Table of Contents
Index
A
B
C
D
E
F
G
H
I
L
M
N
P
R
S
T
U
W
Index
A
accounts
additional settings 5-27
Approver (account type) 2-2, 6-1
approving configurations 6-3
audience for this document ix
audit log reports
automatic IP logging 5-16
B
blocking
overriding for certain networks and hosts 5-11, 7-14
blocking devices
blocking properties
blocking routers
C
cautions
Cisco.com, accessing xv
Cisco Secure Policy Manager
migrating from A-1
migration of event data from A-1
using custom signatures from A-1
using sensor configurations from A-1
Cisco Security Wheel (figure) 3-1
plink 4-12
configuration files
copying 5-52
reviewing historical settings 5-58
reviewing pending settings 5-55
unlocking pending settings 5-57
configurations
approving 6-3
deploying 6-4
generating 6-2
task list for 6-2
D
database warning 8-1
deploying configurations 6-4
Director
Discover Settings 4-5
documentation xi
additional online xiv
audience for this ix
feedback, submitting electronically xvi
obtaining xiv
CD-ROM xv
Cisco.com xv
ordering xvi
other Cisco publications and information xix
related to this product xiii
typographical conventions in x
E
event logging 5-14
F
false negatives
false positives
fingerprints
G
generating configuration 6-2
groups
definition of 4-1
discussion of 4-1
task list for setting up 4-3
H
help xvi
Cisco.com xvii
online documentation xiv
TAC xvii
Escalation Center xix
website xviii
Help Desk (account type) 2-2, 6-1
I
IDSM (Intrusion Detection System Module)
installation guide 2-1
interfaces 3-6
internal networks
Intrusion Detection System Module
See IDSM (Intrusion Detection System Module)
L
link status
logging IP sessions 5-17
M
master blocking sensors
definition of 5-13
specifying 5-13
N
Network Administrator (account type) 2-2, 6-1
network intrusions
Network Operator (account type) 2-2, 6-1
P
port mapping
R
RDEP 5-20
rejected fingerprints
remote hosts
definition of 5-22
specifying 5-22, 5-26
reports
audit 8-11
deleting 8-16
deleting scheduled report templates 8-18
editing parameters for 8-17
saving as HTML 8-15
viewing 8-15
S
Secure Shell protocol
security policies
Security Wheel
See Cisco Security Wheel (figure)
sensor groups
sensor placement
considerations for 3-4
network connection types (figure) 3-4
sensors
adding to sensor groups 4-3
configuring sensing interfaces for 5-32
considerations for placement on network 3-7
creating sensor subgroups 4-15
defining identification properties for 5-29
definition of 5-1
deployment considerations 3-8
method of functioning 3-6
placement in network 3-4
task list for setting up 4-3
types of 3-7
sensor settings
copying from a group 4-16
retrieving from sensors 4-5
task list for configuring 5-2
sensor signatures
sensor software
signatures
configuring general signatures 5-39
definition of 3-2, 5-34
discussion of 5-34
methods of tuning 3-3, 7-1, 7-3
tuning by defining filters 5-46, 7-8
tuning by port mapping 5-4, 7-2, 7-6
tuning by setting the minimum level of events 5-22
tuning by specifying reassembly options 5-51, 7-2, 7-4
tuning by using blocking exemptions 7-2
tuning by using filtering 7-3
signature settings
task list for configuring 5-2
signature updates
notification by e-mail 5-61
notification by e-mail (Tip) 5-34
signature versions
Software Center 5-68
SSH
definition of 4-8
purpose of 4-8
SSH fingerprints 4-11
how to handle when rejected 4-12
syslog data sources
System Administrator (account type) 2-2, 6-1
T
TAC (Technical Assistance Center) xvii
Escalation Center xix
website xviii
technical support xvi
Cisco.com xvii
TAC xvii
Escalation Center xix
website xviii
TLS 5-21
typographical conventions in this document x
U
Unix Director
migrating from A-1
migration of event data from A-1
using custom signatures from A-1
using sensor configurations from A-1
unsupported settings
user accounts
W
warnings, significance of x
watchdog
Web browser requirements 2-1
