© 2006 Cisco Systems, Inc. All rights reserved.ISCW v1.06-1 Cisco IOS Threat Defense Features Configuring Cisco IOS IPS.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Configuring Cisco IOS IPS.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary Cisco IOS Firewall combines the stateful firewall engine with application-layer.
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Configuring IPsec Site-to-Site VPN Using SDM.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.
© 2006 Cisco Systems, Inc. All rights reserved. CIPT1 v Deployment of Cisco Unified CallManager Release 5.0 Endpoints Configuring Cisco Unified CallManager.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS Threat Defense Features Implementing Cisco IOS Firewalls.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.
© 2005 Cisco Systems, Inc. All rights reserved. IPTX v Configuring Additional Cisco CallManager Express Features Configuring Cisco CallManager Express.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Examining Layer 2 Attacks.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS TE Overview Configuring MPLS TE on Cisco IOS Platforms.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Attributes Setting BGP Local Preferences.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Building Cisco IPsec VPNs Building Remote Access VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Operating and Configuring Cisco IOS Devices Configuring a Router.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Site-to-Site IPsec VPN Operation.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Operating and Configuring Cisco IOS Devices Starting a Switch.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Using Outbound Route Filtering.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS Threat Defense Features Configuring Cisco IOS IPS

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Configuring Cisco IOS IPS

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS IPS Configuration Steps 1. Configure basic IPS settings: –Specify SDF location –Configure failure parameter –Create an IPS rule and, optionally, combine it with a filter –Apply the IPS rule to interface 2. Configure enhanced IPS settings: –Merge SDFs –Disable, delete, and filter selected signatures –Reapply the IPS rule to the interface 3. Verify the IPS configuration.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Configure Basic IPS Settings Router# show running-config | begin ips ! Drop all packets until IPS is ready for scanning ip ips fail closed ! IPS rule definition ip ips name SECURIPS list 100 !... interface Serial0/0 ip address ! Apply the IPS rule to interface in inbound direction ip ips SECURIPS in...

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Configure Enhanced IPS Settings ! Merge built-in SDF with attack-drop.sdf, and copy to flash Router# copy flash:attack-drop.sdf ips-sdf Router# copy ips-sdf flash:my-signatures.sdf Router# show runnning-config | begin ips ! Specify the IPS SDF location ip ips sdf location flash:my-signatures.sdf ip ips fail-closed ! Disable sig 1107, delete sig 5037, filter sig 6190 with ACL 101 ip ips signature disable ip ips signature delete ip ips signature list 101 ip ips name SECURIPS list interface Serial0/0 ip address ! Reapply the IPS rule to take effect ip ips SECURIPS in...

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Verifying IOS IPS Configuration Router# show ip ips configuration Configured SDF Locations: flash:my-signatures.sdf Builtin signatures are enabled but not loaded Last successful SDF load time: 13:45:38 UTC Jan IPS fail closed is enabled... Total Active Signatures: 183 Total Inactive Signatures: 0 Signature 6190:0 list 101 Signature 1107:0 disable IPS Rule Configuration IPS name SECURIPS acl list 100 Interface Configuration Interface Serial0/0 Inbound IPS rule is SECURIPS Outgoing IPS rule is not set

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS IPS SDM Tasks

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS IPS SDM Tasks Tasks included in the IPS Policies wizard: –Quick interface selection for rule deployment –Identification of the flow direction –Dynamic signature update –Quick deployment of default signatures –Validation of router resources before signature deployment Signature customization available in the SDM IPS Edit menu: –Disable –Delete –Modify parameters

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Selecting Interfaces and Configuring SDF Locations

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Launching the IPS Policies Wizard Launch the wizard with the default signature parameters Customization options

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPS Policies Wizard Overview

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Identifying Interfaces and Flow Direction Select interfaceIdentify direction

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Selecting SDF Location Add SDF location Optionally, use built-in signatures as backup

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Selecting SDF Location (Cont.) Select location from flash Select location from network

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Selecting SDF Location (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Viewing the IPS Policy Summary and Delivering the Configuration to the Router

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Viewing the IPS Policies Wizard Summary

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Verifying IPS Deployment

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Configuring IPS Policies and Global Settings

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPS Policies

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Global Settings

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Viewing SDEE Messages

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Viewing All SDEE Messages Select message type for viewing

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Viewing SDEE Status Messages Status messages report the engine states

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Viewing SDEE Alerts Signatures fire SDEE alerts

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Tuning Signatures

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Selecting a Signature Edit signature

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Editing a Signature Click to edit Select severity

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Disabling a Signature Group Select category 1. Select All 2. Disable 3. 4.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Verifying the Tuned Signatures

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Summary You can configure IPS policy on a router by using the CLI or the SDM. CLI does not display the signature parameters. IPS CLI allows you to specify SDF locations, merge SDF files, disable signatures, assign rules to interfaces, and limit the detection scope using ACLs. SDM offers a wizard that simplifies the IPS configuration. IPS Policies wizard deploys default signature definitions from a specified SDF location. You can then use the SDM to edit the policy and modify global settings. SDM offers a view for SDEE messages containing status, errors, and alerts. You can use the SDM to tune the signature parameters.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v