Cisco 4215 - Intrusion Detection Sys Sensor Manuals

Manuals and User Guides for Cisco 4215 - Intrusion Detection Sys Sensor. We have 1 Cisco 4215 - Intrusion Detection Sys Sensor manual available for free PDF download: Configuration Manual

Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual (536 pages)

Configuration Guide  
Brand: Cisco | Category: Other | Size: 5 MB
Table of contents
Table Of Contents3................................................................................................................................................................
Overview21................................................................................................................................................................
Sensor Configuration Task Flow22................................................................................................................................................................
User Roles23................................................................................................................................................................
Cli Behavior24................................................................................................................................................................
Command Line Editing25................................................................................................................................................................
Ips Command Modes26................................................................................................................................................................
Regular Expression Syntax27................................................................................................................................................................
General Cli Commands29................................................................................................................................................................
Cli Keywords29................................................................................................................................................................
Supported User Roles31................................................................................................................................................................
Logging In To The Appliance32................................................................................................................................................................
Setting Up A Terminal Server33................................................................................................................................................................
Logging In To Idsm-234................................................................................................................................................................
Logging In To Nm-cids35................................................................................................................................................................
Logging In To Aip-ssm37................................................................................................................................................................
Logging In To The Sensor38................................................................................................................................................................
Chapter 3 Initializing The Sensor40................................................................................................................................................................
Initializing The Sensor41................................................................................................................................................................
Verifying Initialization46................................................................................................................................................................
Changing Network Settings47................................................................................................................................................................
Changing The Hostname48................................................................................................................................................................
Changing The Access List51................................................................................................................................................................
Changing The Ftp Timeout53................................................................................................................................................................
Adding A Login Banner54................................................................................................................................................................
Changing Web Server Settings55................................................................................................................................................................
Configuring User Parameters57................................................................................................................................................................
Adding And Removing Users57................................................................................................................................................................
Password Recovery59................................................................................................................................................................
Creating The Service Account59................................................................................................................................................................
Configuring Passwords60................................................................................................................................................................
Changing User Privilege Levels61................................................................................................................................................................
Viewing User Status62................................................................................................................................................................
Configuring Account Locking63................................................................................................................................................................
Configuring Time64................................................................................................................................................................
Time Sources And The Sensor64................................................................................................................................................................
Correcting Time On The Sensor66................................................................................................................................................................
Configuring Time On The Sensor67................................................................................................................................................................
System Clock67................................................................................................................................................................
Configuring Summertime Settings68................................................................................................................................................................
Configuring Timezones Settings73................................................................................................................................................................
Configuring Ntp73................................................................................................................................................................
About Ssh76................................................................................................................................................................
Adding Hosts To The Known Hosts List77................................................................................................................................................................
Adding Ssh Authorized Public Keys78................................................................................................................................................................
Generating A New Ssh Server Key80................................................................................................................................................................
Configuring Tls80................................................................................................................................................................
About Tls80................................................................................................................................................................
Adding Tls Trusted Hosts81................................................................................................................................................................
Cisco Intrusion Prevention System Sensor Cli Configuration Guide For Ips86................................................................................................................................................................
Understanding Interfaces87................................................................................................................................................................
Interface Support88................................................................................................................................................................
Promiscuous Mode90................................................................................................................................................................
Understanding Tcp Reset90................................................................................................................................................................
Configuring Promiscuous Mode90................................................................................................................................................................
Inline Mode93................................................................................................................................................................
Understanding Inline Mode93................................................................................................................................................................
Configuring Inline Mode93................................................................................................................................................................
Understanding Bypass Mode95................................................................................................................................................................
Configuring Bypass Mode96................................................................................................................................................................
Configuring Interface Notifications96................................................................................................................................................................
About Event Action Rules99................................................................................................................................................................
Signature Event Action Processor100................................................................................................................................................................
Event Actions101................................................................................................................................................................
About Event Action Variables103................................................................................................................................................................
Configuring Event Action Variables103................................................................................................................................................................
Calculating The Risk Rating104................................................................................................................................................................
Configuring Target Value Ratings105................................................................................................................................................................
Event Action Overrides105................................................................................................................................................................
About Event Action Overrides105................................................................................................................................................................
Configuring Event Action Overrides106................................................................................................................................................................
Event Action Filters107................................................................................................................................................................
About Event Action Filters107................................................................................................................................................................
Configuring Event Action Filters108................................................................................................................................................................
General Settings112................................................................................................................................................................
