Cisco 4215 - Intrusion Detection Sys Sensor Manuals

Manuals and User Guides for Cisco 4215 - Intrusion Detection Sys Sensor. We have 2 Cisco 4215 - Intrusion Detection Sys Sensor manuals available for free PDF download: Configuration Manual, Hardware Installation Manual

Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual (536 pages)

Configuration Guide

Brand: Cisco | Category: Other | Size: 5 MB

Table of Contents
3
CHAPTER 1 Introducing the CLI Configuration Guide1-1

21
- Overview
  21
- Sensor Configuration Task Flow
  22
- User Roles
  23
- CLI Behavior
  24
- Command Line Editing
  25
- IPS Command Modes
  26
- Regular Expression Syntax
  27
- General CLI Commands
  29
- CLI Keywords
  29
CHAPTER 2 Logging in to the Sensor

31
- Overview
  31
- Supported User Roles
  31
- Logging in to the Appliance
  32
- Setting up a Terminal Server
  33
- Logging in to IDSM-2
  34
- Logging in to NM-CIDS
  35
- Logging in to AIP-SSM
  37
- Logging in to the Sensor
  38
Chapter 3 Initializing the Sensor

39
- Overview
  39
- System Configuration Dialog
  39
- Initializing the Sensor
  40
- Initializing the Sensor
  41
- Verifying Initialization
  45
CHAPTER 4 Initial Configuration Tasks4-1

47
- Changing Network Settings
  47
- Changing Web Server Settings
  55
- Configuring User Parameters
  57
  - Adding and Removing Users
    57
  - Password Recovery
    59
  - Creating the Service Account
    59
  - Configuring Passwords
    60
  - Changing User Privilege Levels
    61
  - Viewing User Status
    62
  - Configuring Account Locking
    63
- Configuring Time
  64
- Configuring SSH
  76
- Configuring TLS
  80
- Installing the License Key
  83
- Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS
  86
CHAPTER 5 Configuring Interfaces5-1

87
- Understanding Interfaces
  87
- Interface Support
  88
- Promiscuous Mode
  90
- Inline Mode
  93
  - Understanding Inline Mode
    93
  - Configuring Inline Mode
    93
- Assigning Interfaces to the Virtual Sensor
  94
- Bypass Mode
  95
  - Understanding Bypass Mode
    95
  - Configuring Bypass Mode
    96
- Configuring Interface Notifications
  96
CHAPTER 6 Configuring Event Action Rules6-1

99
- About Event Action Rules
  99
- Signature Event Action Processor
  100
- Event Actions
  101
- Task List for Configuring Event Action Rules
  102
- Event Action Variables
  102
  - About Event Action Variables
    103
  - Configuring Event Action Variables
    103
- Calculating the Risk Rating
  104
- Configuring Target Value Ratings
  105
- Event Action Overrides
  105
  - About Event Action Overrides
    105
  - Configuring Event Action Overrides
    106
- Event Action Filters
  107
  - About Event Action Filters
    107
  - Configuring Event Action Filters
    108
- General Settings
  112
  - About General Settings
    113
  - Event Action Summarization
    113
  - Event Action Aggregation
    113
  - Deny Attackers
    114
- Configuring the General Settings
  114
- Clearing the Denied Attackers List
  116
- Event Action Rules Example
  117
Chapter 7 Defining Signatures

119
- About Signatures
  119
- Signature Variables
  120
  - About Signature Variables
    120
  - Configuring Signature Variables
    120
- Configuring Signatures
  121
  - Configuring General Signature Parameters
    122
  - Configuring Alert Frequency
    123
  - Configuring Alert Severity
    124
  - Configuring Event Counter
    126
  - Configuring Signature Fidelity Rating
    127
  - Configuring the Status of Signatures
    128
  - Assigning Actions to Signatures
    129
  - Configuring AIC Signatures
    130
    
