© 2006 Cisco Systems, Inc. All rights reserved. SND v2.05-1 Securing Networks with Cisco IOS IPS Configuring Cisco IOS IPS.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Module Self-Check.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. SND v Module Summary IDS technology is passive; it monitors the network for suspicious activity and.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Building Cisco IPsec VPNs Building Remote Access VPNs.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS Threat Defense Features Configuring Cisco IOS IPS.
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Module Summary Routers play an important role in ensuring that network perimeters are secure;
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary The Cisco IOS Firewall feature set combines existing Cisco IOS Firewall technology.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing the Perimeter Disabling Unused Cisco Router Network Services and Interfaces.
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Module Summary An IPsec VPN is a collection of protocols that help you to hook up your company.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Agenda Day 1 Lesson 1Course Introduction Lesson 2Network Security and Cisco Lesson.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary IPsec is designed to provide interoperable, high-quality, cryptographically.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Complex MPLS VPNs Using Advanced VRF Import and Export Features.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Securing the Perimeter Introducing Cisco SDM.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.
© 2001, Cisco Systems, Inc. CSIDS Chapter 10 IP Blocking Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Implementation Configuring VRF Tables.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Introducing Campus Networks Network Requirements.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Configuring Cisco IOS IPS

© 2006 Cisco Systems, Inc. All rights reserved. SND v Outline Overview Cisco IOS IPS Features Configuring Cisco IOS IPS Using Cisco SDM Using Cisco SDM GUI for IPS Configuring IPS Rules Configuring IPS Signatures Configuring Global Settings Delivering the Configuration to Router Summary

© 2006 Cisco Systems, Inc. All rights reserved. SND v Cisco IOS IPS Intrusion Detection Technology Cisco IOS IPS uses a blend of Cisco IDS and IPS products: Cisco IDS Series appliances Cisco Catalyst 6500 Intrusion Detection System Services Modules Cisco IDS Network Module Cisco IOS IPS uses a blend of detection technologies: Profile-based Signature-based Protocol analysis-based

© 2006 Cisco Systems, Inc. All rights reserved. SND v Primary Benefits of the Cisco IOS IPS Solution Cisco IOS IPS: Uses the underlying routing infrastructure to provide an additional layer of security Denies malicious traffic from both the inside and outside network Works with Cisco IDS, Cisco IOS Firewall, VPN, and NAC solutions Is supported by Cisco SDM and CiscoWorks VMS Integrates smoothly into existing network infrastructure

© 2006 Cisco Systems, Inc. All rights reserved. SND v Cisco IOS IPS Signature Features Cisco IOS IPS Signature Feature Description Enables the creation of string patterns using regular expressions Enables the sensor to take an action when the signature is triggered Enables the sensor to aggregate alarms; does this to limit the number of times an alarm is sent when the signature is triggered Enables a signature to be tuned to perform optimally in a network Regular expression string pattern matching Response actions Alarm summarization Threshold configuration Antievasive techniques Enables a signature to defeat evasive techniques used by an attacker

© 2006 Cisco Systems, Inc. All rights reserved. SND v Using Cisco SDM to Configure Cisco IOS IPS 1. Launch Cisco SDM. 2. Launch the IPS Rules Wizard. 3. Choose a router interface to apply the IPS rule. 4. Choose the traffic flow direction to be inspected by the IPS rules. 5. Specify where the router will find the SDFs. 6. Confirm status of interfaces and signature files. 7. Configure signature alarm severity, event actions, and parameters. 8. Save the Cisco IPS configuration to the router.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Using Cisco SDM GUI to Create IPS Rules

© 2006 Cisco Systems, Inc. All rights reserved. SND v Using Cisco SDM GUI to Edit Existing IPS Rules

© 2006 Cisco Systems, Inc. All rights reserved. SND v Launching the IPS Rule Wizard 1 2 3

© 2006 Cisco Systems, Inc. All rights reserved. SND v Confirming Cisco IOS IPS on Inbound and Outbound Interfaces

© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring Signatures Using Cisco SDM

© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring Signatures Using Cisco SDM (Cont.) Signature Event ActionsSignature Alarm Severity

© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring Signatures Using Cisco SDM (Cont.) Signature Parameters

© 2006 Cisco Systems, Inc. All rights reserved. SND v Importing Signature Definition Files 1 2 3

© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring Global Settings

© 2006 Cisco Systems, Inc. All rights reserved. SND v Saving the Cisco IOS IPS Configuration

© 2006 Cisco Systems, Inc. All rights reserved. SND v Summary Cisco IOS IPS uses the underlying routing infrastructure to provide an additional layer of security to deny malicious traffic from inside and outside the network. Cisco IOS IPS works with Cisco IDS, Cisco IOS Firewall, VPN, and NAC solutions, and it is supported by Cisco SDM and CiscoWorks device management software. Using the Cisco SDM software there are basically eight steps to configure Cisco IOS IPS on a router. The Cisco SDM GUI is browser-based and easy to use. Use the Cisco SDM GUI wizard to configure IPS rules. Use the Cisco SDM GUI to configure and tune IPS signatures. Use the Cisco SDM GUI to configure global settings. Using the Cisco SDM GUI, you can save your configuration to the router or to a file on your PC.

© 2006 Cisco Systems, Inc. All rights reserved. SND v