Construction of the Sensor

The sensor is the sniffing component of the Cisco IDS. The sensor contains signatures, which it uses to generate alarms when it sniffs suspicious traffic patterns. Apart from sending the alarm information to the director, the sensor can also log this information to log files located on itself. This way, a sensor can be used as a standalone device as well. However, this is not a very useful setup because the management console's capabilities of displaying the alarms in a user-friendly manner and generating appropriate responses (such as paging) are not used.

Cisco produces the sensor in three distinct flavors:

  • Standalone IDS 4200 series sensors— These are standalone sensors in which a full box is dedicated to the sensor's ...

Get Network Security Principles and Practices now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.