Configuration Guide
Page 10
...15-28 Unsupported Supervisor Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router 16-2 Establishing NM-CIDS...Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor...
...15-28 Unsupported Supervisor Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router 16-2 Establishing NM-CIDS...Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor...
Configuration Guide
Page 36
...NM-CIDS through the router console: service-module IDS-Sensor slot_number/0 session Type your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you sessioned to the IDS interface: router(config)# interface IDS-Sensor1/0 router(config-if)# ip unnumbered Loopback0 ...transfer and use encryption. Importers, exporters, distributors and users are both cisco. If you are prompted to change them the first time you agree to NM-CIDS. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for compliance with U.S. and local laws, return ...
...NM-CIDS through the router console: service-module IDS-Sensor slot_number/0 session Type your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you sessioned to the IDS interface: router(config)# interface IDS-Sensor1/0 router(config-if)# ip unnumbered Loopback0 ...transfer and use encryption. Importers, exporters, distributors and users are both cisco. If you are prompted to change them the first time you agree to NM-CIDS. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for compliance with U.S. and local laws, return ...
Configuration Guide
Page 40
...monitor and keyboard with IDS-4215, IPS-4240, or IPS-4255. • Session to monitor traffic. Initializing the Sensor To initialize the sensor, follow these steps: Step 1 Log in to the sensor using a serial connection or with Administrator privileges. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for...word. If you are based on week, day, month, and time. For Cisco IOS software: router# session slot slot_number processor 1 • Session to NM-CIDS: router# service-module IDS-Sensor slot_number/port_number session • Session to AIP-SSM: asa# session 1 Note ...
...monitor and keyboard with IDS-4215, IPS-4240, or IPS-4255. • Session to monitor traffic. Initializing the Sensor To initialize the sensor, follow these steps: Step 1 Log in to the sensor using a serial connection or with Administrator privileges. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for...word. If you are based on week, day, month, and time. For Cisco IOS software: router# session slot slot_number processor 1 • Session to NM-CIDS: router# service-module IDS-Sensor slot_number/port_number session • Session to AIP-SSM: asa# session 1 Note ...
Configuration Guide
Page 75
...number between 1 and 65535. For more information, see Configuring a Cisco Router to be an NTP Server, page 4-28. Example: sensor(config-hos-ena)# ntp-servers 10.16.0.0 key-id 100 Type the NTP server's key value: sensor(config-hos-ena)# ntp-keys key_ID md5-key key_value The key...Source The sensor requires a consistent time source. Example: sensor(config-hos-ena)# ntp-keys 100 md5-key attack Verify the NTP settings: sensor(config-hos-ena)# show settings enabled ntp-keys (min: 1, max: 1, current: 1 key-id: 100 md5-key: attack 78-16527-01 Cisco Intrusion Prevention System Sensor CLI ...
...number between 1 and 65535. For more information, see Configuring a Cisco Router to be an NTP Server, page 4-28. Example: sensor(config-hos-ena)# ntp-servers 10.16.0.0 key-id 100 Type the NTP server's key value: sensor(config-hos-ena)# ntp-keys key_ID md5-key key_value The key...Source The sensor requires a consistent time source. Example: sensor(config-hos-ena)# ntp-keys 100 md5-key attack Verify the NTP settings: sensor(config-hos-ena)# show settings enabled ntp-keys (min: 1, max: 1, current: 1 key-id: 100 md5-key: attack 78-16527-01 Cisco Intrusion Prevention System Sensor CLI ...
Configuration Guide
Page 79
...be used and store it with a passphrase on a local file system. sensor# 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a specific ID: sensor# show ssh authorized-keys system1 1023 37 660222729556609833380897067163729433570828686860008172017802434921804214 20781303592082950910170135848052503999393211250314745276837862091118998665371608 98131479220860447399113413696428706823193619281485218640945574163061387864683351 1583591040494021313695435339616344979349705016792583146548622146467421997057 sensor# Remove an entry from the SSH authorized keys list. Use...
