Cisco IDS-4235

suksuk Member Posts: 8 ■□□□□□□□□□
This question is especially for those of you who have taken the IPS course 642-533.
I don't know anything about IDS devices but I'm going for CCSP and while checking on devices I would need on ebay, I saw this IDS device and wondering if it would help me to practise for the IPS course. Worse again, I'm not even sure if I would need it for the course.
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&ssPageName=STRK:MEBTOX:IT&item=360014185043&_trksid=p3984.cTODAY.m238.lVI

Any comments would be appreciated.
Thanks.

Comments

  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    It's a different technology. IDS can alert, log, and broadcast status messages, and things of that nature. The IPS can for example send config change commands to routers, firewalls and other devices. Also, the IPS exam requires some knowledge of the IDM (the GUI interface for IPS sensors). I'm not sure whether or not you can have all the features with the IDS chassis you linked to, but it's at least worth looking it up to see if you might be able to get modules and what not, to give you at least some of the IPS functionality. We use other solutions in our implementations for "pure" IDS functionality (such as snort).

    Keatron.
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    The old IDS 4.x software would let you sniff the network traffic and then react to it, long after the first attack packets had already "hit their target" -- so it wasn't that good for "one hit wonders" icon_lol.gif

    With the "new IPS" -- the IPS device is in the path of the attack traffic so it can take action on its own starting with the first packet it sees.

    An old IDS 4210 with the 5.x software (and only the one sensing interface) can still use a VLAN Pair to work inline -- so anything with the 5.x (or greater) should work for the current IPS exam.

    The 4235 running 5.x (or greater) can let you run actual interface pairs for inline scanning.


    The picture does look like a 4235 -- but they do say that's not the unit you'll get. In the past some sellers have tried to pawn off old NetRangers as IDSs and IPSs -- or sold them without the hard drives (and without the software on the recovery partition) which makes them extremely overpriced PC motherboards in a case.

    This auction also says they don't take returns for software issues.... so I'd ask for a terminal session printout that shows all the way to the login prompt.

    I think I paid $600 for my 4210 a couple years back, and probably $1000 for the 4235 last year. If you get a working one (that has the 5.x software or greater), the price is reasonable.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • suksuk Member Posts: 8 ■□□□□□□□□□
    Thanks for the help everybody.

    Now that I know that this is not a good device that would help me, could you please list the devices that are necessary to practice for CCSP.

    I appreciate it.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    There are quite a few. 42xx sensors, AIP-SSM xx in an ASA box, Hardware modules for high end switches and routers. Your only real criteria is that they come loaded with 5.x or 6.x. None of which are cheap even 2ndhand. You may want to look into renting some rack time (CCIE Security racks will include at least one IPS running 5.x).
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.