Best Practices for IDS/IPS Sensor that are discussed in Chapter 14, apply to the IDSM-2 blade as well. In addition to the best practices listed there, here are some recommendations for implementing IDSM-2: Use VACL instead of SPAN when possible to filter out unnecessary traffic. Assign a Command and Control interface to a secured VLAN that is isolated from the rest of the network so that the security policy may be applied to the VLAN to secure the IDSM-2 blade. Be mindful of the amount of traffic spanning to the IDSM-2 blade. If the traffic volume crosses the limit that the IDSM-2 blade can handle, the IDSM-2 may become unresponsive or crash. Implement AAA on the switch so that IDSM-2 access can be limited for certain users using authorization configuration. |