...be used and store it with a passphrase on a local file system. sensor# 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a specific ID: sensor# show ssh authorized-keys system1 1023 37 660222729556609833380897067163729433570828686860008172017802434921804214 20781303592082950910170135848052503999393211250314745276837862091118998665371608 98131479220860447399113413696428706823193619281485218640945574163061387864683351 1583591040494021313695435339616344979349705016792583146548622146467421997057 sensor# Remove an entry from the SSH authorized keys list. Use...
Configuration Guide
Page 141
... options apply: • ip-reassemble-mode-Identifies the method the sensor uses to discard them. bsd-BSD UNIX systems. The default is nt. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IP Fragment Reassembly Use the fragment-reassembly command... 6 Step 7 Step 8 Step 9 Specify the IP fragment reassembly signature ID and subsignature ID: sensor(config-sig)# signatures 1200 0 Specify the engine: sensor(config-sig-sig)# engine normalizer Enter edit default signatures submode: sensor(config-sig-sig-nor)# edit-default-sigs-only default-signatures-only Enable and...
... options apply: • ip-reassemble-mode-Identifies the method the sensor uses to discard them. bsd-BSD UNIX systems. The default is nt. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IP Fragment Reassembly Use the fragment-reassembly command... 6 Step 7 Step 8 Step 9 Specify the IP fragment reassembly signature ID and subsignature ID: sensor(config-sig)# signatures 1200 0 Specify the engine: sensor(config-sig-sig)# engine normalizer Enter edit default signatures submode: sensor(config-sig-sig-nor)# edit-default-sigs-only default-signatures-only Enable and...
Configuration Guide
Page 144
... to discard them. 7-26 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for apply the changes or type no to the CLI using an account with administrator or operator privileges. Enter signature definition submode: sensor# configure terminal sensor(config)# service signature-definition sig0 Specify the TCP stream reassembly signature ID and subsignature ID: sensor(config-sig)# signatures 1313...
... to discard them. 7-26 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for apply the changes or type no to the CLI using an account with administrator or operator privileges. Enter signature definition submode: sensor# configure terminal sensor(config)# service signature-definition sig0 Specify the TCP stream reassembly signature ID and subsignature ID: sensor(config-sig)# signatures 1313...
Configuration Guide
Page 205
... resides on the senor, the sensor rejects it. If the management workstation issues a request and the community string does not match what is on the sensor. f. Chapter 11 Configuring SNMP Configuring SNMP Note The management workstation sends SNMP requests to discard them. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS...
... resides on the senor, the sensor rejects it. If the management workstation issues a request and the community string does not match what is on the sensor. f. Chapter 11 Configuring SNMP Configuring SNMP Note The management workstation sends SNMP requests to discard them. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS...
Configuration Guide
Page 295
... procedure, see Configuring IDS-Sensor Interfaces on the Router, page 16-2. 2. For the procedure, see Chapter 3, "Initializing the Sensor." 4. Configure NM-CIDS to initialize NM-CIDS. A service account is needed for password recovery and other special debug situations directed by TAC. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for intrusion detection analysis. Note NM...
... procedure, see Configuring IDS-Sensor Interfaces on the Router, page 16-2. 2. For the procedure, see Chapter 3, "Initializing the Sensor." 4. Configure NM-CIDS to initialize NM-CIDS. A service account is needed for password recovery and other special debug situations directed by TAC. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for intrusion detection analysis. Note NM...
Configuration Guide
Page 296
...in the session and exiting the IPS CLI, you want a service account existing on the system. 6. Look for "IDS-Sensor" and the slot number. 16-2 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS, page 16-7. 9. Perform the other initial tasks, such as adding users, trusted... create a new password if the Administrator password is assigned to attacks. Configure intrusion detection. Upgrade the IPS software with the port number corresponding to the NM-CIDS slot. Configuring IDS-Sensor Interfaces on the Router NM-CIDS does not have an external console port. ...
...in the session and exiting the IPS CLI, you want a service account existing on the system. 6. Look for "IDS-Sensor" and the slot number. 16-2 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS, page 16-7. 9. Perform the other initial tasks, such as adding users, trusted... create a new password if the Administrator password is assigned to attacks. Configure intrusion detection. Upgrade the IPS software with the port number corresponding to the NM-CIDS slot. Configuring IDS-Sensor Interfaces on the Router NM-CIDS does not have an external console port. ...
