Page 1 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: DOC=7816124 Text Part Number: 78-16124-01...
Page 2 You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures: •...
Page 3: Table Of Contents
Correcting the Time on the Sensor 1-16 Installation Preparation 1-16 Site and Safety Guidelines 1-17 Site Guidelines 1-17 Rack Configuration Guidelines 1-18 Electrical Safety Guidelines 1-18 Power Supply Guidelines 1-19 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 4 3-17 Removing the Compact Flash Device 3-17 Replacing the Compact Flash Device 3-18 Removing and Installing the 4FE Card 3-19 Removing the 4FE Card 3-20 Installing the 4FE Card 3-22 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 5 Installing the Slide Assemblies in the Rack 4-28 Installing IPS-4240 and IPS-4255 C H A P T E R Introducing IPS-4240 and IPS-4255 Front and Back Panel Features Specifications Accessories Rack Mounting Installing IPS-4240 and IPS-4255 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 6 Powering IDSM-2 Up and Down 7-15 Catalyst Software 7-15 Cisco IOS Software 7-15 Installing NM-CIDS C H A P T E R Specifications Software and Hardware Requirements Hardware Architecture Front Panel Features Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 7 10-8 Using the CLI 10-9 Cisco IPS Active Update Bulletins 10-11 Accessing IPS Documentation 10-12 Cisco Security Center 10-13 L O S S A R Y N D E X Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 8 Contents Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 viii 78-16124-01...
Page 9 Preface This guide describes how to install appliances and modules that support Cisco IPS 5.0. It includes a glossary that contains expanded acronyms and pertinent IPS terms. It is part of the documentation set for Cisco Intrusion Prevention System 5.0. Use this guide in conjunction with the documents listed in...
Page 10 Means reader be warned. In this situation, you might perform an action that could result in Warning bodily injury. Related Documentation These documents support Cisco Intrusion Prevention System 5.0 and can be found on Cisco.com at this URL: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_series_home.html •...
Page 11 Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 12 Preface Obtaining Documentation and Submitting a Service Request Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 13: How The Sensor Functions
The sensor can operate in either promiscuous or inline mode. Figure 1-1 on page 1-2 shows how you can deploy a combination of sensors operating in both inline (IPS) and promiscuous (IDS) modes to protect your network. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 14: Chapter 1 Introducing The Sensor
The command and control interface is always Ethernet. This interface has an assigned IP address, which allows it to communicate with the manager workstation or network devices (Cisco switches, routers, and firewalls). Because this interface is visible on the network, you should use encryption to maintain data privacy.
Page 15: Sensor Interfaces
The advantage of operating in promiscuous mode is that the IPS does not affect the packet flow with the forwarded traffic. The disadvantage of operating in Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 16: Inline Mode
The TCP resets need 802.1q headers to tell which VLAN the resets should be sent on. Note When a network tap is used for monitoring a connection. • Note Taps do not allow incoming traffic from the sensor. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 17: Supported Interfaces
Chapter 1 Introducing the Sensor How the Sensor Functions Supported Interfaces Table 1-1 describes the interface support for appliances and modules running Cisco IPS 5.0: Table 1-1 Interface Support Added PCI Interfaces Supporting Possible Port Interfaces Not Base Chassis Cards...
Page 18: Your Network Topology
(for example, the size and type of network interface cards), and how many managers are needed. Supported Sensors Table 1-2 on page 1-7 lists the sensors (appliances and modules) that are supported by Cisco IPS 5.0. For instructions on how to obtain the most recent Cisco IPS software, see Obtaining Cisco IPS Software, Note page 10-1.
Page 19 The following NRS and IDS appliance models are legacy models and are not supported in this document: NRS-2E • NRS-2E-DM • NRS-2FE • NRS-2FE-DM • NRS-TR • NRS-TR-DM • • NRS-SFDDI • NRS-SFDDI-DM • NRS-DFDDI • NRS-DFDDI-DM • IDS-4220-E • IDS-4220-TR • IDS-4230-FE Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 20: Appliances
• IDS-4230-DFDDI • WS-X6381, IDSM, is a legacy model and is not supported in this document. Note IDS-4210 requires a memory upgrade to support the most recent Cisco IPS software. For more Note information, see Upgrading the Memory, page 2-3.
Page 21: Appliance Restrictions
You can use terminal servers to remotely manage network equipment, including appliances. To set up a Cisco terminal server with RJ-45 or hydra cable assembly connections, follow these steps: Connect to a terminal server using one of the following methods: Step 1 •...
Page 22: Modules
Modules This section describes the modules, and contains the following topics: • Introducing AIP-SSM, page 1-11 • Introducing IDSM-2, page 1-12 • Introducing NM-CIDS, page 1-12 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-10 78-16124-01...
Page 23: Introducing Aip-Ssm
Modules Introducing AIP-SSM The Cisco ASA Advanced Inspection and Prevention Security Services Module (AIP-SSM) is the IPS plug-in module in the Cisco ASA 5500 series adaptive security appliance (ASA). ASA software combines firewall, VPN concentrator, and intrusion detection and prevention software functionality into one software image.
Page 24: Introducing Idsm-2
With NM-CIDS, you can implement full-featured IDS at your remote branch offices. You can install NM-CIDS in any one of the network module slots on the Cisco 2600, 3600, and 3700 series routers. NM-CIDS can monitor up to 45 Mbps of network traffic. See Software and Hardware Requirements, page 8-2 for a list of supported routers.
Page 25 You cannot manually set the time on NM-CIDS. NM-CIDS gets its time from the Cisco router in which it is installed. Routers do not have a battery so they cannot preserve a time setting when they are powered off. You must set the router’s clock each time you power up or reset the router, or you can configure the router to use NTP time synchronization.
Page 26: Time Sources And The Sensor
You can configure the appliance to get its time from an NTP time synchronization source. For the procedure, refer to Configuring a Cisco Router to be an NTP Server. You will need the NTP server IP address, the NTP key ID, and the NTP key value. You can set up NTP on the appliance during initialization or you can configure NTP through the CLI, IDM, or ASDM.
Page 27 – Use NTP You can configure NM-CIDS to get its time from an NTP time synchronization source, such as a Cisco router other than the parent router. For the procedure, refer to Configuring a Cisco Router to be an NTP Server.
Page 28: Correcting The Time On The Sensor
Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Step 2 To familiarize yourself with the IPS and related documentation and where to find it on Cisco.com, read Documentation Roadmap for Cisco Intrusion Prevention System 5.0. Step 3 Obtain the Release Notes for Cisco Intrusion Prevention System 5.0...
Page 29: Site And Safety Guidelines
Make sure that the chassis top panel is secure. The chassis is designed to allow cooling air to flow • effectively within it. An open chassis allows air leaks, which can interrupt and redirect the flow of cooling air from the internal components. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-17 78-16124-01...