    Overview
    130
    
    Configuring the Application Policy
    131
    
    AIC Request Method Signatures
    133
    
    AIC MIME Define Content Type Signatures
    134
    
    AIC Transfer Encoding Signatures
    137
    
    AIC FTP Commands Signatures
    138
  - IP Fragment Reassembly
    140
    
    Configuring IP Fragment Reassembly Parameters
    140
    
    Configuring the Method for IP Fragment Reassembly
    140
    
    Overview
    140
  - Configuring TCP Stream Reassembly
    142
    
    Configuring TCP Stream Reassembly Parameters
    142
    
    Configuring the Mode for TCP Stream Reassembly
    142
    
    Overview
    142
  - Configuring IP Logging
    146
- Creating Custom Signatures
  147
  - Sequence for Creating a Custom Signature
    147
  - Example STRING.TCP Signature
    148
  - Example SERVICE.HTTP Signature
    150
  - Example MEG Signature
    151
  - Example AIC MIME-Type Signature
    154
CHAPTER 8 Configuring IP Logging8-1

157
CHAPTER 9 Displaying and Capturing Live Traffic on an Interface9-1

165
- About Packet Display and Capture
  165
- Displaying Live Traffic on an Interface
  166
- Capturing Live Traffic on an Interface
  168
- Copying the Packet File
  170
- Erasing the Packet File
  171
CHAPTER 10 Configuring Blocking10-1

173
- Understanding Blocking
  173
- Blocking Prerequisites
  175
- Supported Blocking Devices
  175
- Configuring Blocking Properties
  176
  - Allowing the Sensor to Block Itself
    176
  - Disabling Blocking
    178
  - Setting Maximum Block Entries
    180
  - Setting the Block Time
    182
  - Enabling ACL Logging
    183
  - Enabling Writing to NVRAM
    184
  - Logging All Blocking Events and Errors
    185
  - Configuring the Maximum Number of Blocking Interfaces
    186
  - Configuring Addresses Never to Block
    187
- Configuring User Profiles
  189
- Configuring Blocking Devices
  190
  - How the Sensor Manages Devices
    190
  - Configuring the Sensor to Manage Cisco Routers
    191
    
    Routers and Acls
    191
  - Routers
    191
    
    Switches and Vacls
    193
  - Routers
    193
- Configuring the Sensor to Manage Cisco Firewalls
  196
- Configuring the Sensor to be a Master Blocking Sensor
  197
- Configuring Manual Blocking
  199
- Obtaining a List of Blocked Hosts and Connections
  200
Chapter 11 Configuring SNMP

203
- About SNMP
  203
- Configuring SNMP
  204
- Configuring SNMP Traps
  206
- Supported MIBS
  208
CHAPTER 12 Working with Configuration Files12-1

209
CHAPTER 13 Administrative Tasks for the Sensor

227
- Creating a Banner Login
  227
- Terminating CLI Sessions
  228
- Modifying Terminal Properties
  229
Events

230
- Displaying Events
  230
- Clearing Events from the Event Store
  233
- System Clock
  233
  - Displaying the System Clock
    233
  - Manually Setting the Clock
    234
- Clearing the Denied Attackers List
  234
- Displaying Statistics
  236
- Displaying Tech Support Information
  244
- Displaying Version Information
  245
  - Directing Output to a Serial Connection
    247
  - Diagnosing Network Connectivity
    248
  - Resetting the Appliance
    249
  - Displaying Command History
    250
  - Displaying Hardware Inventory
    250
  - Tracing the Route of an IP Packet
    251
  - Displaying Submode Settings
    252
- Configuring AIP-SSM
  257
  - Configuration Sequence
    257
  - Verifying AIP-SSM Initialization
    258
  - Sending Traffic to AIP-SSM
    258
    
    Overview
    258
Chapter 14 Configuring AIP-SSM

258
- Configuring ASA to Send IPS Traffic to AIP-SSM
  259
- Reloading, Shutting Down, Resetting, and Recovering AIP-SSM
  261
CHAPTER 15 Configuring IDSM-2

263
- Configuration Sequence
  263
- Verifying IDSM-2 Installation
  264
- Configuring the Catalyst 6500 Series Switch for Command and Control Access to IDSM-2
  266
  - Catalyst Software
    266
  - Cisco IOS Software
    268
- Configuring the Catalyst Series 6500 Switch for IDSM-2 in Promiscuous Mode
  269
  - Using the TCP Reset Interface
    269
  - Configuring SPAN
    270
    
