Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
1
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 13 Enterprise Intrusion Detection System Management
2
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Objectives
3
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Objectives Upon completion of this lesson, you will be able to perform the following tasks: Define features and key concepts of the IDS MC. Describe the IDS MC architecture. Install the IDS MC. Locate the directories in which the IDS MC and its components are installed. Add Sensors and Sensor groups to the IDS MC. Use the IDS MC to tune signatures. Deploy configuration files. Update the IDS MC. Generate and view reports.
4
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Introduction
5
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS What Is the IDS MC? The IDS MC is a web-based application that centralizes and accelerates the deployment and management of multiple IDS Sensors or IDSMs. IDS MC PC Laptop HTTPS SSH Sensor
6
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDS MC Features Features of the IDS MC Sensor are as follows: Web-based management platform Enterprise management of IDS devices –IDS appliance running Version 3.0(1) S4 or higher –IDSM running Version 3.0(5) S23 or later –IDSM-2 running Version 4.0 or higher –NM-CIDS running Version 4.1 or higher –Up to 300 Sensors Provides the ability to create Sensor groups Provides a mechanism to require approval of configurations Provides the ability to import Sensor configurations Pushes signature and service pack updates to the IDS devices
7
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Windows Installation
8
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Server RequirementsWindows Hardware –IBM PC-compatible computer, 1-GHz Pentium CPU or faster –Color monitor with video card capable of viewing 16-bit color –CD-ROM drive –100-Mbps network connection or faster Memory –1 GB of RAM minimum –2 GB of virtual memory minimum Hard drive space –12 GB of free space minimum –NTFS Software –Windows 2000 Professional, Server, or Advanced Server (with Service Pack 3)
9
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Client Access Requirements Windows HardwareIBM PC-compatible computer, 300 MHz or faster Memory –256 MB of RAM minimum –400 MB virtual memory Operating system –Windows 2000 Professional with Service Pack 3 –Windows 2000 Server with Service Pack 3 –Windows XP, Service Pack 1 with Microsoft Virtual Machine Browser –Internet Explorer 6.0 with Service Pack 1 –Netscape Navigator 4.79
10
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Overview CiscoWorks Common Services is required for the IDS MC. CiscoWorks Common Services provides the CiscoWorks Server-based components, software libraries, and software packages developed for the IDS MC.
11
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Process
12
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Process (Cont.)
13
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Process (Cont.)
14
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Upgrade Process
15
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Solaris Installation
16
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Server RequirementsSolaris Hardware –Sun UltraSPARC 60 with 440 MHz or faster processor –Sun UltraSPARC III (Sun Blade 2000 Workstation or Sun Fire 280R Server) Memory –1 GB of RAM minimum –2 GB of virtual memory System softwareSolaris 2.8
17
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Client Access RequirementsSolaris HardwareSun SPARCstation or Ultra 10 with a 333-MHz processor with the Solaris 2.8 operating system Memory1 GB of RAM minimum Swap space512 MB BrowserNetscape Navigator 4.76
18
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Overview CiscoWorks Common Services is required for the IDS MC. CiscoWorks Common Services provides the CiscoWorks Server-based components, software libraries, and software packages developed for the IDS MC.
19
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Process SETUPDIR=/cdrom/idsmc ====================================================================== Started : Wed Dec 11 17:01:19 CST 2002 ====================================================================== ===============- Software Install Tool Started. -===================== ===- Welcome to the IDS Management Center and Security Monitor 1.0 Setup program. ====================================================================== INFO: This server architecture is 32-bit compatible. INFO: /tmp directory has 777 permissions. INFO: /etc/hosts is readable by all. INFO: OS major is 5 and OS minor is 8 INFO: OS major or minor patch version not set. INFO: Checking group entry casusers..... INFO: Group created for installable packages is casusers. INFO: Checking user entry casuser..... INFO: casuser for installable packages exists. INFO: No user added to the system. INFO: Warning - No PRMOPT_INSTALL_TYPE section in TOC-file. INFO: Warning - No installation default mode set.
20
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Process (Cont.) 1) IDS Management Center 2) Security Monitor 3) All of the Above (IDS Management Center + Security Monitor) Select one of the items using its number or enter q to quit [q] 1 INFO: You entered 1 as the option Loading properties from info files, working... Making a list of dependencies, working... Making a list of dependencies for CSCOids, working... Making a list of dependencies for CSCOnsdb, working... Making a list of dependencies for CSCOossh, working... Making a list of dependencies, working... INFO: performing prerequisite: /cdrom/idsmc /info/idscom/prerequisite INFO: performing prerequisite: CSCOids: /cdrom/idsmc /packages/CSCOids/ Enter IDS MC/Security Monitor Database Password: Confirm Password : INFO: Password Encryption is Successful. Enter IDS MC/Security Monitor Database Location : [/opt/CSCOpx/MDC/Sybase/Db/IDS] Entered value is /opt/CSCOpx/MDC/Sybase/Db/IDS Creating file /tmp/cscotmp/idsinstall.properties.....