About General Settings113................................................................................................................................................................
Event Action Summarization113................................................................................................................................................................
Event Action Aggregation113................................................................................................................................................................
Deny Attackers114................................................................................................................................................................
Configuring The General Settings114................................................................................................................................................................
Clearing The Denied Attackers List116................................................................................................................................................................
Event Action Rules Example117................................................................................................................................................................
About Signatures119................................................................................................................................................................
Signature Variables120................................................................................................................................................................
About Signature Variables120................................................................................................................................................................
Configuring Signature Variables120................................................................................................................................................................
Configuring Signatures121................................................................................................................................................................
Configuring General Signature Parameters122................................................................................................................................................................
Configuring Alert Frequency123................................................................................................................................................................
Configuring Alert Severity124................................................................................................................................................................
Configuring Event Counter126................................................................................................................................................................
Configuring Signature Fidelity Rating127................................................................................................................................................................
Configuring The Status Of Signatures128................................................................................................................................................................
Assigning Actions To Signatures129................................................................................................................................................................
Configuring Aic Signatures130................................................................................................................................................................
Configuring The Application Policy131................................................................................................................................................................
Aic Request Method Signatures133................................................................................................................................................................
Aic Mime Define Content Type Signatures134................................................................................................................................................................
Aic Transfer Encoding Signatures137................................................................................................................................................................
Aic Ftp Commands Signatures138................................................................................................................................................................
Ip Fragment Reassembly140................................................................................................................................................................
Configuring Ip Fragment Reassembly Parameters140................................................................................................................................................................
Configuring The Mode For Tcp Stream Reassembly145................................................................................................................................................................
Configuring Ip Logging146................................................................................................................................................................
Creating Custom Signatures147................................................................................................................................................................
Sequence For Creating A Custom Signature147................................................................................................................................................................
Example String.tcp Signature148................................................................................................................................................................
Example Service.http Signature150................................................................................................................................................................
Example Meg Signature151................................................................................................................................................................
Example Aic Mime-type Signature154................................................................................................................................................................
About Ip Logging157................................................................................................................................................................
Configuring Automatic Ip Logging158................................................................................................................................................................
Configuring Manual Ip Logging For A Specific Ip Address Stopping Active Ip Logs159................................................................................................................................................................
Copying Ip Log Files To Be Viewed162................................................................................................................................................................
About Packet Display And Capture165................................................................................................................................................................
Displaying Live Traffic On An Interface166................................................................................................................................................................
Capturing Live Traffic On An Interface168................................................................................................................................................................
Copying The Packet File170................................................................................................................................................................
Erasing The Packet File171................................................................................................................................................................
Understanding Blocking173................................................................................................................................................................
Blocking Prerequisites175................................................................................................................................................................
Supported Blocking Devices175................................................................................................................................................................
Configuring Blocking Properties176................................................................................................................................................................
Allowing The Sensor To Block Itself176................................................................................................................................................................
Disabling Blocking178................................................................................................................................................................
Setting Maximum Block Entries180................................................................................................................................................................
Setting The Block Time182................................................................................................................................................................
Enabling Acl Logging183................................................................................................................................................................
Enabling Writing To Nvram184................................................................................................................................................................
Logging All Blocking Events And Errors185................................................................................................................................................................
Configuring User Profiles189................................................................................................................................................................
Configuring Blocking Devices190................................................................................................................................................................
How The Sensor Manages Devices190................................................................................................................................................................
Configuring The Sensor To Manage Cisco Routers191................................................................................................................................................................
Routers And Acls191................................................................................................................................................................
Routers193................................................................................................................................................................
Switches And Vacls193................................................................................................................................................................
Configuring The Sensor To Manage Cisco Firewalls196................................................................................................................................................................
Configuring The Sensor To Be A Master Blocking Sensor197................................................................................................................................................................
Configuring Manual Blocking199................................................................................................................................................................
Obtaining A List Of Blocked Hosts And Connections200................................................................................................................................................................
About Snmp203................................................................................................................................................................
Configuring Snmp204................................................................................................................................................................
Configuring Snmp Traps206................................................................................................................................................................
Supported Mibs208................................................................................................................................................................
Displaying The Current Configuration209................................................................................................................................................................
Displaying The Current Submode Configuration211................................................................................................................................................................
Filtering The Current Configuration Output217................................................................................................................................................................
Filtering The Current Submode Configuration Output219................................................................................................................................................................
Displaying The Contents Of A Logical File221................................................................................................................................................................