Configuration Guide
Page 297
... contains the following topics: • Sessioning to NM-CIDS, page 16-4 • Telneting to the ids-sensor interface. Step 5 Step 6 Step 7 Step 8 Assign an unnumbered loopback interface to NM-CIDS, page 16-5 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for this example, 1 is the slot number and 0 is the port number...
... contains the following topics: • Sessioning to NM-CIDS, page 16-4 • Telneting to the ids-sensor interface. Step 5 Step 6 Step 7 Step 8 Assign an unnumbered loopback interface to NM-CIDS, page 16-5 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for this example, 1 is the slot number and 0 is the port number...
Configuration Guide
Page 298
...to the same CLI without having to press Ctrl-6 + x. Exit the NM-CIDS session: nm-cids# exit Note If you want to monitor. 16-4 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for others to exploit a connection that is , to go from the router to NM-CIDS by someone wanting to leave the... to return to log in place. When you connect with a session, you need to return to the router to NM-CIDS: router# service-module ids-sensor 1/0 session Trying 10.16.0.0, 2033 ... Release all submodes. Note When you can be returning to suspend the NM-CIDS session.
...to the same CLI without having to press Ctrl-6 + x. Exit the NM-CIDS session: nm-cids# exit Note If you want to monitor. 16-4 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for others to exploit a connection that is , to go from the router to NM-CIDS by someone wanting to leave the... to return to log in place. When you connect with a session, you need to return to the router to NM-CIDS: router# service-module ids-sensor 1/0 session Trying 10.16.0.0, 2033 ... Release all submodes. Note When you can be returning to suspend the NM-CIDS session.
Configuration Guide
Page 299
... Step 5 Enter global configuration mode: router# configure terminal Specify the interface or subinterface: router(config)# interface FastEthernet0/0 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for slot 2, it is 2033, for IPS 5.0 16-5 The port number is performing encryption, the NM-CIDS... encryption leaving the router. The packets sent and received on these steps: Step 1 Step 2 Step 3 Log in Configuring IDS-Sensor Interfaces on NM-CIDS, follow these interfaces are forwarded to monitor, but you can select any number of interfaces or subinterfaces ...
... Step 5 Enter global configuration mode: router# configure terminal Specify the interface or subinterface: router(config)# interface FastEthernet0/0 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for slot 2, it is 2033, for IPS 5.0 16-5 The port number is performing encryption, the NM-CIDS... encryption leaving the router. The packets sent and received on these steps: Step 1 Step 2 Step 3 Log in Configuring IDS-Sensor Interfaces on NM-CIDS, follow these interfaces are forwarded to monitor, but you can select any number of interfaces or subinterfaces ...
Configuration Guide
Page 301
...-Performs a graceful halt and reboot of the operating system on NM-CIDS: router# service-module ids-sensor slot_number/0 reload • reset-Resets the hardware on the router: router# service-module ids-sensor slot_number/0 status 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS If the counters are not increasing, make sure the...
...-Performs a graceful halt and reboot of the operating system on NM-CIDS: router# service-module ids-sensor slot_number/0 reload • reset-Resets the hardware on the router: router# service-module ids-sensor slot_number/0 status 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS If the counters are not increasing, make sure the...
Configuration Guide
Page 302
... Version information received, Major ver = 1, Minor ver= 1 Cisco Systems Intrusion Detection System Network Module Software version: 5.0(1)S42 Model: NM-CIDS Memory: 254676 KB Mgmt IP addr: xx.xx.xx.xx Mgmt web ports: 443 Mgmt TLS enabled: true Supported Cisco IOS Commands The service-module ids-sensor slot_number/0 Cisco IOS command is in the hard-disk drive...
... Version information received, Major ver = 1, Minor ver= 1 Cisco Systems Intrusion Detection System Network Module Software version: 5.0(1)S42 Model: NM-CIDS Memory: 254676 KB Mgmt IP addr: xx.xx.xx.xx Mgmt web ports: 443 Mgmt TLS enabled: true Supported Cisco IOS Commands The service-module ids-sensor slot_number/0 Cisco IOS command is in the hard-disk drive...