    Catalyst Software
    270
    
    Cisco IOS Software
    272
  - Configuring VACLS
    273
    
    Catalyst Software
    274
    
    Cisco IOS Software
    275
  - Configuring the Mls Ip Ids Command
    276
    
    Catalyst Software
    277
    
    Cisco IOS Software
    277
- Configuring the Catalyst Series 6500 Switch for IDSM-2 in Inline Mode
  278
  - Catalyst Software
    279
  - Cisco IOS Software
    280
- Configuring Etherchanneling
  282
  - Overview
    282
- Enabling Etherchanneling
  282
- Disabling Etherchanneling
  284
- Verifying Etherchanneling
  285
- Administrative Tasks for IDSM-2
  286
  - Enabling Full Memory Tests
    286
    
    Catalyst Software
    286
    
    Cisco IOS Software
    287
  - Resetting IDSM-2
    288
    
    Catalyst Software
    288
    
    Catalyst Software
    289
    
    Cisco IOS Software
    289
- Catalyst and Cisco IOS Software Commands
  289
  - Supported Supervisor Engine Commands
    290
  - Unsupported Supervisor Engine Commands
    291
  - Cisco IOS Software
    291
    
    EXEC Commands
    291
    
    Configuration Commands
    293
CHAPTER 16 Configuring NM-CIDS16-1

295
- Configuration Sequence
  295
- Configuring IDS-Sensor Interfaces on the Router
  296
- Establishing NM-CIDS Sessions
  297
  - Sessioning to NM-CIDS
    298
  - Telneting to NM-CIDS
    299
- Configuring Packet Capture
  299
- Administrative Tasks for NM-CIDS
  301
  - Shutting Down, Reloading, and Resetting NM-CIDS
    301
  - Checking the Status of the Cisco IPS Software
    301
- Supported Cisco IOS Commands
  302
CHAPTER 17 Upgrading, Downgrading, and Installing System Images17-1

303
- Overview
  303
- Upgrading the Sensor
  304
  - Overview
    304
  - Upgrade Command and Options
    304
  - Using the Upgrade Command
    305
  - Upgrading the Recovery Partition
    306
- Configuring Automatic Upgrades
  307
  - Overview
    307
  - UNIX-Style Directory Listings
    307
  - Auto-Upgrade Command and Options
    308
  - Using the Auto-Upgrade Command
    309
  - Downgrading the Sensor
    310
  - Recovering the Application Partition
    311
    
    Overview
    311
    
    Using the Recover Command
    311
  - Installing System Images
    312
    
    Installing the IDS-4215 System Image
    313
    
    Overview
    313
    
    Upgrading the IDS-4215 BIOS and ROMMON
    315
    
    Installing the IPS-4240 and IPS-4255 System Image
    317
    
    Using the Recovery/Upgrade CD
    320
    
    Installing the NM-CIDS System Image
    321
    
    Overview
    321
    
    Installing the NM-CIDS System Image
    322
    
    Upgrading the Bootloader
    324
    
    Installing the IDSM-2 System Image
    327
    
    Installing the System Image
    327
    
    Configuring the Maintenance Partition
    329
    
    Upgrading the Maintenance Partition
    337
    
    Installing the AIP-SSM System Image
    338
Chapter 18 Obtaining Software

341
- Obtaining Cisco IPS Software
  341
  - IPS Software Image Naming Conventions
    342
  - 5.X Software Release Examples
    344
- Upgrading Cisco IPS Software to 5.0
  345
- Obtaining a License Key from Cisco.com
  346
  - Overview
    346
  - Service Programs for IPS Products
    347
  - Installing the License Key
    348
    
    Using IDM
    348
    
    Using the CLI
    348
- Cisco Security Center
  351
- Cisco IPS Active Update Bulletins
  351
- Accessing IPS Documentation
  352
Appendix

355
System Architecture

355
- System Overview
  355
  - System Design
    355
  - IPS 5.0 New Features
    357
  - User Interaction
    358
  - Security Features
    359
- Mainapp
  359
  - Mainapp Responsibilities
    360
  - Event Store
    361
    
    About Event Store
    361
    
    Event Data Structures
    362
    
    IPS Events
    362
  - Notificationapp
    363
  - Ctltranssource
    365
  - Network Access Controller
    366
    