Page 30: Rack Configuration Guidelines
Use the chassis within its marked electrical ratings and product usage instructions. • Install the sensor in compliance with local and national electrical codes as listed in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. •...
Page 31: Power Supply Guidelines
Step 1 Use a static dissipative work surface and wrist strap. Step 2 Disposable wrist straps, typically those included with an upgrade part, are designed for one time Note use. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-19 78-16124-01...
Page 32: Cable Pinouts
10/100Base-TX and 10/100/1000Base-TX Connectors Sensors support 10/100/1000Base-TX ports. You must use at least a Category 5 cable for 100/1000Base-TX operations. You can use a Category 3 cable for 10Base-TX operations. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-20 78-16124-01...
Page 33 4 5 6 7 8 Figure 1-6 shows the 10/100/1000BASE-TX (RJ-45) port pinouts. Figure 1-6 10/100/1000 Port Pinouts Label 4 5 6 7 8 TP0+ TP0- TP1+ TP2+ TP2- TP1- TP3+ TP3- Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-21 78-16124-01...
Page 34: Console Port (Rj-45)
• Rolled (console) • Cisco typically provides a rolled RJ-45 cable with hardware for console use. The IPS appliances are Note shipped with the rolled (console) cable and one or more straight-through cables for sensing ports. Figure 1-7 on page 1-22 shows the RJ 45 cable.
Page 35: To Db-9 Or
RJ-45 to DB-9 or DB-25 Table 1-3 lists the cable pinouts for RJ-45 to DB-9 or DB-25. Table 1-3 Cable Pinouts for RJ-45 to DB-9 or DB-25 Signal RJ-45 Pin DB-9 /DB-25 Pin Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-23 78-16124-01...
Page 36 Chapter 1 Introducing the Sensor Cable Pinouts Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 1-24 78-16124-01...
Page 37: Installing Ids-4210
This chapter contains the following sections: • Front and Back Panel Features and Indicators, page 2-2 • Upgrading the Memory, page 2-3 • Installing IDS-4210, page 2-5 • Installing the Accessories, page 2-7 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 38: Front And Back Panel Features And Indicators
Ethernet port; blinks when activity occurs on this channel. LAN2 activity/link Amber Lights up when the LAN2 connector is linked to an Ethernet port; blinks when activity occurs on this channel. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 39: Upgrading The Memory
(unused) Upgrading the Memory IDS-4210, IDS-4210-K9, and IDS-4210-NFR must have 512 MB of RAM to support Cisco IPS 5.0. If you are upgrading an existing IDS-4210, IDS-4210-K9, or IDS-4210-NFR to 5.0, you must insert one additional 256-MB DIMM (part number IDS-4210-MEM-U) to upgrade the memory to the required 512 MB minimum.
Page 40 Power on the sensor and make sure the new memory total is correct. Note If the memory total does not reflect the added DIMMs, repeat Steps 1 through 4 to ensure the DIMMs are seated correctly in the socket. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 41: Installing Ids-4210
Warning Statement 1030 Follow proper safety procedures when performing these steps by reading the safety warnings in Caution Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Note If you purchased an IDS-4210 before July 2003, you must upgrade the memory to 512 MB to install Cisco IPS 5.0.
Page 42 For the procedures for configuring intrusion prevention on your sensor, refer to the following • documents: – Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface – Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 43: Installing The Accessories
Cisco Documentation CD – Cisco Intrusion Prevention System Documentation Roadmap 5.0 – Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 – Series Appliance Sensor Installing and Removing the Bezel You can install a Cisco bezel for IDS-4210.
Page 44: Installing Center Mount Brackets
Step 6 Lift IDS-4210 into position between the two posts with the hole in the mounting bracket aligned one hole above the mark you made in the two posts (Figure 2-3). Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 45: Installing Front Mount Brackets
100M bps LINK 100M DRIV E 0 DRIV E 1 CON S ETH ERN ET 0 ETH ERN ET 1 SCS I LVD ONLY DRIV E 0 DRIV E 1 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 46 Use the bolts provided with the rack to fasten the front flanges of IDS-4210 to the rack. Step 5 When you are done, IDS-4210 should not slide on the channel bar. Note Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 2-10 78-16124-01...
Page 47: Installing Ids-4215
800 new TCP connections per second, 800 HTTP transactions per second, average packet size of 445 bytes, and system running Cisco IPS 5.0 software. The sensing interfaces and the command and control interface are all 10/100BASE-TX.
Page 48: Front And Back Panel Features
Figure 3-2. The built-in Ethernet ports have three indicators per port and the 4FE card has two indicators per port. Figure 3-3 on page 3-3 shows the back panel indicators. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 49: Specifications
11.5 lb (4.11 kg) Form factor 1 RU, standard 19-inch rack-mountable Expansion Two 32-bit/33-MHz PCI slots Power Autoswitching 100V to 240V AC Frequency 50 to 60 Hz, single phase Operating current 1.5 A Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 50: Accessories
Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Warning Statement 1030 IDS-4215 accessories kit contains the following: DB25F/RJ45F adaptor • DB9F/RJ45F adaptor • Rubber mounting feet • Rack mounting kit—screws, washers, and metal bracket • Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 51: Surface Mounting
If you are installing the 4FE card in IDS-4215, do not install the mounting brackets until after you have installed the 4FE card. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 52 D et ec ti on S en so r Attach IDS-4215 to the equipment rack Step 2 CI SC O ID S- 42 Intr usi on De tec tion Sen sor Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 53: Installing Ids-4215
Statement 1030 Follow proper safety procedures when performing these steps by reading the safety warnings in Caution Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. To install IDS-4215 on the network, follow these steps: Position IDS-4215 on the network.
Page 54 Initialize IDS-4215. Step 7 For the procedure, see Initializing the Sensor, page 9-2. Upgrade IDS-4215 to the most recent Cisco IPS software. Step 8 For the procedure, see Obtaining Cisco IPS Software, page 10-1. You are now ready to configure intrusion prevention on IDS-4215.
Page 55: Upgrading The Bios And Rommon
– Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface – Upgrading the BIOS and ROMMON Some TFTP servers limit the maximum file size that can be transferred to ~32 MB. Therefore, we recommend the following TFTP servers: •...
Page 56 IDS-4215 reboots when the update is complete. Do not remove power to IDS-4215 during the update process, otherwise the upgrade can get corrupted. Caution If this occurs, IDS-4215 will be unusable and require an RMA. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-10 78-16124-01...
Page 57: Removing And Replacing The Chassis Cover
Replacing the Chassis Cover, page 3-13 • Removing the Chassis Cover Removing the appliance chassis cover does not affect your Cisco warranty. Upgrading IDS-4215 does Note not require any special tools and does not create any radio frequency leaks. To remove the chassis cover, follow these steps: Step 1 Log in to the CLI.
Page 58 Step 7 CISCO IDS-4215 Intrusion Detection Sensor POWER NETWORK Pull the top panel up and put it in a safe place. Step 8 CISCO IDS-4215 Intrusion Detection Sensor POWER NETWORK Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-12 78-16124-01...
Page 59: Replacing The Chassis Cover
