Configuration Guide
Page 4
...Adding and Removing Users 4-11 Password Recovery 4-13 Creating the Service Account 4-13 Configuring Passwords 4-14 Changing User Privilege Levels 4-15 Viewing User Status 4-16 Configuring Account Locking 4-17 Configuring Time 4-18 Time Sources and the Sensor 4-18 Correcting Time on the Sensor 4-20 Configuring Time on the Sensor 4-21 System Clock 4-21 Configuring... TLS 4-34 About TLS 4-34 Adding TLS Trusted Hosts 4-35 Displaying and Generating the Server Certificate 4-37 Installing the License Key 4-37 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 iv 78-16527-01
...Adding and Removing Users 4-11 Password Recovery 4-13 Creating the Service Account 4-13 Configuring Passwords 4-14 Changing User Privilege Levels 4-15 Viewing User Status 4-16 Configuring Account Locking 4-17 Configuring Time 4-18 Time Sources and the Sensor 4-18 Correcting Time on the Sensor 4-20 Configuring Time on the Sensor 4-21 System Clock 4-21 Configuring... TLS 4-34 About TLS 4-34 Adding TLS Trusted Hosts 4-35 Displaying and Generating the Server Certificate 4-37 Installing the License Key 4-37 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 iv 78-16527-01
Configuration Guide
Page 14
...33 TROJAN Engines B-34 C A P P E N D I X Troubleshooting C-1 Preventive Maintenance C-1 Disaster Recovery C-2 Password Recovery C-3 Troubleshooting the 4200 Series Appliance C-3 Communication Problems C-4 Cannot Access the Sensor CLI Through Telnet or SSH C-4 Misconfigured Access List C-6 Duplicate IP Address Shuts Interface Down C-7 SensorApp and Alerting... C-8 SensorApp Not Running C-8 Physical Connectivity, SPAN, or VACL Port Issue C-10 Unable to See Alerts C-11 Sensor Not Seeing Packets C-13 Cleaning Up a Corrupted SensorApp Configuration C-14 Bad Memory on IDS-4250-XL C-15 Blocking...
...33 TROJAN Engines B-34 C A P P E N D I X Troubleshooting C-1 Preventive Maintenance C-1 Disaster Recovery C-2 Password Recovery C-3 Troubleshooting the 4200 Series Appliance C-3 Communication Problems C-4 Cannot Access the Sensor CLI Through Telnet or SSH C-4 Misconfigured Access List C-6 Duplicate IP Address Shuts Interface Down C-7 SensorApp and Alerting... C-8 SensorApp Not Running C-8 Physical Connectivity, SPAN, or VACL Port Issue C-10 Unable to See Alerts C-11 Sensor Not Seeing Packets C-13 Cleaning Up a Corrupted SensorApp Configuration C-14 Bad Memory on IDS-4250-XL C-15 Blocking...
Configuration Guide
Page 22
...However, you are going to use the service account to create a new password if the Administrator password is needed for password recovery and other initial tasks, such as adding users and trusted hosts and so forth. Make changes to configure the sensor: 1. Note You configure the interfaces during initialization. 8. Configure the signatures for... makes the system vulnerable. The service account provides shell access to create a service account. For the procedure, see Chapter 4, "Initial Configuration Tasks." 7. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for...
...However, you are going to use the service account to create a new password if the Administrator password is needed for password recovery and other initial tasks, such as adding users and trusted hosts and so forth. Make changes to configure the sensor: 1. Note You configure the interfaces during initialization. 8. Configure the signatures for... makes the system vulnerable. The service account provides shell access to create a service account. For the procedure, see Chapter 4, "Initial Configuration Tasks." 7. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for...
Configuration Guide
Page 57
... the system. For the procedure, see Creating the Service Account, page 4-13. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for login purposes only. are allowed. .You receive the following topics: • Adding and Removing Users, page 4-11 • Password Recovery, page 4-13 • Creating the Service Account, page 4-13 • Configuring...
... the system. For the procedure, see Creating the Service Account, page 4-13. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for login purposes only. are allowed. .You receive the following topics: • Adding and Removing Users, page 4-11 • Password Recovery, page 4-13 • Creating the Service Account, page 4-13 • Configuring...
