Cisco Intrusion Prevention System Device Manager (IDM) is another powerful IPS management tool embedded in the Cisco IPS Sensor software.
Cisco IDM is a web-based, Java Web Start application that allows configuring, managing, and monitoring of a standalone Cisco IPS network appliance sensor.
Cisco IDM provides support for integrated IPS features offered by the Cisco IPS sensor appliances.
Note
Cisco IDM is available free of charge and is shipped with IPS sensor code at no additional cost.
Similar to all other management tools discussed earlier, Cisco IDM is also a web-based configuration tool used primarily to manage the Cisco IPS Sensor.
The Cisco IDM has an integrated web server built in to the sensor software, preloaded on the sensor software. Each standalone Cisco IPS appliance has its own dedicated web server that provides access to the Cisco IDM application on the sensor.
To protect the communication between the client and the sensor, the web server uses Transport Layer Security (TLS) to encrypt the traffic to and from the sensor to prevent unauthorized viewing of sensitive management traffic. By default, the web server is configured to use TLS/SSL encryption. This setting can be changed, though, and the default TLS/SSL port number can also be changed.
Cisco IDM can be launched by using any user desktop PC with supported web browsers. However, the sensor needs to be initialized with basic parameters before anyone is able to browse to it using Cisco IDM. The basic IP address, mask, and gateway needs to be configured using the CLI. Alternatively, a built-in wizard configuration setup command is also available to complete the basic initialization process.
Users can use launch Cisco IDM from a supported Internet browser by using the IPS sensor IP address as follows:
https://sensor_ip_address
There are three basic built-in user roles supported to perform IPS sensor management:
Administrator
Operator
Viewer
When the Cisco IDM application is launched, it provides a basic system overview and IPS health statistics.
The Cisco IDM home page provides a high-level view of the state of the sensor and provides comprehensive system information, such as
Device information
Information on whether bypass mode is enabled or disabled
Missed packets percentage
The number of sensing interfaces
Displays of the CPU and memory usage of the sensor
Interface status (management and sensing interfaces)
Alert summary showing all event alarms from Informational, Low, Medium, and High alerts.
Displays of a graphical view of the number of alerts at each severity level
Other monitoring options and configuration submenus
Table 24-13 lists the system requirements needed to launch the Cisco IDM application.
Operating System | Requirements |
---|---|
Windows 2000 (Service Pack 4)
Windows XP (English or Japanese version) | |
Sun SPARC Solaris |
|
Linux | |
The information in Table 24-13 is taken from "Installing and Using Cisco Intrusion Prevention System Device Manager 6.0—Getting Started" at http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a0080618948.html. Other web browsers may also work with Cisco IDM, but Cisco supports and recommends only the browsers listed and system parameters mentioned in Table 24-13. |
For more details on installing and using the Cisco IDM tool, refer to the following Cisco documentation: