 2.3(i) and (f) come into play. If you install 2.3(i) you get all of the cool IDS reporting features, which is what anyone that installed an IDS wants. The draw back is that CSPM won't automatically detect firewall configs, which sucks if you already have firewalls deployed. This also means that you have to make all configuration/IOS changes through CSPM, and the last thing is that CSPM doesn't support any PIX IOS above 5.3! If you install 2.3(f) you get all of the new firewall functionality, where it will go out and detect existing firewall configurations etc., and it does support newer IOS versions. You still can manage all of your firewall configurations/IOS upgrades through CSPM, but if you need to make a change via CLI you can and then just force CSPM to update itself with these new changes. Draw back...you lose all of your IDS reporting functionality. You can still setup an IDS and have it doing all of your shunning, tcp resets, etc., but you just won't be able to get automated reports. This means that you will have to go to the CSPM box and physically go through the IDS viewer and look at all violations. This could take hours based on how the IDS is setup to monitor. On the bright side there is a new version of CSPM (v3 I think), which is again on the roadmap. This version is suppose to merge all of the functionality of 2.3(i) and (f) into a single platform. When this happens CSPM will actually be able to perform what Cisco has been marketing. AnywayI'll get off my soapbox now! I hope that this provided some useful information to someone! I hope everyone has a great day, even though it's raining in KC!! Eric McMasters -Original Message- From: Jason Roysdon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 10:08 PM To: [EMAIL PROTECTED] Subject: Re: Free CSIDS v2 BETA [7:6800] The title of the test is Intrusion Detection System with Policy Manager so I would assume: CSPM(i) and/or UNIX Director managing IDS Sensors (plus the new Catalyst 6000 IDS blade). Basically, the IDS line. Having taken it today, I can say those were in fact the topics. Very, very hard test. I feel I know the CSPM(f i) and IDS Sensor portion fairly well (having spent the last two weeks labbing it at home, and Thursday and Friday on an actual customer install), and scored only marginally
RE: Free CSIDS v2 BETA [7:6800]
Jason, Thanks for the info on the exam. I'm scheduled to take it on the 21st. I just wanted to shed some light on the CPSM/IDS products. The IDS Director software from what I could find was the original software that NetRanger used. It would plug in with HPOV, but Cisco is phasing the Director software out and moving everything to the good ole' Policy Manager platform. As it stands right now CSPM will only run on NT, but according to Cisco a version for W2k is on the roadmap. If I had to guess the Director software portion of the exam will be minimal, since they are moving away from that platform. I don't have any exp. installing the 6k blade, so that will all be new to me as well. Where did you get this info, and could you post a link if possible? I just finished an install w/CSPM and IDS, and all I have to say is that they are a long way from having a centralized management platform that will take care of their entire Cisco Secure product line, which is what they are marketing. I spoke with some people at Cisco and the CSPM development team is separated into two groups, one for IDS and one for firewalls. That is where the CSPM 2.3(i) and (f) come into play. If you install 2.3(i) you get all of the cool IDS reporting features, which is what anyone that installed an IDS wants. The draw back is that CSPM won't automatically detect firewall configs, which sucks if you already have firewalls deployed. This also means that you have to make all configuration/IOS changes through CSPM, and the last thing is that CSPM doesn't support any PIX IOS above 5.3! If you install 2.3(f) you get all of the new firewall functionality, where it will go out and detect existing firewall configurations etc., and it does support newer IOS versions. You still can manage all of your firewall configurations/IOS upgrades through CSPM, but if you need to make a change via CLI you can and then just force CSPM to update itself with these new changes. Draw back...you lose all of your IDS reporting functionality. You can still setup an IDS and have it doing all of your shunning, tcp resets, etc., but you just won't be able to get automated reports. This means that you will have to go to the CSPM box and physically go through the IDS viewer and look at all violations. This could take hours based on how the IDS is setup to monitor. On the bright side there is a new version of CSPM (v3 I think), which is again on the roadmap. This version is suppose to merge all of the functionality of 2.3(i) and (f) into a single platform. When this happens CSPM will