Configuration Guide
Page 59
... from the system Configuring User Parameters Password Recovery The following password recovery options exist: • If another Administrator account exists, the other IPS services. Use the password command to create a service account. For example, if the Administrator password is "adminu," the command is not... the system vulnerable. Caution You should carefully consider whether you want to change the password. • If a Service account exists, you can have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes only.
... from the system Configuring User Parameters Password Recovery The following password recovery options exist: • If another Administrator account exists, the other IPS services. Use the password command to create a service account. For example, if the Administrator password is "adminu," the command is not... the system vulnerable. Caution You should carefully consider whether you want to change the password. • If a Service account exists, you can have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes only.
Configuration Guide
Page 86
Installing the License Key Chapter 4 Initial Configuration Tasks Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 4-40 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Installing the License Key Chapter 4 Initial Configuration Tasks Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 4-40 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Configuration Guide
Page 264
...in to capture traffic for IDSM-2 in Inline Mode, page 15-16. Reimage the application partition and the maintenance partition when needed for password recovery and other initial tasks, such as adding users, trusted hosts, and so forth. The service account provides shell access to keep IDSM-2... 2 48 10/100BaseTX Ethernet WS-X6248-RJ-45 no ok 3 3 48 10/100/1000BaseT Ethernet WS-X6548-GE-TX no ok 15-2 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IDSM-2, page 15-24. 9. To verify the installation, follow these steps: Step 1 Step 2 Log in promiscuous or...
...in to capture traffic for IDSM-2 in Inline Mode, page 15-16. Reimage the application partition and the maintenance partition when needed for password recovery and other initial tasks, such as adding users, trusted hosts, and so forth. The service account provides shell access to keep IDSM-2... 2 48 10/100BaseTX Ethernet WS-X6248-RJ-45 no ok 3 3 48 10/100/1000BaseT Ethernet WS-X6548-GE-TX no ok 15-2 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IDSM-2, page 15-24. 9. To verify the installation, follow these steps: Step 1 Step 2 Log in promiscuous or...
Configuration Guide
Page 295
... router. Configure NM-CIDS to configure NM-CIDS: 1. A service account is needed for password recovery and other special debug situations directed by TAC. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for intrusion detection analysis. For the procedure, see Chapter 3, "Initializing the Sensor." 4. Initialize NM-CIDS. 16 C H A P T E R Configuring NM-CIDS This chapter describes the tasks...
... router. Configure NM-CIDS to configure NM-CIDS: 1. A service account is needed for password recovery and other special debug situations directed by TAC. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for intrusion detection analysis. For the procedure, see Chapter 3, "Initializing the Sensor." 4. Initialize NM-CIDS. 16 C H A P T E R Configuring NM-CIDS This chapter describes the tasks...
Configuration Guide
Page 303
..., major version, or recovery partition file. For the procedure, see Obtaining Cisco IPS Software, page 18-1. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 17-1 Downgrading removes the last applied upgrade from 5.0 to go from the sensor. To install a new system image on the sensor, use the default password "cisco." It contains the following...
..., major version, or recovery partition file. For the procedure, see Obtaining Cisco IPS Software, page 18-1. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 17-1 Downgrading removes the last applied upgrade from 5.0 to go from the sensor. To install a new system image on the sensor, use the default password "cisco." It contains the following...
Configuration Guide
Page 304
... ip-address- The valid values are located on the file server. 17-2 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Note If you use SCP,...sensor. User password for example, IPS-K9-r-1.1-a-5.0-1.pkg Upgrading the sensor changes the software version of the file server. • password- Directory where upgrade files are ftp or scp. IP address of the sensor...min-5.1-1.pkg • Service pack updates, for example, IPS-K9-sp-5.0-2.pkg • Recovery partition updates, for authentication on the file server. Sets the value back to download ...
... ip-address- The valid values are located on the file server. 17-2 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Note If you use SCP,...sensor. User password for example, IPS-K9-r-1.1-a-5.0-1.pkg Upgrading the sensor changes the software version of the file server. • password- Directory where upgrade files are ftp or scp. IP address of the sensor...min-5.1-1.pkg • Service pack updates, for example, IPS-K9-sp-5.0-2.pkg • Recovery partition updates, for authentication on the file server. Sets the value back to download ...