    About Network Access Controller
    366
    
    Network Access Controller Features
    367
    
    Supported Blocking Devices
    369
    
    Acls and Vacls
    370
    
    Maintaining State Across Restarts
    370
    
    Connection-Based and Unconditional Blocking
    371
    
    Blocking with Cisco Firewalls
    372
    
    Blocking with Catalyst Switches
    373
- Logapp
  
  373
  - Authenticationapp
    374
    
    Authenticating Users
    374
    
    Authenticationapp Responsibilities
    374
    
    Configuring Authentication on the Sensor
    375
    
    Managing TLS and SSH Trust Relationships
    375
  - Sensorapp
    376
    
    Packet Flow
    376
    
    Responsibilities and Components
    376
- Seap
  
  377
  - Web Server
    376
  - New Features
    377
Cli

382
- User Roles
  382
- Service Account
  383
- CLI Behavior
  384
- Communications
  385
  - Idapi
    385
  - Rdep2
    385
  - Idiom
    385
  - Idconf
    385
  - Sdee
    385
  - Cidee
    385
- IPS 5.0 File Structure
  390
- Summary of IPS 5.0 Applications
  391
Appendix

393
Signature Engines

393
- About Signature Engines
  393
- MASTER Engine
  395
  - General Parameters
    395
  - Alert Frequency
    396
  - Event Actions
    397
- AIC Engine
  398
  - Overview
    398
  - AIC Engine Parameters
    398
- ATOMIC Engine
  400
  - ATOMIC.ARP Engine
    400
  - ATOMIC.IP Engine
    401
- FLOOD Engine
  402
- META Engine
  402
- NORMALIZER Engine
  403
  - Overview
    404
  - NORMALIZER Engine Parameters
    404
- SERVICE Engines
  405
  - SERVICE.DNS Engine
    405
  - SERVICE.FTP Engine
    407
  - SERVICE.GENERIC Engine
    408
  - SERVICE.H225 Engine
    408
    
    Overview
    409
    
    SERVICE.H255 Engine Parameters
    409
  - SERVICE.HTTP Engine
    411
    
    Overview
    411
    
    SERVICE.HTTP Engine Parameters
    411
  - SERVICE.IDENT Engine
    412
- SERVICE.MSRPC Engine
  413
  - Overview
    413
  - SERVICE.MSRPC Engine Parameters
    413
- SERVICE.MSSQL Engine
  414
- SERVICE.NTP Engine
  414
- SERVICE.RPC Engine
  415
- SERVICE SMB Engine
  416
- SERVICE.SNMP Engine
  418
- SERVICE.SSH Engine
  419
- STATE Engine
  419
- STRING Engines
  421
  - Overview
    421
  - STRING.ICMP Engine Parameters
    421
  - STRING.TPC Engine Parameters
    422
  - STRING-UDP Engine Parameters
    423
- SWEEP Engine
  423
- TRAFFIC ICMP Engine
  425
- TROJAN Engines
  426
Appendix

427
Troubleshooting

427
- Preventive Maintenance
  427
- Disaster Recovery
  427
- Password Recovery
  429
- Troubleshooting the 4200 Series Appliance
  429
  - Communication Problems
    430
    
    Cannot Access the Sensor CLI through Telnet or SSH
    430
    
    Misconfigured Access List
    432
    
    Duplicate IP Address Shuts Interface down
    433
  - Sensorapp and Alerting
    434
    