Slide the top panel toward the front, making sure that the top panel tabs fit under the chassis back panel and the back panel tabs fit under the top panel. CISCO IDS-4215 Intrusion Detection Sensor POWER NETWORK Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-13 78-16124-01...
Page 60: Removing And Replacing The Ide Hard-Disk Drive
Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Warning Statement 1030 Only use the replacement IDE hard-disk drive from Cisco. We cannot guarantee that other hard-disk Caution drives will operate properly with the IPS.
Page 61: Removing The Hard-Disk Drive
Remove the chassis cover. Step 6 For the procedure, see Removing the Chassis Cover, page 3-11. Loosen the two captive screws from the hard-disk drive carrier. Step 7 Hard drive Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-15 78-16124-01...
Page 62: Replacing The Hard-Disk Drive
Push carefully until the hard-disk drive is seated. Step 4 Tighten the two captive screws. Step 5 Replace the chassis cover. For the procedure, see Replacing the Chassis Cover, page 3-13. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-16 78-16124-01...
Page 63: Removing And Replacing The Compact Flash Device
Follow proper safety procedures when removing and replacing the compact flash by reading the safety Caution warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. This section describes how to remove and replace the compact flash device in IDS-4215. It contains the following topics: •...
Page 64: Replacing The Compact Flash Device
To replace the compact flash device in IDS-4215, follow these steps: Place IDS-4215 in an ESD-controlled environment. Step 1 For more information, see Working in an ESD Environment, page 1-19. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-18 78-16124-01...
Page 65: Removing And Installing The 4Fe Card
Caution Follow proper safety procedures when installing and removing the 4FE card by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0...
Page 66: Removing The 4Fe Card
Loosen the single captive screw that holds the connecting flange of the 4FE card to the back cover plate. Step 7 Loosen the two captive screws from the back cover on the left and put the back cover aside. Step 8 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-20 78-16124-01...
Page 67 Replace the back cover plate and tighten the two captive screws. Step 11 Replace the chassis cover. Step 12 For the procedure, see Replacing the Chassis Cover, page 3-13. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-21 78-16124-01...
Page 68: Installing The 4Fe Card
When you insert a 4FE card in the slot, the end of the card connector extends past the end of the Note slot. This does not affect the use or operation of the card. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-22 78-16124-01...
Page 69 3-13. You will need to assign the new interfaces (FastEthernet1/0, FastEthernet1/1, FastEthernet1/2, and FastEthernet1/3). For the CLI procedure, refer to Configuring Interfaces. For the IDM procedure, refer Configuring Interfaces. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-23 78-16124-01...
Page 70 Chapter 3 Installing IDS-4215 Removing and Installing the 4FE Card Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 3-24 78-16124-01...
Page 71: Introducing Ids-4235 And Ids-4250
The 250-Mbps performance for IDS-4235 is based on the following conditions: 2500 new TCP Note connections per second, 2500 HTTP transactions per second, average packet size of 445 bytes, system running Cisco IPS 5.0 sensor software. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 72: Front-Panel Features And Indicators
Cisco IPS 5.0 software. Front-Panel Features and Indicators Figure 4-1 on page 4-3 shows the controls, indicators, and connectors located behind the bezel on the front panel of IDS-4235 and IDS-4250. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 73 Hard-disk drive The green hard-disk drive activity indicator flashes when the indicator hard-disk drive is in use. Power button The power button lights up when the system power is on. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 74: Back-Panel Features And Indicators
Command and Control interface: GigabitEthernet0/1 Sensing interface: GigabitEthernet0/0 Mouse connector (unused) Serial connector (Com1) Redundant power (optional) Main power Video connector Keyboard connector System status indicator connector System identification button Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 75: Specifications
If the BIOS version is earlier than A04 on IDS-4235 or IDS-4250, you must upgrade the BIOS before you install Cisco IPS 5.0 software. Caution Do not apply this BIOS upgrade to appliance models other than IDS-4235 and IDS-4250. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 76: Using The Tcp Reset Interface
Step 1 You can find the file in the /BIOS directory on the recovery/upgrade CD, or you can download it from Cisco.com. For the procedure for downloading Cisco IPS software from the Software Center on Cisco.com, see Obtaining Cisco IPS Software, page 10-1.
Page 77: Installing Ids-4235 And Ids-4250
Statement 1030 Caution Follow proper safety procedures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. To install IDS-4235 and IDS-4250 on the network, follow these steps: Step 1 Position the appliance on the network.
Page 78 (copper NIC) sensing port (with one TX card installed). Only one optional TX adapter is supported. Power on the appliance. Step 5 Caution If the BIOS version is earlier than A04, you must apply the BIOS upgrade before installing Cisco IPS 5.0 on the appliance. For the procedure, see Upgrading the BIOS, page 4-5.
Page 79: Installing The Accessories
Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface – Installing the Accessories This section describes the contents of the IDS-4235 and IDS-4250 accessories package and how to install the accessories.
Page 80: Installing And Removing The Bezel
IDS-PWR=) in IDS-4235 and IDS-4250. Follow proper safety procedures when performing the following steps by reading the safety warnings in Caution Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0...
Page 81 PDB or touch the connectors on the PDB or power supplies. Slide the power supply toward the PDB until the power-supply edge connector is fully seated in the PDB Step 10 connector (see Figure 4-4 on page 4-12). Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-11 78-16124-01...
Page 82: Installing Optional Pci Cards
You can install one or two SX cards in the IDS-4250. TX card (10/100/1000TX sensing interface, part number, IDS-4250-TX-INT=) • You can install the TX card in the upper PCI slot in the IDS-4250. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-12 78-16124-01...
Page 83 You can install the 4FE card in the lower PCI slot in the IDS-4235 and IDS-4250. Follow proper safety procedures when performing the following steps by reading the safety warnings in Caution Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor.
Page 84: Disconnecting The Xl Card Fiber Ports
You will not experience this problem if you order IDS-4250-XL—with the XL card already Note installed—because it is rebooted at the factory. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-14 78-16124-01...
Page 85: Removing And Replacing The Scsi Hard-Disk Drive
Caution Follow proper safety procedures when removing and replacing the hard-disk drive by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Caution Do not install a second hard-disk drive in IDS-4235 and IDS-4250. The spare hard-disk drives are meant to replace the original hard-disk drives and are not meant to be used with the original hard-disk drive.
Page 86: Removing The Scsi Hard-Disk Drive
