Download Print this page
Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Getting Started Manual
Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Getting Started Manual

Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Getting Started Manual

Getting started with cisco ios ips with 5.x format signatures
Hide thumbs Also See for IPS-4240-K9 - Intrusion Protection Sys 4240:

Advertisement

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Getting Started with Cisco IOS IPS with 5.x Format
Signatures: A Step-by-Step Guide
This guide is divided into two sections: Getting Started with Cisco IOS
Tuning.
The first section of the guide provides a detailed step-by-step process using the Cisco IOS
Software command-line interface (CLI) to get started in using the Cisco IOS IPS 5.x format
signatures. It contains the following five steps:
Step 1: Downloading Cisco IOS IPS Files
Step 2: Creating Directory on Flash
Step 3: Configuring Cisco IOS IPS Crypto Key
Step 4: Enabling Cisco IOS IPS
Step 5: Loading Signatures to Cisco IOS IPS
Each step and specific commands are described. The Additional Commands and References
section under each step provides additional information. Example configurations are displayed in a
box below each command.
The second section of the guide provides instructions and examples on advanced options for
signature tuning. Topics include:
Enable/Disable Signatures
Retire/Unretire Signatures
Change Signature Actions
Prerequisites
Before getting started with the above steps, ensure that you have the following:
A Cisco 870, 1800, 2800, or 3800 Series Integrated Services Router
128 MB or more DRAM and at least 2 MB free flash memory
Console or Telnet connectivity to the router
Cisco IOS Software Release 12.4(11)T or later
A valid Cisco.com login username and password
A current Cisco Services for IPS Contract for licensed signature update services
You should be familiar with basic router commands for:
Exec mode
Configure mode
Exit configure mode
Backup and restore configuration
White Paper
®
IPS and Signature
Page 1 of 12

Advertisement

loading

Summary of Contents for Cisco IPS-4240-K9 - Intrusion Protection Sys 4240

  • Page 1 You should be familiar with basic router commands for: Exec mode Configure mode Exit configure mode Backup and restore configuration All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12...
  • Page 2 Step 2.1 To create a directory, enter the following command at the router prompt: mkdir <directory name> training#mkdir ipsstore Create directory filename [ipsstore]? Created dir flash:ipsstore All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 12...
  • Page 3 Remove directory filename [ips]? Delete flash:ips? [confirm] Removed dir flash:ips training#mkdir ipsstore Create directory filename [ipsstore]? Created dir flash:ipsstore All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 12...
  • Page 4 White Paper 3 Configuring Cisco IOS IPS Crypto Key The third step is to configure the crypto key used by Cisco IOS IPS. This key is located in the realm-cisco.pub.key.txt file that was downloaded to the PC from Cisco.com. Step 3.1 Open the text file and copy the contents of the file Step 3.2 Enter ‘configure terminal’...
  • Page 5 Step 4.3 Enable IPS SDEE event notification: ip ips notify sdee training(config)#ip ips notify sdee All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 12...
  • Page 6 5 Loading Signatures to Cisco IOS IPS The last step is to load the signatures into Cisco IOS IPS. In the following example, we start a TFTP server on the PC and put the Cisco IOS IPS signature package under the TFTP directory.
  • Page 7 An error message such as: %IPS-3-INVALID_DIGITAL_SIGNATURE: Invalid Digital Signature found (key not found) means the public crypto key is invalid. Refer to “Configuring Cisco IOS IPS Crypto Key” (Step 3) to reconfigure the public crypto key.
  • Page 8 All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 12...
  • Page 9 6130 10 training(config-sigdef-sig)#status training(config-sigdef-sig-status)#enabled false training(config-sigdef-sig-status)#exit training(config-sigdef-sig)#exit training(config-sigdef)#exit Do you want to accept these changes? [confirm]y training(config)# All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 12...
  • Page 10 7 Retire/Unretire Signatures You can use the Cisco IOS Software CLI to retire or unretire one signature or a group of signatures based on signature categories. Retiring a signature means Cisco IOS IPS will not compile that signature into memory for scanning.
  • Page 11 Do you want to accept these changes? [confirm]y training(config)# All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 12...
  • Page 12 Do you want to accept these changes? [confirm]y training(config)# Additional Commands and References Cisco IOS IPS Configuration Guide: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html Printed in USA C11-390389-00 1/07 All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 12...

This manual is also suitable for:

Ios