© 2001, Cisco Systems, Inc. CSIDS 2.05-1 Chapter 5 Cisco Secure Intrusion Detection System Sensor Installation. - презентация

1 © 2001, Cisco Systems, Inc. CSIDS Chapter 5 Cisco Secure Intrusion Detection System Sensor Installation

2 © 2001, Cisco Systems, Inc. CSIDS Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the most common Sensor deployment options. Define the terms device management and firewall sandwich. Describe the functional differences between the Command and Control interface and the Monitoring interface on the Sensor.

3 © 2001, Cisco Systems, Inc. CSIDS Objectives (cont.) Get management access on the Sensor. Bootstrap the Sensor. Add a Sensor in CSPM. Push the initial configuration files from CSPM to the Sensor. Describe how to check for errors when adding a Sensor in CSPM.

4 © 2001, Cisco Systems, Inc. CSIDS Deploying CSIDS

5 © 2001, Cisco Systems, Inc. CSIDS Protected network... Untrusted network Command and Control network Monitoring interface Basic Installation Out-of-band network Out-of-band network

6 © 2001, Cisco Systems, Inc. CSIDS Protected network... Untrusted network Command and Control network Monitoring interface Installation with Device Management Dedicated router interface

7 © 2001, Cisco Systems, Inc. CSIDS Protected network... Untrusted network Command and Control network Monitoring interface Firewall Firewall Sandwich Installation

8 © 2001, Cisco Systems, Inc. CSIDS Remote network Sensor Director Untrusted network IPSec tunnel Remote Sensor Installation Protected network

9 © 2001, Cisco Systems, Inc. CSIDS Dial-up access Partner network Protected network Payroll Untrusted network DNS server Web server Sensor Placement Considerations

10 © 2001, Cisco Systems, Inc. CSIDS The Sensor Appliances

11 © 2001, Cisco Systems, Inc. CSIDS Sensor Front Panel Power LED Hard Drive LED Power switch Reset switch Floppy disk drive CD-ROM drive CD-ROM drive

12 © 2001, Cisco Systems, Inc. CSIDS Monitoring interface Command and Control interface 4230 Sensor Back Panel Power supply switch Keyboard Console Port Video monitor

13 © 2001, Cisco Systems, Inc. CSIDS Sensor Front Panel Console port

14 © 2001, Cisco Systems, Inc. CSIDS Sensor Back Panel Video monitor Video monitor Keyboard Command and Control interface Monitoring interface Console access

15 © 2001, Cisco Systems, Inc. CSIDS Management Access Console Port (cable provided) Monitor and Keyboard Telnet

16 © 2001, Cisco Systems, Inc. CSIDS Login Accounts root –Operating system- level access –Use only for Bootstrapping (sysconfig-sensor) Solaris operating system-level commands (e.g., snoop) netrangr –CSIDS-level access –Use for all other CSIDS commands

17 © 2001, Cisco Systems, Inc. CSIDS Sensor Bootstrap Configuration

18 © 2001, Cisco Systems, Inc. CSIDS sysconfig-sensor

19 © 2001, Cisco Systems, Inc. CSIDS IP Configuration Option 1IP Address Option 2IP Netmask Option 3IP Hostname –UNIX hostname (independent of PostOffice) Option 4Default Route –Enter a default route if access to or from the Sensor from or to another network is required

20 © 2001, Cisco Systems, Inc. CSIDS Network Access Control Option 5List of IP addresses allowed to telnet, ftp, or tftp to the Sensor Examples – (specific IP) –10. (anyone with IP starting with 10.) 10. is set by default and should be removed

21 © 2001, Cisco Systems, Inc. CSIDS Configuring Communication Parameters Option 6

22 © 2001, Cisco Systems, Inc. CSIDS Creating Initial Configuration Files

23 © 2001, Cisco Systems, Inc. CSIDS Option 7 Configuring the System Date, Time, and Timezone

24 © 2001, Cisco Systems, Inc. CSIDS Option 8 Changing Passwords

25 © 2001, Cisco Systems, Inc. CSIDS Exiting sysconfig-sensor Option xExiting sysconfig-sensor –Options 1 through 5 require the Sensor to rebootSystem prompts you to reboot when parameters change: enter y at the prompt –Options 6 through 8 do not require the Sensor to reboot –Director communications are ready Proceed to add the Sensor to the Director and enable intrusion detection

26 © 2001, Cisco Systems, Inc. CSIDS Adding a Sensor in CSPM

27 © 2001, Cisco Systems, Inc. CSIDS Select Add Sensor Start the Add Sensor Wizard

28 © 2001, Cisco Systems, Inc. CSIDS Sensor Identification Enter Org ID Enter comments Enter Host ID Enter Sensor Name Enter Org Name Leave Cisco PostOffice in the field Enter IP Address Verify the Sensors address For pre- configured Sensors

29 © 2001, Cisco Systems, Inc. CSIDS Default Gateway Address Enter Network Mask Enter IP address

30 © 2001, Cisco Systems, Inc. CSIDS Select Sensor Version and Signatures Template Choose the template Choose the version

31 © 2001, Cisco Systems, Inc. CSIDS Sensor Added in Network Topology Click Finish The Sensor is added

32 © 2001, Cisco Systems, Inc. CSIDS Add the CSPM Host to the Topology Right-click Network and choose New>Host. Click Yes to add the CSPM host itself to the topology.

33 © 2001, Cisco Systems, Inc. CSIDS Select the Sensor Select the Control tab Selecting the PDP Choose your host as PDP Click OK

34 © 2001, Cisco Systems, Inc. CSIDS Saving and Updating the Configuration Saves the configuration in CSPM Saves and updates the Sensor configuration files Check for errors

35 © 2001, Cisco Systems, Inc. CSIDS Pushing the Configuration Files to the Sensor Select the Sensor Select the Comman d tab Check for errors Click Approve Now

36 © 2001, Cisco Systems, Inc. CSIDS Check for Errors Select the Sensor Select the Comman d tab Check for errors Click Approve Now

37 © 2001, Cisco Systems, Inc. CSIDS Consistency Check Select Consistency Check Check for errors

38 © 2001, Cisco Systems, Inc. CSIDS Summary The most common Sensor installation and deployment options. Definition of the terms device management and firewall sandwich. The functional differences between the Command and Control interface and the Monitoring interface on the Sensor. You can gain access to a Sensor for management by connecting a keyboard and a monitor, attaching a console cable, or via the network.

39 © 2001, Cisco Systems, Inc. CSIDS Summary (cont.) The Sensor is bootstrapped using the sysconfig-sensor utility. The Add Sensor wizard is used to add a Sensor in CSPM. The Command Approval function of CSPM enables you to push the configuration files from CSPM to the Sensor. The Command Status and Command/Message windows displays any errors when adding a Sensor in CSPM.

40 © 2001, Cisco Systems, Inc. CSIDS Lab Sensor Installation

41 © 2001, Cisco Systems, Inc. CSIDS Pod P Your Pod Pod Q Peer Pod CSPM Lab Visual Objective rP e0/0 e0/ P.0 /24.P.1.4 rQ e0/0 e0/1.Q Q.0 / / P.3CSPM10.0.Q.3 Host ID = 3Org ID = P Host Name = director P Org Name = pod P.6 sensorP idsmP sensorQ idsmQ Host ID = 3Org ID = Q Host Name = director Q Org Name = pod Q