Installing and Removing the Bezel, page 4-10. Step 5 Open the hard-disk drive handle to release the drive. Step 6 Slide the hard-disk drive out until it is free of the drive bay. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-16 78-16124-01...
Page 87: Replacing The Scsi Hard-Disk Drive
• Installing the Slide Assemblies, page 4-18 • Installing the Appliance in the Rack, page 4-20 • Installing the Cable-Management Arm, page 4-21 • Routing the Cables, page 4-25 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-17 78-16124-01...
Page 88: Recommended Tools And Supplies
Install two 10-32 x 0.5-inch flange-head Phillips screws in the mounting flange’s top and bottom holes Step 5 to secure the slide assembly to the front vertical rail (see Figure 4-6 on page 4-19). Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-18 78-16124-01...
Page 89 Repeat Steps 3 through 7 for the remaining slide assembly on the other side of the rack. Step 9 Ensure that the slide assemblies are mounted at the same position on the vertical rails on each side of the rack. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-19 78-16124-01...
Page 90: Installing The Appliance In The Rack
The appliance release latch moves forward and then snaps back as the shoulder screw passes into the front slot. Use the appliance release latch when you want to remove the appliance from the slide Note assemblies. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-20 78-16124-01...
Page 91: Installing The Cable-Management Arm
If you are installing several appliances in the rack, consider installing the cable management arms on alternating sides of the rack for ease in cable routing. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-21 78-16124-01...
Page 92 The two-post rack kit has two stop blocks: one for right-side mounting, and one for left-side Note mounting. You can only install the proper stop block. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-22 78-16124-01...
Page 93 Route the status-indicator end of the cable assembly through the cable-management arm, and install the Step 7 indicator in its slot at the back end of the cable-management arm (see Figure 4-9 on page 4-24). Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-23 78-16124-01...
Page 94 Bend the power cords back beside the power receptacle housing and form a tight loop. Install the strain-relief tie-wrap loosely around the looped power cord (see Figure 4-10 on page 4-25). Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-24 78-16124-01...
Page 95: Routing The Cables
Do not fully tighten the tie-wraps at this time (see Figure 4-11 on page 4-26). Allow some cable slack in the cable-management arm to prevent damage to the cables. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-25 78-16124-01...
Page 96 Step 6 Replace the rack doors. Note Refer to the procedures for replacing the rack doors in the documentation provided with the rack cabinet. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-26 78-16124-01...
Page 97: Two-Post Rack Installation
One pair of slide assemblies (two-post) • • One cable-management arm • One status-indicator cable assembly • Two stop blocks • Eight 12-24 x 0.5-inch pan-head Phillips screws • Releaseable tie wraps Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-27 78-16124-01...
Page 98: Marking The Rack
12-24 x 0.5-inch pan-head Phillips screws (Figure 4-12 on page 4-29). Repeat Steps 1 and 2 to install the left side assembly in the rack. Step 3 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-28 78-16124-01...
Page 99 Place the bracket from one slide assembly onto the threaded studs on the opposite slide assembly, with Step 4 the bracket turned 180 degrees so that the mounting flange faces forward (see Figure 4-13 on page 4-30). Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-29 78-16124-01...
Page 100 Repeat Steps 8 and 9 to install the right slide assembly in the rack. Use and 11/32-inch wrench or nut driver to fully tighten the nuts on the mounting brackets on both slide Step 11 assemblies that you tightened with your fingers. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-30 78-16124-01...
Page 101 Chapter 4 Installing IDS-4235 and IDS-4250 Installing the Accessories Figure 4-14 Installing the Slide Assemblies for Flush-Mount Configuration Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-31 78-16124-01...
Page 102 Chapter 4 Installing IDS-4235 and IDS-4250 Installing the Accessories Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 4-32 78-16124-01...
Page 103: Introducing Ips-4240 And Ips-4255
Note connections per second, 2500 HTTP transactions per second, average packet size of 445 bytes, and the system running Cisco IPS 5.0 software. The 250-Mbps performance is traffic combined from all four sensing interfaces. IPS-4255 monitors up to 600 Mbps of aggregate network traffic on multiple sensing interfaces and is also inline ready.
Page 104: Front And Back Panel Features
Solid amber when the power-up diagnostics have failed. Flash Off when the compact flash device is not being accessed. Blinks green when the compact flash device is being accessed. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 105 Table 5-2 Back Panel Indicators Indicator Color Description Left side Green solid Physical link Green blinking Network activity Right side Not lit 10 Mbps Green 100 Mbps Amber 1000 Mbps Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 106: Specifications
Nonoperating 0 to 15,000 ft (4750 m) Shock Operating 1.14 m/sec (45 in./sec) ½ sine input Nonoperating 30 G Vibration 0.41 Grms2 (3 to 500 Hz) random input Acoustic noise 60 dBa (maximum) Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 107: Accessories
IPS-4240 and IPS-4255 accessories kit contains the following: • DB25 connector • DB9 connector • Rack mounting kit—screws, washers, and metal bracket • RJ45 console cable • Two 6-ft Ethernet cables Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 108: Rack Mounting
The top hole on the left bracket is a banana jack you can use for ESD grounding purposes when Note you are servicing the system. You can use the two threaded holes to mount a ground lug to ground the chassis. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 109: Installing Ips-4240 And Ips-4255
Statement 1030 Caution Follow proper safety procedures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. To install IPS-4240 and IPS-4255 on the network, follow these steps: Step 1 Position the appliance on the network.
Page 110 GigabitEthernet0/0, GigabitEthernet0/1, GigabitEthernet0/2, and GigabitEthernet0/3 (from right to left) are sensing ports. • Management0/0 is the command and control port. Step 7 Power on the appliance. Step 8 Initialize the appliance. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 111 For the procedures for configuring intrusion prevention on your sensor, refer to the following documents: Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 112 Chapter 5 Installing IPS-4240 and IPS-4255 Installing IPS-4240 and IPS-4255 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 5-10 78-16124-01...
Page 113: Specifications
Memory Specifications Table 6-2 lists the memory specifications for AIP-SSM. Table 6-2 AIP-SSM Memory Specifications Model DRAM AIP-SSM-10 2.0 GHz Celeron 1.0 GB AIP-SSM-20 2.4 GHz Pentium 4 2.0 GB Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 114: Hardware And Software Requirements
The system has passed power-up diagnostics. LINK/ACT Green Solid There is Ethernet link. Flashing There is Ethernet activity. SPEED Green 100 MB There is network activity. 1000 MB There is network activity. Amber (GigabitEthernet) Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 115: Installation And Removal Instructions