21
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Installation Process (Cont.) ====================================================================== Finished: Wed Dec 11 17:13:19 CST 2002 ====================================================================== ===============- Software Install Tool Completed. -===================== ======================================================================
22
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Architecture
23
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDS MC Architecture Overview User IDS MC CiscoWorks Common Services Data store SSH IDS device HTTPS
24
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDS MC Directories IDS MC home directory \Apache\Sybase\Tomcat\etc\ids \updates
25
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Getting Started with the IDS MC
26
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS CiscoWorks Login
27
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS CiscoWorks User Authorization Roles CiscoWorks user authorization roles allow for different privileges within the IDS MC: Help DeskRead-only privileges for the entire system. ApproverRead-only privileges for the rest of the system, and ability to approve configurations. Network OperatorRead-only privileges for the rest of the system, and ability to deploy configurations. Network AdministratorRead-only privileges for the rest of the system, and ability to edit devices and device groups. System AdministratorAll operations may be performed by the system administrator.
28
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS CiscoWorks Add User Choose Server Configuration > Setup > Security > Add Users.
29
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDS MC Launch Choose VPN/Security Management > Management Center > IDS Sensors.
30
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Understanding the IDS MC Interface Page Path bar Object bar Object Selector handle TOCOption barTabsTool bar
31
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Sensors and Sensor Groups
32
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Hierarchy of Groups and Sensors
33
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Adding a Sensor Choose Devices > Sensor.
34
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Adding a Sensor (Cont.)
35
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Adding a Sensor (Cont.)
36
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Adding a Sensor (Cont.)
37
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Adding a Sensor Group Choose Devices > Sensor Group.
38
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Adding a Sensor Group (Cont.)
39
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Using the IDS MC to Configure the Sensor
40
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Configuring Allowed Hosts Choose Configuration > Settings > Communications > Allowed Hosts.
41
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Configuring Allowed Hosts (Cont.)
42
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Tuning Signatures Choose Configuration > Settings > Signatures.
43
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Tuning Signatures (Cont.)
44
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Tuning Signatures (Cont.)
45
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Tuning Signatures (Cont.)
46
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDS MC Workflow
47
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Workflow Workflow contains the following options: GenerateAllows you to generate configuration files for Sensors Approve(Optional.) Allows you to manage configuration files proposed for deployment DeployAllows you to submit new deployment jobs and manage deployment jobs
48
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Saving Configuration Changes Choose Configuration > Pending.
49
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Generating a Configuration File Choose Deployment > Generate.
50
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Generating a Configuration File (Cont.)
51
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Approving a Configuration File (Optional.) Choose Admin > System Configuration > Configuration File Management.
52
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Approving a Configuration File (Cont.)
53
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Deploying a Configuration File Choose Deployment > Deploy > Submit.
54
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Deploying a Configuration File (Cont.)
55
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Deploying a Configuration File (Cont.)
56
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Pending Deployments Choose Deployment > Deploy > Pending.
57
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Updating the IDS MC
58
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDS MC Updates The IDS MC must operate with the same software and signature version as the Sensors it manages. When you update the Sensor, you must also update the IDS MC. A compressed (.zip) update file must be used to upgrade the IDS MC. To update the IDS MC, the update file must reside on the IDS MC server at X:\Program Files\CSCOpx\MDC\etc\ids\updates.
59
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Applying an Update Choose Configuration > Updates > Update Network IDS Signatures.
60
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Applying an Update (Cont.)
61
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Reporting
62
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Report Generation Choose Reports > Generate.
63
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Report Generation (Cont.)
64
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Report Generation (Cont.)
65
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Viewing Reports
66
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary
67
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary The IDS MC provides a web-based interface for configuring and managing multiple IDS Sensors. The IDS MC can be installed on Windows-based and Solaris-based servers. The IDS MC allows the grouping of Sensors into Sensor groups for ease of management and configuration.
68
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary (Cont.) For the IDS MC to understand the software installed on the Sensor, it must operate with the same software and signature version as the Sensors it manages. Therefore, if you apply a service pack or signature update to a Sensor managed by the IDS MC, you must also update the IDS MC. The IDS MC provides a mechanism for controlling the approval and deployment of Sensor configuration files. The IDS MCs reporting capability provides a method for determining the status of configuration deployment.
69
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lab Exercise
70
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS sensorP.4 sensorQ Q P.0 Lab Visual Objective Student PC.2 Student PC Router.1.2 Router P Q P Q.0 RTS Web FTP RBB
Еще похожие презентации в нашем архиве:
