Configuring Ids-Sensor Interfaces On The Router - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring IDS-Sensor Interfaces on the Router

Caution You should carefully consider whether you want to create a service account. The service account
provides shell access to the system, which makes the system vulnerable. However, you can use the
service account to create a new password if the Administrator password is lost. Analyze your situation
to decide if you want a service account existing on the system.
6.
7.
8.
9.
10.
Configuring IDS-Sensor Interfaces on the Router
NM-CIDS does not have an external console port. Console access to NM-CIDS is enabled when you
issue the service-module ids-module slot_number/0 session command on the router, or when you
initiate a Telnet connection into the router with the port number corresponding to the NM-CIDS slot.
The lack of an external console port means that the initial bootup configuration is possible only through
the router.
When you issue the service-module ids-sensor slot_number/0 session command, you create a console
session with NM-CIDS, in which you can issue any IPS configuration commands. After completing
work in the session and exiting the IPS CLI, you are returned to Cisco IOS CLI.
The session command starts a reverse Telnet connection using the IP address of the ids-sensor interface.
The ids-sensor interface is an interface between NM-CIDS and the router. You must assign an IP address
to the ids-sensor interface before invoking the session command. Assigning a routable IP address can
make the ids-sensor interface itself vulnerable to attacks. To counter that vulnerability, a loopback IP
address is assigned to the ids-sensor interface.
To configure the NM-CIDS interfaces, follow these steps:
Confirm the NM-CIDS slot number in your router:
Step 1
router # show interfaces ids-sensor slot_number/0
Note
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
16-2
For the procedure, see Creating the Service Account, page
Perform the other initial tasks, such as adding users, trusted hosts, and so forth.
For the procedures, see Chapter 4, "Initial Configuration Tasks."
Configure intrusion detection.
For the procedures, see Chapter 6, "Configuring Event Action Rules," Chapter 7, "Defining
Signatures," and Chapter 10, "Configuring Blocking."
Perform administrative tasks to keep your NM-CIDS running smoothly.
For the procedures, see Chapter 13, "Administrative Tasks for the Sensor,"
for NM-CIDS, page 16-7.
Upgrade the IPS software with new signature updates and service packs.
For more information, see
Reimage the boot helper and bootloader when needed.
For the procedures, see Installing the NM-CIDS System Image, page
You can also use the show run command. Look for "IDS-Sensor" and the slot number.
Obtaining Cisco IPS Software, page
Chapter 16 Configuring NM-CIDS
4-13.
and Administrative Tasks
18-1.
17-19.
78-16527-01