Configuration Guide
Page 307
... 17-9. MS-DOS style directory listing is not modified by the sensor automatic update feature. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for new upgrade files in the upgrade directory. ...Cisco.com and copy it to automatically look for IPS 5.0 17-5 Enter configuration mode: sensor# configure terminal Step 4 Upgrade the recovery partition: sensor(config)# upgrade scp://user@server_ipaddress//upgrade_path/IPS-K9-r-1.1-a-5.0-1.pkg sensor(config)# upgrade ftp://user@server_ipaddress//upgrade_path/IPS-K9-r-1.1-a-5.0-1.pkg Step 5 Type the server password...
... 17-9. MS-DOS style directory listing is not modified by the sensor automatic update feature. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for new upgrade files in the upgrade directory. ...Cisco.com and copy it to automatically look for IPS 5.0 17-5 Enter configuration mode: sensor# configure terminal Step 4 Upgrade the recovery partition: sensor(config)# upgrade scp://user@server_ipaddress//upgrade_path/IPS-K9-r-1.1-a-5.0-1.pkg sensor(config)# upgrade ftp://user@server_ipaddress//upgrade_path/IPS-K9-r-1.1-a-5.0-1.pkg Step 5 Type the server password...
Configuration Guide
Page 311
Enter configuration mode: sensor# configure terminal 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the appliance if it , you can also use this command to the recovery partition, which lets you have upgraded your recovery partition to the most...an account with the default username and password cisco. Chapter 17 Upgrading, Downgrading, and Installing System Images Recovering the Application Partition Recovering the Application Partition This section explains how to the sensor after the recovery is performed. Use the recover application-...
Enter configuration mode: sensor# configure terminal 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the appliance if it , you can also use this command to the recovery partition, which lets you have upgraded your recovery partition to the most...an account with the default username and password cisco. Chapter 17 Upgrading, Downgrading, and Installing System Images Recovering the Application Partition Recovering the Application Partition This section explains how to the sensor after the recovery is performed. Use the recover application-...
Configuration Guide
Page 312
...CLI to the sensor with the default username and password (cisco/cisco) and then initialize the sensor again with the setup command. For the procedure, see Initializing the Sensor, page 3-2. Note The IP address, netmask, access lists, time zone, and offset are saved and applied to the recovery partition and ...8226; Using the Recovery/Upgrade CD, page 17-18 • Installing the NM-CIDS System Image, page 17-19 • Installing the IDSM-2 System Image, page 17-25 • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide ...
...CLI to the sensor with the default username and password (cisco/cisco) and then initialize the sensor again with the setup command. For the procedure, see Initializing the Sensor, page 3-2. Note The IP address, netmask, access lists, time zone, and offset are saved and applied to the recovery partition and ...8226; Using the Recovery/Upgrade CD, page 17-18 • Installing the NM-CIDS System Image, page 17-19 • Installing the IDSM-2 System Image, page 17-25 • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide ...
Configuration Guide
Page 338
...hw-module module 1 recover configure 17-36 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Recovery Partition, page 17-4. Installing the AIP-...sensor's CLI using the hw-module module 1 recover configure/boot command. Log in to the application partition CLI: router# session slot slot_number processor 1 Enter configuration mode: idsm2# configure terminal Upgrade the maintenance partition: idsm2(config)# upgrade ftp://user@ftp_server_IP_address/directory_path/c6svc-mp.2-1-1.bin.gz Specify the FTP server password: Password...
...hw-module module 1 recover configure 17-36 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Recovery Partition, page 17-4. Installing the AIP-...sensor's CLI using the hw-module module 1 recover configure/boot command. Log in to the application partition CLI: router# session slot slot_number processor 1 Enter configuration mode: idsm2# configure terminal Upgrade the maintenance partition: idsm2(config)# upgrade ftp://user@ftp_server_IP_address/directory_path/c6svc-mp.2-1-1.bin.gz Specify the FTP server password: Password...
Configuration Guide
Page 341
... must have an active IPS maintenance contract and a Cisco.com password to apply signature updates. To download software on Cisco.com. Service packs are also posted periodically. You must be logged in to download software. Choose Intrusion Prevention System (IPS). 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the latest IPS software. It...
