Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована 10 лет назад пользователемЛариса Янюшкина
1 © 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration
2 © 2001, Cisco Systems, Inc. CSIDS Objectives Upon completion of this chapter, you will be able to perform the following tasks: View Signature settings and configure their severities and actions. Enable or disable signatures. Configure connection and string signatures. Create signature templates and change which one is used by a Sensor. Configure the minimum alarm severity level a Sensor sends to the Director.
3 © 2001, Cisco Systems, Inc. CSIDS Objectives (cont.) Configure signature filtering to reduce false positives and tune signature triggering in the user environment. Configure signature tuning parameters to customize triggers for the user environment. Configure signature port mapping to customize it for the user environment. Create ACL signatures that generate alarms when ACL violations are detected in a Cisco IOS router.
4 © 2001, Cisco Systems, Inc. CSIDS Basic Signature Configuration
5 © 2001, Cisco Systems, Inc. CSIDS Viewing the Signature Settings Select Signature Template
6 © 2001, Cisco Systems, Inc. CSIDS Signature Names and Severities Severity Signature Name Select Signature Template
7 © 2001, Cisco Systems, Inc. CSIDS Enabling and Disabling Signatures Enable Checkbox Select Signature Template
8 © 2001, Cisco Systems, Inc. CSIDS Setting Signature Actions Double-click Action Select Signature Template
9 © 2001, Cisco Systems, Inc. CSIDS Connection Signature Type and Port Configuration TCP or UDP Port number Select Signature Template
10 © 2001, Cisco Systems, Inc. CSIDS String Signatures Configuration Number of Occurrences String pattern TCP PortTraffic Direction Select Signature Template
11 © 2001, Cisco Systems, Inc. CSIDS Signature Templates
12 © 2001, Cisco Systems, Inc. CSIDS What is a Signature Template? Sensor Signatures Templates
13 © 2001, Cisco Systems, Inc. CSIDS Creating a New Signature Template Select and Right Click Sensor Signatures Select New>Sensor Signature
14 © 2001, Cisco Systems, Inc. CSIDS Assigning the Signature Template Used by the Sensor Choose the Signature Template Select the Sensor Select the Sensing tab
15 © 2001, Cisco Systems, Inc. CSIDS Applying the Signature Template to the Sensor Select the Sensor Select the Comman d tab Check for errors Click Approve Now
16 © 2001, Cisco Systems, Inc. CSIDS Signature Filtering
17 © 2001, Cisco Systems, Inc. CSIDS Setting the Minimum Level to Send to the Director Minimum Event Level Select the Sensor Select the Filtering tab
18 © 2001, Cisco Systems, Inc. CSIDS Simple Signature Filtering Sub-signatureSignature Address role IP address and netmask Select the Sensor Select the Filtering tab Select the Simple Filtering tab
19 © 2001, Cisco Systems, Inc. CSIDS Advanced Signature Filtering Source Address Signature Subsignature Destination Address Select the Sensor Select the Filtering tab Select the Advanced Filtering tab
20 © 2001, Cisco Systems, Inc. CSIDS Advanced Signature Configuration
21 © 2001, Cisco Systems, Inc. CSIDS Signature Tuning Parameter names Parameter values Select the Sensor Select the Sensing tab Select the Signature Tuning Parameters tab
22 © 2001, Cisco Systems, Inc. CSIDS Signature Port Mapping Select the Sensor Select the Sensing tab Select the Port Mapping tab Click OK
23 © 2001, Cisco Systems, Inc. CSIDS ACL Signatures Configuration
24 © 2001, Cisco Systems, Inc. CSIDS Creating ACL Signatures Click OK Click Add Select Signature Template Select the ACL Signature s Tab
25 © 2001, Cisco Systems, Inc. CSIDS Defining Syslog Sources Select the Sensor Select the Monitoring Tab Click Add Click OK
26 © 2001, Cisco Systems, Inc. CSIDS Summary All signature severities and actions are modified in the signature template in CSPM. Signatures can be enabled or disabled. Connection and string signatures are configured in the signature template in CSPM. Many signature templates can be created. A given signature template is applied to one or many Sensors. The minimum alarm severity level can be configured on a Sensor to limit the alarms sent to the Director. Signature filtering reduces false positives and other undesired alarms. Signature parameter tuning is used to customize signature triggers in the user environment. Signature port mapping is used to customize port to signature settings in the user environment. ACL signatures generate alarms when ACL violations are detected in a Cisco IOS router.
27 © 2001, Cisco Systems, Inc. CSIDS Lab Signatures Configuration
28 © 2001, Cisco Systems, Inc. CSIDS Pod P Your Pod Pod Q Peer Pod CSPM Lab Visual Objective rP e0/0 e0/ P.0 /24.P.1.4 rQ e0/0 e0/1.Q Q.0 / / P.3CSPM10.0.Q.3 Host ID = 3, Org ID = P Host Name = director P, Org Name = pod P Host ID = 3, Org ID = Q Host Name = director Q, Org Name = pod Q.6 sensorP idsmP sensorQ idsmQ
Еще похожие презентации в нашем архиве:
© 2024 MyShared Inc.
All rights reserved.