Creating A Banner Login227................................................................................................................................................................
Terminating Cli Sessions228................................................................................................................................................................
Modifying Terminal Properties229................................................................................................................................................................
Events230................................................................................................................................................................
Displaying Events230................................................................................................................................................................
Clearing Events From The Event Store233................................................................................................................................................................
Displaying The System Clock233................................................................................................................................................................
Manually Setting The Clock234................................................................................................................................................................
Displaying Statistics236................................................................................................................................................................
Displaying Tech Support Information244................................................................................................................................................................
Displaying Version Information245................................................................................................................................................................
Directing Output To A Serial Connection247................................................................................................................................................................
Diagnosing Network Connectivity248................................................................................................................................................................
Resetting The Appliance249................................................................................................................................................................
Displaying Command History250................................................................................................................................................................
Displaying Hardware Inventory250................................................................................................................................................................
Tracing The Route Of An Ip Packet251................................................................................................................................................................
Displaying Submode Settings252................................................................................................................................................................
Chapter 14 Configuring Aip-ssm258................................................................................................................................................................
Configuration Sequence258................................................................................................................................................................
Verifying Idsm-2 Installation264................................................................................................................................................................
Catalyst Software266................................................................................................................................................................
Cisco Ios Software268................................................................................................................................................................
Configuring Span270................................................................................................................................................................
Configuring Vacls273................................................................................................................................................................
Configuring The Mls Ip Ids Command276................................................................................................................................................................
Configuring Etherchanneling282................................................................................................................................................................
Enabling Etherchanneling282................................................................................................................................................................
Disabling Etherchanneling284................................................................................................................................................................
Verifying Etherchanneling285................................................................................................................................................................
Administrative Tasks For Idsm-2286................................................................................................................................................................
Enabling Full Memory Tests286................................................................................................................................................................
Resetting Idsm-2288................................................................................................................................................................
Catalyst And Cisco Ios Software Commands289................................................................................................................................................................
Supported Supervisor Engine Commands290................................................................................................................................................................
Unsupported Supervisor Engine Commands291................................................................................................................................................................
Exec Commands292................................................................................................................................................................
Configuration Commands293................................................................................................................................................................
Configuring Ids-sensor Interfaces On The Router296................................................................................................................................................................
Establishing Nm-cids Sessions297................................................................................................................................................................
Sessioning To Nm-cids298................................................................................................................................................................
Telneting To Nm-cids299................................................................................................................................................................
Configuring Packet Capture299................................................................................................................................................................
Supported Cisco Ios Commands302................................................................................................................................................................
Upgrading The Sensor304................................................................................................................................................................
Upgrade Command And Options304................................................................................................................................................................
Using The Upgrade Command305................................................................................................................................................................
Upgrading The Recovery Partition306................................................................................................................................................................
Configuring Automatic Upgrades307................................................................................................................................................................
Unix-style Directory Listings307................................................................................................................................................................
Auto-upgrade Command And Options308................................................................................................................................................................
Using The Auto-upgrade Command309................................................................................................................................................................
Downgrading The Sensor310................................................................................................................................................................
Recovering The Application Partition311................................................................................................................................................................
Using The Recover Command311................................................................................................................................................................
Installing System Images312................................................................................................................................................................
Installing The Ids-4215 System Image313................................................................................................................................................................
Upgrading The Ids-4215 Bios And Rommon315................................................................................................................................................................
Installing The Nm-cids System Image321................................................................................................................................................................
Upgrading The Bootloader324................................................................................................................................................................
Installing The Idsm-2 System Image327................................................................................................................................................................
Installing The System Image327................................................................................................................................................................
Configuring The Maintenance Partition329................................................................................................................................................................
Upgrading The Maintenance Partition337................................................................................................................................................................
Installing The Aip-ssm System Image338................................................................................................................................................................
Ips Software Image Naming Conventions342................................................................................................................................................................
X Software Release Examples344................................................................................................................................................................
Obtaining A License Key From Cisco.com346................................................................................................................................................................
Service Programs For Ips Products347................................................................................................................................................................
Installing The License Key348................................................................................................................................................................
Using Idm348................................................................................................................................................................
Using The Cli349................................................................................................................................................................
Cisco Security Center351................................................................................................................................................................
Cisco Ips Active Update Bulletins351................................................................................................................................................................
Accessing Ips Documentation352................................................................................................................................................................

Advertisement

Share and save

Advertisement