You can also verify that AIP-SSM is online using the show module command. For more information, see Verifying the Status of AIP-SSM, page 6-4. Step 8 Initialize AIP-SSM. For the procedure, see Initializing the Sensor, page 9-2. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 116: Verifying The Status Of Aip-Ssm
Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface Verifying the Status of AIP-SSM You can use the show module 1 command to verify that AIP-SSM is up and running.
Page 117: Removing Aip-Ssm
If AIP-SSM is properly installed, the POWER indicator is solid green and the STATUS indicator is flashing green. Or you can verify installation using the show module command. For the procedure, see Verifying the Status of AIP-SSM, page 6-4. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 118 Chapter 6 Installing AIP-SSM Installation and Removal Instructions Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 119: Installing Idsm-2
Minimum: 3 lb (1.36 kg) Maximum: 5 lb (2.27 kg) Operating temperature +32° to +104°F (+0° to +40°C) Nonoperating temperature –40° to +167°F (–40° to +75°C) Humidity 10% to 90%, noncondensing Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 120: Software And Hardware Requirements
1. VACL blocking by IDSM-2 is supported on Catalyst software and not on Cisco IOS for this configuration. 2. Cisco IOS is supported on Supervisor 1A with PFC1 or MSFC1; however, IDSM-2 is not supported on this configuration. 3. VACL blocking by IDSM-2 is supported on Catalyst software and not on Cisco IOS for this configuration.
Page 121: Using The Tcp Reset Interface
Do not remove IDSM-2 from the switch until the module shuts down completely. Removing the module without going through a shutdown procedure can corrupt the application partition on the module and result in data loss. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 122: Installation And Removal Instructions
Statement 1030 Slot Assignments The Catalyst 6509-NEB switch has vertical slots numbered 1 to 9 from right to left. Install IDSM-2 with Note the component side facing to the right. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 123: Installing Idsm-2
Refer to your switch documentation for information about which slots are reserved for the supervisor engine or other modules. Step 3 Remove the installation screws (use a screwdriver, if necessary) that secure the filler plate to the desired slot. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 124 Hold IDSM-2 with one hand, and place your other hand under the IDSM-2 carrier to support it. Step 5 Caution Do not touch the printed circuit boards or connector pins on IDSM-2. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 125 INTRUSION DETECTION MODULE Ejector lever Captive installation screws Using the thumb and forefinger of each hand, simultaneously pivot in both ejector levers to fully seat Step 8 IDSM-2 in the backplane connector. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 126: Verifying Installation
– Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface Verifying Installation Verify that the switch acknowledges IDSM-2 and has brought it online. To verify the installation, follow these steps: Log in to the console.
Page 127 5.0(1) Mod Sub-Module Model Serial Status --- --------------------------- ------------------ ------------ ------- ------- 7 Policy Feature Card 3 WS-F6K-PFC3BXL SAD083305A1 7 MSFC3 Daughterboard WS-SUP720 SAD083206JX 11 IDS 2 accelerator board WS-SVC-IDSUPG Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 128: Removing Idsm-2
The reset powerdown command performs a shut down but does not remove power from Note IDSM-2. To remove power from IDSM-2, use the set module power down module_number command. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-10 78-16124-01...
Page 129 For More Information For more information on ESD-controlled environments, see Site and Safety Guidelines, page 1-17. • For the procedure for resetting IDSM-2, see Resetting IDSM-2, page 7-13. • Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-11 78-16124-01...
Page 130: Enabling Full Memory Tests
The set boot device command can either contain cf:1 or hdd:1. Reset IDSM-2. Step 4 The full memory test runs. A full memory test takes more time to complete than a partial memory test. Note Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-12 78-16124-01...
Page 131: Cisco Ios Software
Log in to the console. Step 2 Enter privileged mode: console> enable Step 3 Reset IDSM-2 to the application partition or the maintenance partition: console> (enable) reset module_number [hdd:1 | cf:1] Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-13 78-16124-01...
Page 132 8 reset Device BOOT variable for reset = Warning: Device list is not verified. Proceed with reload of module? [confirm] % reset issued for module 8 router# Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-14 78-16124-01...
Page 133: Catalyst Software
To power IDSM-2 up and down from the switch CLI, follow these steps: Step 1 Log in to the console. Step 2 Enter configure terminal mode: router# configure terminal Step 3 Power up IDSM-2: router(config)# power enable module module_number Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-15 78-16124-01...
Page 134 Chapter 7 Installing IDSM-2 Powering IDSM-2 Up and Down Power down IDSM-2: Step 4 router(config)# no power enable module module_number Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-16 78-16124-01...
Page 135 Chapter 7 Installing IDSM-2 Powering IDSM-2 Up and Down Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 7-17 78-16124-01...
Page 136: Specifications
This chapter lists the software and hardware requirements of NM-CIDS, and describes how to install and remove it. Note In Cisco IOS documentation, NM-CIDS is referred to as the Cisco IDS network module. Note NM-CIDS does not support inline (IPS) mode. It can only be configured for promiscuous (IDS) mode.
Page 137: Chapter 8 Installing Nm-Cid
Caution IOS) with the IDS that runs on NM-CIDS. NM-CIDS runs Cisco IPS 5.0. Because performance can be reduced and duplicate alarms can be generated, we recommend that you do not run Cisco IOS IDS and Cisco IPS 5.0 simultaneously.
Page 138 Console Memory Router Controlled by IOS Flash Router PCI Bus UART Fast Ethernet NM-CIDS Console Content CPU Fast Ethernet 1 Controlled by IDS Memory Disk Flash Fast Ethernet 0 NM-CIDS Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 139: Front Panel Features
For the procedure for assigning the IP address to gain access to the console and for setting up a loopback address, refer to Configuring Cisco IDS Interfaces on the Router. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 140 Removing NM-CIDS, page 8-9 • Blank Network Module Panels, page 8-11 Required Tools You need the following tools and equipment to install NM-CIDS in a Cisco modular router chassis slot: #1 Phillips screwdriver or small flat-blade screwdriver • ESD-preventive wrist strap •...
Page 141: Installing Nm-Cids Offline
Push NM-CIDS into place until you feel its edge connector mate securely with the connector on the motherboard. Step 6 Fasten the captive mounting screws of NM-CIDS into the holes in the chassis, using a Phillips or flat-blade screwdriver. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 142 For the procedures for configuring intrusion prevention on your sensor, refer to the following • documents: Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface – Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 143: Installing Nm-Cids Using Oir Support
Verify that NM-CIDS indicators light up, and that the Active/Ready indicators on the front panel also light up. Step 6 Initialize NM-CIDS. For the procedure, see Initializing the Sensor, page 9-2. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 144: Removing Nm-Cids
Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface – Removing NM-CIDS This section describes how to remove NM-CIDS offline or using OIR support, and contains the...
Page 145: Removing Nm-Cids Using Oir Support
8-11). Removing NM-CIDS Using OIR Support Cisco 3660 and Cisco 3700 series routers support OIR with similar modules only. If you remove an Caution NM-CIDS, install another NM-CIDS in its place. To remove NM-CIDS with OIR support, follow these steps:...
Page 146: Blank Network Module Panels
If the router is not fully configured with network modules, make sure that blank panels fill the unoccupied chassis slots to provide proper airflow as shown in Figure 8-3. Figure 8-3 Blank Network Module Panel Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 8-11 78-16124-01...
Page 147: Chapter 9 Initializing The Sensor
, the configuration is saved. If you type , the configuration is not saved and the process begins again. There is no default for this prompt; you must type either Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 148: Initializing The Sensor
Administrator can log in and assign a new password to the user who forgot the password. Or, if you have created the service account for support purposes, you can have TAC create a password. For more information, refer to Creating the Service Account. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 149: Initializing The Sensor
Specify the hostname. Step 6 The hostname is a case-sensitive character string up to 64 characters. Numbers, “_” and “-” are valid, but spaces are not acceptable. The default is sensor. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 150 Summertime is also known as DST. If your location does not use Summertime, go to Step n. Note Choose recurring, date, or disable to specify how you want to configure summertime settings. The default is recurring. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 151 Specify the standard time zone name. The zone name is a character string up to 24 characters long. Specify the standard time offset. The default is 0. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 152 Warning: Executing this command will stop all applications and reboot the node. Continue with reset? []: Step 19 Type to continue the reboot. Step 20 Display the self-signed X.509 certificate (needed by TLS): sensor# show tls fingerprint MD5: C4:BC:F2:92:C2:E2:4D:EB:92:0F:E4:86:53:6A:C6:01 SHA1: 64:9B:AC:DE:21:62:0C:D3:57:2E:9B:E5:3D:04:8F:A7:FD:CD:6F:27 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 153: Verifying Initialization
Installing and Using Cisco Intrusion Prevention System Device Manager 5.0 – Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface – Verifying Initialization After you have run the setup command, you should verify that your sensor has been initialized correctly.
Page 154 MD5: C4:BC:F2:92:C2:E2:4D:EB:92:0F:E4:86:53:6A:C6:01 SHA1: 64:9B:AC:DE:21:62:0C:D3:57:2E:9B:E5:3D:04:8F:A7:FD:CD:6F:27 Step 4 Write down the certificate fingerprints. You will need these to check the authenticity of the certificate when connecting to this sensor with a web browser. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 78-16124-01...
Page 155 C H A P T E R Obtaining Software This chapter provides information on obtaining Cisco IPS software for the sensor. It contains the following sections: Obtaining Cisco IPS Software, page 10-1 • • IPS Software Versioning, page 10-2 •...
Page 156: Obtaining Software
Click Agree to accept the software download rules. Step 10 The first time you download a file from Cisco.com, you must fill in the Encryption Software Export Distribution Authorization form before you can download the software. Fill out the form and click Submit.
Page 157: Ips Software Image Naming Conventions
A major version upgrade contains new functionality or an architectural change in the product. For example, the Cisco IPS 5.0 base version release includes everything since the previous major release (the minor version features, service pack fixes, and signature updates) plus any new changes. Major upgrade 5.0(1) requires 4.1.
Page 158: 5.X Software Release Examples
Platform-Independent Release Examples Supported Release Target Frequency Identifier Platform Example File Name Signature update Weekly IPS-sig-S70-minreq-5.0-1.pkg Service pack Semi-annually IPS-K9-sp-5.0-2.pkg or as needed Minor version Annually IPS-K9-min-5.1-1.pkg Major version Annually IPS-K9-maj-5.0-1.pkg Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 10-4 78-16124-01...
Page 159: Upgrading Cisco Ips Software From 4.1 To
IDSM-2 (WS-SVC-IDSM2-K9), which supports Cisco IPS 5.0. The minimum required version for upgrading to 5.0 is 4.1(1). The upgrade from Cisco 4.1 to 5.0 is available as a download from Cisco.com. For the procedure for accessing Downloads on Cisco.com, see Obtaining Cisco IPS Software, page 10-1.
Page 160: Obtaining A License Key From Cisco.com
Caution password are reset to cisco. Obtaining a License Key From Cisco.com This section describes how to obtain a license key from Cisco.com and how to install it using the CLI or IDM. It contains the following topics: • Overview, page 10-6 •...
Page 161: Service Programs For Ips Products
Service Programs for IPS Products You must have a Cisco Services for IPS service contract for any IPS product so that you can download a license key and obtain the latest IPS signature updates. If you have a direct relationship with Cisco Systems, contact your account manager or service account manager to purchase the Cisco Services for IPS service contract.
Page 162: Obtaining And Installing The License Key
ASA-SSM-AIP-10-K9, you must now purchase the Cisco Services for IPS service contract. After you have the Cisco Services for IPS service contract, you must also have your product serial number to apply for the license key. For the procedure, see...
Page 163: Using The Cli
Check the Cisco Connection Online check box to obtain the license from Cisco.com. • IDM contacts the license server on Cisco.com and sends the server the serial number to obtain the license key. This is the default method. Go to Step 4.
Page 164 Apply for the license key at this URL: www.cisco.com/go/license. Step 1 You must have a Cisco Services for IPS service contract before you can apply for a license key. Note For more information, see Service Programs for IPS Products, page 10-7.
Page 165: Cisco Ips Active Update Bulletins
Password: ******* sensor# Cisco IPS Active Update Bulletins You can subscribe to Cisco IPS Active Update Bulletins on Cisco.com to receive e-mails when signature updates and service pack updates occur. To receive bulletins about updates, follow these steps: Log in to Cisco.com.
Page 166: Accessing Ips Documentation
Choose your country from the drop-down menu. Enter your e-mail address in the E-mail field. Step 9 Check the check box if you want to receive further information about Cisco products and offerings by e-mail. Step 10 Fill in the optional information if desired.
Page 167: Cisco Security Center
You should be aware of the most recent security threats so that you can most effectively secure and manage your network. The Cisco Security Center contains the top ten intelligence reports listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Page 168 Chapter 10 Obtaining Software Cisco Security Center Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 10-14 78-16124-01...
Page 169: G L O S S A R Y
SSH version 1.5. Used when establishing an SSH session with the sensor. It can be used when the sensor is managing a device. authentication, authorization, and accounting. A Cisco IOS software and PIX Firewall command for controlling how users can log in to a router or a PIX Firewall.
Page 170 Typically, APIs make it easier for software developers to create links that an application needs to communicate with the operating system or with the network. Any program (process) designed to run in the Cisco IPS environment. application A specific application running on a specific piece of hardware in the IPS environment. An application application instance instance is addressable by its name and the IP address of its host computer.
Page 171 Cisco Intrusion Detection Event Exchange. Specifies the extensions to SDEE that are used by Cisco CIDEE IPS systems. The CIDEE standard specifies all possible extensions that may be supported by Cisco IPS systems. The header that is attached to each packet in the IPS system. It contains packet classification, packet CIDS header length, checksum results, timestamp, and the receive interface.
Page 172 Address of a network device that is receiving data. destination address Deny Filters Processor. Handles the deny attacker functions. It maintains a list of denied source IP addresses. Dual In-line Memory Modules. DIMM. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-4 78-16124-01...
Page 173 The XML entity written to the Event Store that represents an alert. evIdsAlert A signature is not fired when offending traffic is detected. false negative Normal traffic or a benign action causes a signature to fire. false positive Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-5 78-16124-01...
Page 174 Greenwich Mean Time. Time zone at zero degrees longitude. Now called Coordinated Universal Time (UTC). An ITU standard that governs H.225.0 session establishment and packetization. H.225.0 actually H.225.0 describes several different protocols: RAS, use of Q.931, and use of RTP. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-6 78-16124-01...
Page 175 Describes the messages transferred over the command and control interface between IPS applications. IPS data or message Intrusion Detection System Module. A switching module that performs intrusion detection in the IDSM-2 Catalyst 6500 series switch. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-7 78-16124-01...
Page 176 Remote access, back door Trojan, ICMP tunneling software. When the computer is infected, the LOKI malicious code creates an ICMP tunnel that can be used to send small payload ICMP replies Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-8 78-16124-01...
Page 177 Hash Algorithm (SHA) are variations on MD4 and strengthen the security of the MD4 hashing algorithm. Cisco uses hashes for authentication within the IPSec framework. Also used for message authentication in SNMP v.2. MD5 verifies the integrity of the communication, authenticates the origin, and checks for timeliness.
Page 178 Feature that permits you to add, replace, or remove cards without interrupting the system power, entering console commands, or causing other software or interfaces to shutdown. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-10 78-16124-01...
Page 179 OSI term for packet. See also BPDU and packet. Cisco Product Evolution Program. PEP is the UDI information that consists of the PID, the VID, and the SN of your sensor. PEP provides hardware version and serial number visibility through electronic query, product labels, and shipping items.
Page 180 Router Switch Module. A router module that is installed in a Catalyst 5000 switch. It functions exactly like a standalone router. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-12 78-16124-01...
Page 181 Signature Analysis Processor. Dispatches packets to the inspectors that are not stream-based and that are configured for interest in the packet in process. Simple Certificate Enrollment Protocol. The Cisco Systems PKI communication protocol that SCEP leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment protocol.
Page 182 Server Message Block. File-system protocol used in LAN manager and similar NOSs to package data and exchange information with other systems. Serial Number. Part of the UDI. The SN is the serial number of your Cisco product. Deals with specific protocols, such as DNS, FTP, H255, HTTP, IDENT, MS RPC, MS SL. NTP, RPC, SERVICE engine SMB, SNMP, and SSH.
Page 183 Network device that filters, forwards, and floods frames based on the destination address of each frame. switch The switch operates at the data link layer of the OSI model. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-15 78-16124-01...
Page 184 IDS-4250-TX appliance when the XL card is not present. On the IDSM-2 the TCP reset interface is designated as port 1 with Catalyst software, and is not visible to the user in Cisco IOS software. The TCP reset action is only appropriate as an action selection on those signatures that are associated with a TCP-based service.
Page 185 Adjusting signature parameters to modify an existing signature. tune Unique Device Identifier. Provides a unique identity for every Cisco product. The UDI is composed of the PID, VID, and SN. The UDI is stored in the Cisco IPS ID PROM.
Page 186 IP level. One or more attributes of a computer or a network that permit a subject to initiate patterns of misuse vulnerability on that computer or network. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-18 78-16124-01...
Page 187 Standard that defines information contained in a certificate. X.509 eXtensible Markup Language. Textual file format used for data interchange between heterogeneous hosts. Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-19 78-16124-01...
Page 188 Glossary Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 GL-20 78-16124-01...
Page 189: I N D E X
TCP reset described indicators active update bulletins subscribing 10-11 installing XL cards 4-13 AIP-SSM managers described 1-11 models indicators restrictions installing setting up a terminal server memory specifications SPAN Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-1 78-16124-01...
Page 190 Encryption Software Export Distribution 10-1 Authorization 10-2 downloading software updates 10-6 ESD environment working in 1-19 IPS software 10-1 Event Store clearing events 1-16 software downloads 10-1 Cisco.com account 10-6 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-2 78-16124-01...
Page 191 (figure) removing 4-10 indicators described installing front panel (figure) IDS-4215 indicators 4FE card installing installing 3-22 power supply 4-10 removing 3-20 procedure accessories SCSI hard-disk drives 4-17 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-3 78-16124-01...
Page 192 4-28 9-1, 9-2 flush-mount installations inline mode described 4-29 1-3, 1-4 unsupported models inline pairs described IDSM-2 installation preparation 1-16 described installing 1-12 enabling full memory tests AIP-SSM Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-4 78-16124-01...
Page 193 1-12, 8-1, 8-4, 8-5, 8-6, 8-8, 8-9, 8-10, 8-11 front panel figure indicators installing Network Timing Protocol see NTP rack mounting NM-CIDS specifications blank panels 8-11 IPS software described 1-12 available files 10-1 front panel obtaining 10-1 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-5 78-16124-01...
Page 194 1 command NM-CIDS site guidelines 1-17 SCSI hard-disk drives 4-16 slot assignments requirements AIP-SSM IDSM-2 resetting IDSM-2 7-13 supervisor engines RJ-45 cable pinouts 1-22 software downloads Cisco.com 10-1 Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-6 78-16124-01...
Page 195 TCP reset interface understanding time on the sensor 1-14 unsupported sensors upgrading 4.1 to 5.0 10-5 minimum required version 10-5 URLs for Cisco Security Center 10-13 using TCP reset interface Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-7 78-16124-01...
Page 196 Index Installing Cisco Intrusion Prevention System Appliances and Modules 5.0 IN-8 78-16124-01...

