© 2004, Cisco Systems, Inc. All rights reserved. CSIDS 4.116-1 Lesson 16 Intrusion Detection System Module Configuration.

Презентация:



Advertisements
Похожие презентации
© 2005 Cisco Systems, Inc. All rights reserved. IPS v Lesson 14 Installing and Maintaining the IDSM-2.
Advertisements

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 17 Capturing Network Traffic for Intrusion Detection Systems.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Operating and Configuring Cisco IOS Devices Configuring a Router.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 4 Cisco Intrusion Detection System Architecture.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Operating and Configuring Cisco IOS Devices Starting a Switch.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Managing Cisco Devices.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.
© 2005 Cisco Systems, Inc. All rights reserved. INTRO v Module Summary The Cisco IOS software platform is implemented on most Cisco hardware platforms,
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 12 Cisco Intrusion Detection System Maintenance.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Course Agenda Day 1 Lesson 1Course Introduction Lesson 2Network Security and Cisco Lesson.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 7 Using the Intrusion Detection System Device Manager to Configure the Sensor.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Configuring Cisco IOS IPS.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing High Availability in a Campus Environment Configuring Layer 3 Redundancy with.
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Introducing Campus Networks Network Requirements.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 4 Cisco PIX Firewall Family.
© 2006 Cisco Systems, Inc. All rights reserved.CIPT2 v Monitor and Manage IP Telephony Introducing Cisco Unified CallManager Serviceability.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
Транксрипт:

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 16 Intrusion Detection System Module Configuration

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Objectives

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Objectives Upon completion of this lesson, you will be able to perform the following tasks: Describe the Catalyst IDSM-2 features. Distinguish between the functions of the various Catalyst IDSM-2 ports. Initialize a Catalyst IDSM-2. Verify the Catalyst 6500 switch and Catalyst IDSM-2 configurations.

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Introduction

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Performance600 Mbps Size1 RU/slot ProcessorDual 1.13 GHz Operating systemLinux ResponseIP log, reset, and block

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Key Features Brings switching and security into a single chassis Supports an unlimited number of VLANs No impact on switch performance Provides an effective platform across all Catalyst 6500 chassis Uses the same code as the Cisco IDS network appliances

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Supported Features IDSMIDSM-2 Performance120 Mbps600 Mbps SPAN/RSPANYes VACL captureYes BlockingYes IEVYes IDM supportNoYes TCP resetsNoYes IP loggingNoYes CLINoYes Same code as appliancesNoYes Fabric enabledNoYes Event retrieval methodPostOffice (push)RDEP (pull)

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Catalyst 6500 Switch Requirements The IDSM-2 runs in any Catalyst 6500 Series switch that meets one of the following requirements: Catalyst Software Release 7.5(1), 7.6(1), or later with one of the following: –Supervisor Engine 1A –Supervisor Engine 1A/PFC2 –Supervisor Engine 1A/MSFC1 –Supervisor Engine 1A/MSFC2 –Supervisor Engine 2 –Supervisor Engine 2/MSFC2 Cisco IOS Software Release 12.2(14)SY with Supervisor Engine 2 and MSFC2 Cisco IOS Software Release 12.1(19)E with one of the following: –Supervisor Engine 1A with MSFC2 –Supervisor Engine 2 with MSFC2 Cisco IOS Software Release 12.2(14)SX1 with Supervisor Engine 720

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 and Switch Configuration Tasks Initialize the IDSM-2. Configure the switch to capture traffic for intrusion detection analysis. Assign the command and control port to the proper VLAN.

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Ports and Traffic

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Ports The IDSM-2 has the following four logical ports : Port 1TCP resets Port 2Command and control Port 7 and/or 8Sensing

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Traffic Flow IDSM-2 Alarms and configuration through IDSM-2 command and control port Source traffic Destination traffic Copied VACL or SPAN traffic or RSPAN traffic to IDSM-2 monitor ports Cisco Catalyst 6500 Source traffic Destination traffic Switch backplane Management Console

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Initialization

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Initialization Tasks Access the IDSM-2 using the switch session command. Log in at the IDSM-2 login prompt with the username cisco and the default password cisco. Execute the setup command to enter the configuration dialog. Enter the network communication parameters. Reset the IDSM-2.

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Access the IDSM-2Catalyst Operating System session mod Enables you to access an IDSM-2 installed in the Catalyst 6500 switch switch> (enable) switch>(enable) session 3 Enables access to the IDSM-2 installed in slot 3 of the Catalyst 6500 switch

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Access the IDSM-2Cisco IOS Software session slot mod {processor processor-id} Router# Router# session slot 3 processor 1 Enables access to the IDSM-2 installed in slot 3 of the Catalyst 6500 switch Opens a session with an IDSM-2 and enables you to use the IDSM-2-specific CLI

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Verifying IDSM-2 Status

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Status LED IDSM-2 status LED colors and their descriptions are as follows: GreenIDSM-2 is operational. AmberIDSM-2 is disabled, running a boot and self-diagnostic sequence, or shut down. RedDiagnostics other than an individual port test failed. OffIDSM-2 power is off.

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS show module Command show module [mod] switch> switch>show module Mod Slot Ports Module-Type Model Sub Status BaseX Supervisor WS-X6K-SUP2-2GE yes ok Multilayer Switch Feature WS-F6K-MSFC2 no ok BaseX Ethernet WS-X6408-GBIC no ok /100BaseTX Ethernet WS-X6548-RJ-45 no ok Intrusion Detection Syste WS-SVC-IDSM-2 yes ok Switch Fabric Module 2 WS-X6500-SFM2 no ok Intrusion Detection Syste WS-SVC-IDSM-2 yes ok Intrusion Detection Syste WS-SVC-IDSM-2 yes ok Displays the status of all modules in the switch. Three IDSM-2s are installed, one in slot 4, one in slot 6, and one in slot 7. The ok state indicates that the IDSM-2s are online. Displays module status and information

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary The IDSM-2 is a line card for the Cisco Catalyst 6500 Series switches. The IDSM-2 runs the same code as the Cisco IDS Sensor appliance. The IDSM-2 is delivered with IDS Software Revision 4.0 or higher. The IDSM-2 does not affect switch performance because it is not in the forwarding path of the switch.