The IDS4215 is an EoL piece of hardware under the IPS4200 family. I know a Singaporean vendor who sold this hardware at a high price despite this hardware is as old as 2600xm series routers. I managed to get this IDS at a reasonable price over ebay.
What is an IDS?
Intrusion Detection System is a system that detects anomaly and invoke an action. The action may be alerting ASA or other firewall but it will not stop anomaly from harming your system. Unlike IPS, it cannot drop the suspicious traffic itself. The IDS4215 is a computer that is operating a linux kernel (2.4) it uses Redhat distribution. It could be a x86 architecture, which you can have chance to use the IPS software in your own x86 architecture computer (perhaps, but i do not know how…)
IDS# setup --- System Configuration Dialog --- At any point you may enter a question mark '?' for help. User ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets ''. Current Configuration: service host network-settings host-ip 192.168.1.10/24,192.168.1.1 host-name IDS telnet-option disabled access-list 192.168.1.0/24 ftp-timeout 300 no login-banner-text exit time-zone-settings offset 480 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabled exit service web-server port 443 exit service interface physical-interfaces FastEthernet0/1 admin-state enabled exit exit service event-action-rules rules0 overrides override-item-status Enabled risk-rating-range 90-100 exit exit Current time: Tue Jun 28 14:31:08 2011 Setup Configuration last modified: Tue Jun 28 12:49:35 2011 Continue with configuration dialog?[yes]:
You can use the setup script or you can do it yourself manually. Let’s go through the setup script.
Setup Configuration last modified: Tue Jun 28 12:49:35 2011 Continue with configuration dialog?[yes]: Enter host name[IDS]: Enter IP interface[192.168.1.10/24,192.168.1.1]: Enter telnet-server status[disabled]: Enter web-server port: Modify current access list?[no]: Modify system clock settings?[no]: Modify interface/virtual sensor configuration?[no]: Modify default threat prevention settings?[no]: No changes were made to the configuration.
This is just a run through, i do not want to change my setup configuration as of now. If you just got your IDS box, I recommend you say Yes to Modify current access list. You need to specify an access list so that your system is allowed to manage the IDS, if you do not specify the access-list all traffic will be dropped. You can choose not to manage via ssh or https, if this is what you want then you can ignore the access list portion.
Cisco IPS device manager (IDM)
It is recommended to use JRE version 1.4.2 (any release) to launch the IDM, and I am using WinXP SP3 1GB RAM, 20GB HDD, JRE 1.4.2 (initial release). You have to set the maximum heap size to 256mb, if you do not IDM will refuse to launch. I recommend you read this on how to increase the JRE heap size.
An IDS/IPS without an updated signature file is as good as getting a trial version Antivirus software. You need to pay for yearly subscription for a license.