This manual is also suitable for:

Ids-4210 Ids-4215 Ids-4235 Ids-4250 Idsm-2 Ips-4240 ... Show all

Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Installation Manual

Chapter 1 Introducing the Sensor

Installing IDS-4210

Installing IDS-4215

Specifications

Accessories

Surface Mounting

Rack Mounting

Installing IDS-4215

Upgrading the BIOS and ROMMON

Removing and Replacing the Chassis Cover

Removing and Replacing the IDE Hard-Disk Drive

Removing and Replacing the Compact Flash Device

CHAPTER 4 Installing IDS-4235 and IDS-4250

Step 1

Installing the Slide Assemblies

Installing the Appliance in the Rack

Installing the Cable-Management Arm

Routing the Cables

CHAPTER 5 Installing IPS-4240 and IPS-4255

Front and Back Panel Features

Specifications

Accessories

Rack Mounting

Installing IPS-4240 and IPS-4255

Chapter 6 Installing AIP-SSM

Installing AIP-SSM

Installing IDSM-2

Chapter 8 Installing NM-CID

Chapter 9 Initializing the Sensor

Chapter 10 Obtaining Software

G L O S S a R y

I N D E X

Quick Links

Related Manuals for Cisco IPS-4240-K9 - Intrusion Protection Sys 4240

Summary of Contents for Cisco IPS-4240-K9 - Intrusion Protection Sys 4240

This manual is also suitable for:

Table of Contents