... must have an active IPS maintenance contract and a Cisco.com password to apply signature updates. To download software on Cisco.com. Service packs are also posted periodically. You must be logged in to download software. Choose Intrusion Prevention System (IPS). 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the latest IPS software. It...
Configuration Guide
Page 351
... and whether there is also a repository of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# Cisco Security Center The Cisco Security Center site on Cisco.com to receive e-mails when signature updates and service pack ...04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your security systems to reduce organizational risk. Click one of the most effectively secure and manage your network. Under Subscription Information, click subscribe now. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI ...
... and whether there is also a repository of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# Cisco Security Center The Cisco Security Center site on Cisco.com to receive e-mails when signature updates and service pack ...04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your security systems to reduce organizational risk. Click one of the most effectively secure and manage your network. Under Subscription Information, click subscribe now. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI ...
Configuration Guide
Page 427
... account. For the procedure, see Creating the Service Account, page 4-13. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for sensors and software. For the procedure, see Copying and Restoring the Configuration File Using a Remote Server... configuration before you do a manual upgrade. It contains the following sections: • Preventive Maintenance, page C-1 • Disaster Recovery, page C-2 • Password Recovery, page C-3 • Troubleshooting the 4200 Series Appliance, page C-3 • Troubleshooting IDM, page C-34 • Troubleshooting IDSM...
... account. For the procedure, see Creating the Service Account, page 4-13. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for sensors and software. For the procedure, see Copying and Restoring the Configuration File Using a Remote Server... configuration before you do a manual upgrade. It contains the following sections: • Preventive Maintenance, page C-1 • Disaster Recovery, page C-2 • Password Recovery, page C-3 • Troubleshooting the 4200 Series Appliance, page C-3 • Troubleshooting IDM, page C-34 • Troubleshooting IDSM...
Configuration Guide
Page 428
...Downgrading, and Installing System Images." 2. Note You also need to AIP-SSM. Note You should note the specific software version for password recovery on the sensor, see Viewing User Status, page 4-16. • If you are not saved in to the system, which makes the ... provides shell access to the sensor with the default user ID and password-cisco. For the procedure for IPS 5.0 C-2 78-16527-01 When a disaster happens and you cannot get shell access to recover the sensor, try the following: 1. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for obtaining ...
...Downgrading, and Installing System Images." 2. Note You also need to AIP-SSM. Note You should note the specific software version for password recovery on the sensor, see Viewing User Status, page 4-16. • If you are not saved in to the system, which makes the ... provides shell access to the sensor with the default user ID and password-cisco. For the procedure for IPS 5.0 C-2 78-16527-01 When a disaster happens and you cannot get shell access to recover the sensor, try the following: 1. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for obtaining ...
Configuration Guide
Page 429
...IPS software version it had before the disaster can change the password. • If a Service account exists, you are dealing with a known issue. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the software version you have installed ... Cisco IPS Software, page 18-1. root. For example, if the Administrator username is "adminu," the command is password adminu. Appendix C Troubleshooting Password Recovery Note You are prompted to enter the new password twice. Troubleshooting the 4200 Series Appliance This section contains information to the sensor....
...IPS software version it had before the disaster can change the password. • If a Service account exists, you are dealing with a known issue. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the software version you have installed ... Cisco IPS Software, page 18-1. root. For example, if the Administrator username is "adminu," the command is password adminu. Appendix C Troubleshooting Password Recovery Note You are prompted to enter the new password twice. Troubleshooting the 4200 Series Appliance This section contains information to the sensor....
Configuration Guide
Page 443
...include : nac Step 4 Make sure you have the latest software updates, download them from Cisco.com. sensor# show version Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 5 Step 6 If you do not have the latest...username, password, and IP address). Verify that accompanies the software upgrade for any known DDTS for Network Access Controller. Make sure the configuration settings for IPS 5.0 C-17 For the procedure, see Device Access Issues, page C-18. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration...
...include : nac Step 4 Make sure you have the latest software updates, download them from Cisco.com. sensor# show version Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 5 Step 6 If you do not have the latest...username, password, and IP address). Verify that accompanies the software upgrade for any known DDTS for Network Access Controller. Make sure the configuration settings for IPS 5.0 C-17 For the procedure, see Device Access Issues, page C-18. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration...