© 2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-1 Lesson 4 Using IPS Device Manager. - презентация

1 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Lesson 4 Using IPS Device Manager

2 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Introduction to the IPS Device Manager

3 © 2005 Cisco Systems, Inc. All rights reserved. IPS v IPS Device Manager IDM is a web-based application that enables you to configure, manage, and monitor the sensor. The IDM web server resides on the sensor and can be accessed via your web browser.

4 © 2005 Cisco Systems, Inc. All rights reserved. IPS v IDM Features and Benefits Web-based embedded architecture Task-based GUI Configuration and monitoring Sensor system administration Signature grouping Signature customization Secure communication (TLS and SSL)

5 © 2005 Cisco Systems, Inc. All rights reserved. IPS v TLS and SSL Communications TLS and SSL use a process called handshaking that involves a number of coordinated exchanges between a client and a server. A trusted host certificate is used by the server to verify the identity of a connecting client. A server certificate is used by the server to prove its identity to the client. IDM HTTPS (TLS and SSL) HTTPS Server HTTPS Client IDM

6 © 2005 Cisco Systems, Inc. All rights reserved. IPS v SDEE and RDEP over HTTPS Sensor Configuratio n XML HTTPS RDEP IDM SDEE Event XML HTTPS

7 © 2005 Cisco Systems, Inc. All rights reserved. IPS v IDM System Requirements Supported operating systems for IDM and their corresponding supported browsers: Windows 2000, Windows XP –Internet Explorer 6.0 with Java Plug-In 1.5 –Netscape 7.1 with Java Plug-In 1.5 Sun SPARC Solaris 2.8 or 2.9 –Mozilla 1.7 Red Hat Linux 9.0 or Red Hat Enterprise Linux WS, version 3 running GNOME or KDE –Mozilla 1.7

8 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Getting Started with the IDM

9 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Logging In to the IDM

10 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusting the Sensor

11 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusting Cisco

12 © 2005 Cisco Systems, Inc. All rights reserved. IPS v License Key Warning

13 © 2005 Cisco Systems, Inc. All rights reserved. IPS v IDM User Interface ForwardBackRefresh Help

14 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Online IDM Help

15 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Configuring Network Settings Hostname Remote Access Default Route Network Mask IP Address Reset Web Server Settings Configuration Network Sensor Setup

16 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Configuring Certificates

17 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Server Certificate Generate Certificate Server Certificate Configuration Certificates Sensor Setup

18 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusted Hosts D Add IP Address

19 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusted Hosts (Cont.) View Delete

20 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Configuring SSH

21 © 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Communications The clients key (SSH authorized key) enables the client to connect without password authentication. The servers key (SSH host key) is used by the sensor to prove its identity to the client. CLI SSH Client SSH Server

22 © 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Authorized Keys Authorized Keys Add Sensor Setup Configuration SSH

23 © 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Authorized Keys (Cont.) ID Modulus Length Public Exponent Public Modulus

24 © 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Authorized Keys (Cont.) Edit Delete Reset Apply

25 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Sensor SSH Host Key Generate Key Sensor Key

26 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys R Add Known Host Keys

27 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys (Cont.) Retrieve Host Key IP Address

28 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys (Cont.) Modulus Length Public Modulus Public Exponent

29 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys (Cont.) ApplyReset Delete Edit

30 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Rebooting and Shutting Down the Sensor

31 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Rebooting the Sensor Reboot Sensor Configuration

32 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Shutting Down the Sensor Shut Down Sensor Configuration

33 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Viewing Events in IDM

34 © 2005 Cisco Systems, Inc. All rights reserved. IPS v The Events Panel The Events panel enables you to do the following: –Filter event data –View event data You can filter events based on the following: –Type –Time –Both type and time

35 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Configuring the Event Display Monitoring Events View Reset Select the number of rows per page To configure events by type To configure events by time

36 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Viewing the Events Back Next Sig IDEventsEvent IDSensor UTC TimeType# Close Help Details

37 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Viewing Event Details

38 © 2005, Cisco Systems, Inc. All rights reserved. IPS v Summary

39 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary The IDM is a web-based Java application that enables you to configure and manage your sensor. The IDM also enables you to view and manage alarm feeds from the sensor. The web server for the IDM resides on the sensor. You can access the web server for the IDM via the Internet Explorer, Netscape, or Mozilla web browsers. By default, TLS provides the security for communications between the sensor and the management system running the IDM.

40 © 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary (Cont.) SSH can be used to securely connect to the sensor CLI. You can use the IDM to configure and manage both TLS certificates and SSH keys. You can use the IDM to reboot the sensor. You can use the IDM to put the sensor in a state in which it is safe to power it off. The IDM enables you to filter the events display by type, time, or both.

41