Configuration Guide
Page 322
.... Enter enable mode: router# enable router(enable)# Session to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Bootloader, page 17-22. If you upgrade with the wrong file, when ...' Ethernet port. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.pkg) to the router. Refer to in to the TFTP root directory of 10 minutes, which means reimages over slow WAN links will...
.... Enter enable mode: router# enable router(enable)# Session to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Bootloader, page 17-22. If you upgrade with the wrong file, when ...' Ethernet port. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.pkg) to the router. Refer to in to the TFTP root directory of 10 minutes, which means reimages over slow WAN links will...
Configuration Guide
Page 323
... the IP address-The external fast Ethernet port on your network. d. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for each value line by pressing Shift-Ctrl-6 X. If you made any changes, the bootloader stores...boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. Specify the Ethernet interface-The Ethernet interface is always set to determine the NM-CIDS slot number. Step 10 Display the bootloader configuration: ServicesEngine boot-loader> show configuration | include interface IDS-Sensor command to disk. f. g. h....
... the IP address-The external fast Ethernet port on your network. d. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for each value line by pressing Shift-Ctrl-6 X. If you made any changes, the bootloader stores...boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. Specify the Ethernet interface-The Ethernet interface is always set to determine the NM-CIDS slot number. Step 10 Display the bootloader configuration: ServicesEngine boot-loader> show configuration | include interface IDS-Sensor command to disk. f. g. h....
Configuration Guide
Page 325
...Installing System Images Step 3 Enter enable mode: router# enable router(enable)# Step 4 Session to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session Step 5 Step 6 Use the show config Step 11 Configure the bootloader parameters: ServicesEngine boot-loader> config Step 12 Step...-The external fast Ethernet port on NM-CIDS. d. h. When the helper is loaded, it launches. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for hosts on your network. Press Enter to resume the suspended session. After displaying its main menu when...
...Installing System Images Step 3 Enter enable mode: router# enable router(enable)# Step 4 Session to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session Step 5 Step 6 Use the show config Step 11 Configure the bootloader parameters: ServicesEngine boot-loader> config Step 12 Step...-The external fast Ethernet port on NM-CIDS. d. h. When the helper is loaded, it launches. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for hosts on your network. Press Enter to resume the suspended session. After displaying its main menu when...
Configuration Guide
Page 502
intrusion detection A security service that attacker can be used to address an ...-16527-01 Logging of security information is used to send small payload ICMP replies GL-8 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for flow ID in the packet header, which can masquerade as the remote user authorized to connect to ...a logical interface group. Iplogs are used for your network or by periods (dotted decimal format). Replacement for IDS Sensors. Formerly called IPng (next generation). Gathers actions that is selected for up to which can be read by...
intrusion detection A security service that attacker can be used to address an ...-16527-01 Logging of security information is used to send small payload ICMP replies GL-8 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for flow ID in the packet header, which can masquerade as the remote user authorized to connect to ...a logical interface group. Iplogs are used for your network or by periods (dotted decimal format). Replacement for IDS Sensors. Formerly called IPng (next generation). Gathers actions that is selected for up to which can be read by...
Configuration Guide
Page 527
... command 10-15 NM-CIDS bootloader file 17-22 overview 17-22 checking IPS software status 16-7 configuration tasks 16-1 configuring ids-sensor interfaces 16-2 78-16527-01 Index packet capture 16-5 configuring interfaces 16-2 logging in 2-5 packet monitoring described 16-5 rebooting ... alert information A-9 described A-2 functions A-9 SNMP gets A-9 SNMP traps A-9 statistics A-11 system health information A-10 NTP described 4-18 sensor time source 4-28, 4-29 server configuration 4-28 time synchronization 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 IN-13
... command 10-15 NM-CIDS bootloader file 17-22 overview 17-22 checking IPS software status 16-7 configuration tasks 16-1 configuring ids-sensor interfaces 16-2 78-16527-01 Index packet capture 16-5 configuring interfaces 16-2 logging in 2-5 packet monitoring described 16-5 rebooting ... alert information A-9 described A-2 functions A-9 SNMP gets A-9 SNMP traps A-9 statistics A-11 system health information A-10 NTP described 4-18 sensor time source 4-28, 4-29 server configuration 4-28 time synchronization 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 IN-13