actually be able to perform what Cisco has been marketing. AnywayI'll get off my soapbox now! I hope that this provided some useful information to someone! I hope everyone has a great day, even though it's raining in KC!! Eric McMasters -Original Message- From: Jason Roysdon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 10:08 PM To: [EMAIL PROTECTED] Subject: Re: Free CSIDS v2 BETA [7:6800] The title of the test is Intrusion Detection System with Policy Manager so I would assume: CSPM(i) and/or UNIX Director managing IDS Sensors (plus the new Catalyst 6000 IDS blade). Basically, the IDS line. Having taken it today, I can say those were in fact the topics. Very, very hard test. I feel I know the CSPM(f i) and IDS Sensor portion fairly well (having spent the last two weeks labbing it at home, and Thursday and Friday on an actual customer install), and scored only marginally on those sections due to the detail in some areas (usually I could narrow it to 2 answers). A lot of it I could do better on if I had more items memorized (directory path info, etc.). Having never touched, nor seen documentation on the UNIX Director, I could only guess on those questions. HP OpenView is used by this product as well. (I'll be researching both topics so I can pass the CSIDS v1 test for my company' Advanced Security Specialization Certification, which only requires me to pass this test to go from our current Security Specialization Certification). If I didn't know better, I'd say the UNIX Director line was getting phased out just looking on Cisco's IDS section (it's not linked nor mentioned, but you can find it with a UNIX Director search). I have documentation/hands-on lab material for the Catalyst 6000 minime blade, but never read through it. Can you believe it runs on NT4? That's about the only detail I recall (you never touch the GUI interface, all CLI). I used this test as a minor prep for the CSIDS v1 test and had no time to prepare for it (I was 20 minutes late to the test as is). My guess is that this test will replace the CSIDS v1 test (which as been around for some time, but previously wasn't a requirement for the Security Specialist Cert). 184 questions, 3.5 hours. I was done in 1.5 hours and I went slow and steady and made comments on the items I knew and had info to add/disagree on. 12 weeks from the test close date (June
Re: Free CSIDS v2 BETA [7:6800]
The title of the test is Intrusion Detection System with Policy Manager so I would assume: CSPM(i) and/or UNIX Director managing IDS Sensors (plus the new Catalyst 6000 IDS blade). Basically, the IDS line. Having taken it today, I can say those were in fact the topics. Very, very hard test. I feel I know the CSPM(f i) and IDS Sensor portion fairly well (having spent the last two weeks labbing it at home, and Thursday and Friday on an actual customer install), and scored only marginally on those sections due to the detail in some areas (usually I could narrow it to 2 answers). A lot of it I could do better on if I had more items memorized (directory path info, etc.). Having never touched, nor seen documentation on the UNIX Director, I could only guess on those questions. HP OpenView is used by this product as well. (I'll be researching both topics so I can pass the CSIDS v1 test for my company' Advanced Security Specialization Certification, which only requires me to pass this test to go from our current Security Specialization Certification). If I didn't know better, I'd say the UNIX Director line was getting phased out just looking on Cisco's IDS section (it's not linked nor mentioned, but you can find it with a UNIX Director search). I have documentation/hands-on lab material for the Catalyst 6000 minime blade, but never read through it. Can you believe it runs on NT4? That's about the only detail I recall (you never touch the GUI interface, all CLI). I used this test as a minor prep for the CSIDS v1 test and had no time to prepare for it (I was 20 minutes late to the test as is). My guess is that this test will replace the CSIDS v1 test (which as been around for some time, but previously wasn't a requirement for the Security Specialist Cert). 184 questions, 3.5 hours. I was done in 1.5 hours and I went slow and steady and made comments on the items I knew and had info to add/disagree on. 12 weeks from the test close date (June 15th) to find out if I passed (I doubt it). Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Shahid Muhammad Shafi wrote: any idea about the objectives and contenets --- Jason Roysdon wrote: I'm not sure if I already mentioned it, but Cisco is holding a free Beta exam for the CSIDS v2 (w/ IDS CSPM): Take the CSIDS 2.0 Beta Exam for FREE! For a short time, the beta exam for IDSPM (Intrusion Detection System with Policy Manager) will be available to take at no charge. This test is based on the newest version of CSIDS (2.0) and is one of the exams for Cisco Security Specialist 1 certification. The beta exam number is 9E1-572. The test will be available from June 1 through June 15, 2001.You can register for this beta exam beginning on June 1, 2001. This exam is open to everyone, so please share this wonderful opportunity within your organizations. How to Register - Starting June 1, register for the exam on-line through Prometric (http://www.2test.com) or Vue (http://www.vue.com) referencing beta exam name: IDSPM (Intrusion Detection System with Policy Manager) or exam number: 9E1-572. [EMAIL PROTECTED] = Shahid Muhammad Shafi MSc Telecommunications Candidate University of Colorado Boulder BSEE(GIKI),MCSE+I,CNA,CCNA,CCNP Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7282t=6800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free CSIDS v2 BETA [7:6800]
Hi! I think this is the beginning for Cisco Security Specialist 2... but I haven't finished Cisco Security Specialist 1 yet... :) god, these exams are changing faster than registering and passing lasts... :( cU, Laszlo Csosza - Original Message - From: Jason Roysdon Newsgroups: groupstudy.cisco Sent: Friday, June 01, 2001 8:11 PM Subject: Free CSIDS v2 BETA [7:6800] I'm not sure if I already mentioned it, but Cisco is holding a free Beta exam for the CSIDS v2 (w/ IDS CSPM): Take the CSIDS 2.0 Beta Exam for FREE! For a short time, the beta exam for IDSPM (Intrusion Detection System with Policy Manager) will be available to take at no charge. This test is based on the newest version of CSIDS (2.0) and is one of the exams for Cisco Security Specialist 1 certification. The beta exam number is 9E1-572. The test will be available from June 1 through June 15, 2001.You can register for this beta exam beginning on June 1, 2001. This exam is open to everyone, so please share this wonderful opportunity within your organizations. How to Register - Starting June 1, register for the exam on-line through Prometric (http://www.2test.com) or Vue (http://www.vue.com) referencing beta exam name: IDSPM (Intrusion Detection System with Policy Manager) or exam number: 9E1-572. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6828t=6800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free CSIDS v2 BETA [7:6800]
any idea about the objectives and contenets --- Jason Roysdon wrote: I'm not sure if I already mentioned it, but Cisco is holding a free Beta exam for the CSIDS v2 (w/ IDS CSPM): Take the CSIDS 2.0 Beta Exam for FREE! For a short time, the beta exam for IDSPM (Intrusion Detection System with Policy Manager) will be available to take at no charge. This test is based on the newest version of CSIDS (2.0) and is one of the exams for Cisco Security Specialist 1 certification. The beta exam number is 9E1-572. The test will be available from June 1 through June 15, 2001.You can register for this beta exam beginning on June 1, 2001. This exam is open to everyone, so please share this wonderful opportunity within your organizations. How to Register - Starting June 1, register for the exam on-line through Prometric (http://www.2test.com) or Vue (http://www.vue.com) referencing beta exam name: IDSPM (Intrusion Detection System with Policy Manager) or exam number: 9E1-572. [EMAIL PROTECTED] = Shahid Muhammad Shafi MSc Telecommunications Candidate University of Colorado Boulder BSEE(GIKI),MCSE+I,CNA,CCNA,CCNP Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6831t=6800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free CSIDS v2 BETA [7:6800]
Hi! I have one info only... exam time: 210 minutes... -- cU, Laszlo Csosza Shahid Muhammad Shafi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... any idea about the objectives and contenets --- Jason Roysdon wrote: I'm not sure if I already mentioned it, but Cisco is holding a free Beta exam for the CSIDS v2 (w/ IDS CSPM): Take the CSIDS 2.0 Beta Exam for FREE! For a short time, the beta exam for IDSPM (Intrusion Detection System with Policy Manager) will be available to take at no charge. This test is based on the newest version of CSIDS (2.0) and is one of the exams for Cisco Security Specialist 1 certification. The beta exam number is 9E1-572. The test will be available from June 1 through June 15, 2001.You can register for this beta exam beginning on June 1, 2001. This exam is open to everyone, so please share this wonderful opportunity within your organizations. How to Register - Starting June 1, register for the exam on-line through Prometric (http://www.2test.com) or Vue (http://www.vue.com) referencing beta exam name: IDSPM (Intrusion Detection System with Policy Manager) or exam number: 9E1-572. [EMAIL PROTECTED] = Shahid Muhammad Shafi MSc Telecommunications Candidate University of Colorado Boulder BSEE(GIKI),MCSE+I,CNA,CCNA,CCNP Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6833t=6800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