    Sensorapp Not Running
    434
    
    Physical Connectivity, SPAN, or VACL Port Issue
    436
    
    Unable to See Alerts
    437
    
    Sensor Not Seeing Packets
    439
    
    Cleaning up a Corrupted Sensorapp Configuration
    440
    
    Bad Memory on IDS-4250-XL
    441
  - Blocking
    441
    
    Troubleshooting Blocking
    441
    
    Verifying Network Access Controller Is Running
    442
    
    Verifying Network Access Controller Connections Are Active
    443
    
    Device Access Issues
    444
    
    Verifying the Interfaces and Directions on the Network Device
    445
    
    Enabling SSH Connections to the Network Device
    446
    
    Blocking Not Occurring for a Signature
    447
    
    Verifying the Master Blocking Sensor Configuration
    448
    
    Enabling Debug Logging
    449
    
    Logging
    449
    
    Zone Names
    453
    
    Directing Cidlog Messages to Syslog
    454
    
    TCP Reset Not Occurring for a Signature
    455
    
    Verifying the Sensor Is Synchronized with the NTP Server
    455
    
    IDS-4235 and IDS-4250 Hang During a Software Upgrade
    457
    
    Software Upgrades
    457
    
    Which Updates to Apply and Their Prerequisites
    457
    
    Issues with Automatic Update
    458
    
    Updating a Sensor with the Update Stored on the Sensor
    459
    
    UNIX-Style Directory Listings
    460
  - Troubleshooting IDM
    460
    
    Increasing the Memory Size of the Java Plug-In
    460
    
    Java Plug-In on Linux and Solaris
    461
    
    Java Plug-In on Windows
    461
    
    Cannot Launch IDM - Loading Java Applet Failed
    462
    
    Cannot Launch IDM -Analysis Engine Busy
    463
    
    IDM, Remote Manager, or Sensing Interfaces Cannot Access the Sensor
    463
    
    Signatures Not Producing Alerts
    464
  - Troubleshooting IDSM-2
    464
    
    Diagnosing IDSM-2 Problems
    464
    
    Switch Commands for Troubleshooting
    464
    
    Status LED off
    466
    
    Cannot Communicate with IDSM-2 Command and Control Port
    468
    
    Status LED on but IDSM-2 Does Not Come Online
    468
    
    Connecting a Serial Cable to IDSM-2
    470
    
    Using the TCP Reset Interface
    470
  - Troubleshooting AIP-SSM
    470
  - Gathering Information
    472
    
    Tech Support Information
    472
    
    Displaying Tech Support Information
    473
    
    Overview
    473
    
    Tech Support Command Output
    473

Cisco 4215 - Intrusion Detection Sys Sensor Hardware Installation Manual (74 pages)

Brand: Cisco | Category: Projector Accessories | Size: 6.54 MB

Table of Contents

3
- Features
  5
- Deployment Options
  8
- Package Contents
  8
- Serial Number and Documentation Portal QR Code
  10
- Front Panel
  12
- Front Panel Leds
  15
- Rear Panel
  18
- 8-Port 1/10/25-Gb Network Module
  19
- 4-Port 40-Gb Network Module
  21
- 2-Port 100-Gb Network Module
  22
- 4-Port 200-Gb Network Module
  24
- 8-Port 1000Base-T Network Module with Hardware Bypass
  26
- 6-Port 10-Gb SR/10-Gb LR/25-Gb SR/25-Gb LR Network Module with Hardware Bypass
  28
- Power Supply Module
  31
- Dual Fan Modules
  33
- Ssds
  34
- Supported SFP/SFP+/QSFP+ Transceivers
  35
- Hardware Specifications
  39
- Product ID Numbers
  40
- Power Cord Specifications
  42
Installation Preparation

49
- Installation Warnings
  49
- Safety Recommendations
  51
- Maintain Safety with Electricity
  52
- Prevent ESD Damage
  52
- Power Supply Considerations
  53
- Site Considerations
  53
- Site Environment
  53
- Rack Configuration Considerations
  54

Cisco Categories

Switch IP Phone

Network Router Wireless Access Point Network Hardware

More Cisco Manuals

Cisco 4215 - Intrusion Detection Sys Sensor Manuals

Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual (536 pages)

Table of Contents

CHAPTER 1 Introducing the CLI Configuration Guide1-1

CHAPTER 2 Logging in to the Sensor

Chapter 3 Initializing the Sensor

CHAPTER 4 Initial Configuration Tasks4-1

CHAPTER 5 Configuring Interfaces5-1

CHAPTER 6 Configuring Event Action Rules6-1

Chapter 7 Defining Signatures

CHAPTER 8 Configuring IP Logging8-1

CHAPTER 9 Displaying and Capturing Live Traffic on an Interface9-1

CHAPTER 10 Configuring Blocking10-1

Chapter 11 Configuring SNMP

CHAPTER 12 Working with Configuration Files12-1

CHAPTER 13 Administrative Tasks for the Sensor

Events

Chapter 14 Configuring AIP-SSM

CHAPTER 15 Configuring IDSM-2

CHAPTER 16 Configuring NM-CIDS16-1

CHAPTER 17 Upgrading, Downgrading, and Installing System Images17-1

Chapter 18 Obtaining Software

Appendix

System Architecture

Logapp

Seap

Cli

Appendix

Signature Engines

Appendix

Troubleshooting

Cisco 4215 - Intrusion Detection Sys Sensor Hardware Installation Manual (74 pages)

Table of Contents

Table of Contents

Installation Preparation

Related Products

Cisco Categories