-
8/10/2019 IPS-5.ppt
1/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-1
Configuring the Sensor
-
8/10/2019 IPS-5.ppt
2/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-2
Configuring AllowedHosts
-
8/10/2019 IPS-5.ppt
3/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-3
Configuring Allowed Hosts
Sensor
Setup
Allowed
Hosts
Add
Configuration
-
8/10/2019 IPS-5.ppt
4/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-4
Configuring Allowed Hosts (Cont.)
IP
Address
Network
Mask
-
8/10/2019 IPS-5.ppt
5/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-5
Configuring Allowed Hosts (Cont.)
Delete
ResetApply
Edit
-
8/10/2019 IPS-5.ppt
6/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-6
Setting the Time
-
8/10/2019 IPS-5.ppt
7/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-7
Time Considerations
The sensor must have a reliable time source so thatevents
display correct time stamps. Otherwise, youcannot correctly analyze
the logs after an attack.
For sensor appliances, you can set the time in thefollowing
ways:
Manually
By using NTP (recommended)
-
8/10/2019 IPS-5.ppt
8/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-8
Configuring Time Settings
Apply
Standard
Time Zone
Sensor
Setup
SummertimeNTP
Server
Apply Time to Sensor
Configuration
Reset
Time
Time
-
8/10/2019 IPS-5.ppt
9/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-9
Configuring the Time Settings (Cont.)
Summertime
Duration
End Time
Start Time
Offset
Summer
Zone Name
-
8/10/2019 IPS-5.ppt
10/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-10
Configuring UserAccounts
-
8/10/2019 IPS-5.ppt
11/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-11
User Accounts
Users access a sensor by logging in to a useraccount.
Multiple user accounts can be created on a sensor.
Each user account is associated with a role thatdetermines the
users privileges.
The following roles can be assigned to an account:
Administrator
Operator
Viewer
Service
-
8/10/2019 IPS-5.ppt
12/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-12
The Service Account
This is a special account that enables root access.
Sensor allows only one service account.
It is not created by default.
It should be created for troubleshooting.
!Caution!
Do not make modifications to theSensor through the
serviceaccount except under the
direction of TAC.
-
8/10/2019 IPS-5.ppt
13/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-13
Creating User Accounts
Sensor
Setup
Configuration
Users
Add
Username
User
Role
Password
Confirm
Password
-
8/10/2019 IPS-5.ppt
14/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-14
Creating User Accounts (Cont.)
Edit
Apply Reset
Delete
Status
Role
-
8/10/2019 IPS-5.ppt
15/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-15
Configuring theInterfaces
-
8/10/2019 IPS-5.ppt
16/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-16
Sensor Interface Overview
There is only one command and control interfaceper sensor.
You can configure up to eight monitoringinterfaces, depending on
the type of sensor.
All monitoring interfaces use the sameconfiguration.
Multiple monitoring interfaces enable the
following: Simultaneous protection of multiple network
subnets
Inline sensing mode
-
8/10/2019 IPS-5.ppt
17/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-17
Sensor Interface Overview (Cont.)
4215 sensor
Packets
Copies of
Packets
Copies ofPackets
Command and
Control Interface
Monitoring
Interface
Monitoring
Interface
-
8/10/2019 IPS-5.ppt
18/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-18
Sensor Interface Overview (Cont.)
4215 Sensor
Packets
Command and
Control Interface
Monitoring
Interface
Monitoring
Interface
-
8/10/2019 IPS-5.ppt
19/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-19
Enabling the Interfaces
Configuration
Interface
Configuration
Interfaces Enable
Select
All
Apply Reset
Disable
Edit
-
8/10/2019 IPS-5.ppt
20/30 2005 Cisco Systems, Inc. All rights reserved. IPS
v5.05-20
Editing the Interfaces
Select
Interface
Description
Enabled
Duplex
Speed
Use
Alternate
TCP Reset
Interface
-
8/10/2019 IPS-5.ppt
21/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-21
Creating Interface Pairs
Interface
Configuration
Interface
Pairs
Configuration
Add
-
8/10/2019 IPS-5.ppt
22/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-22
Creating Interface Pairs (Cont.)
Interface
Pair
Name
Select two
interfaces
Description
-
8/10/2019 IPS-5.ppt
23/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-23
Creating Interface Pairs (Cont.)
Select All
Apply Reset
Edit
Delete
-
8/10/2019 IPS-5.ppt
24/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-24
Assigning Interfaces to the Virtual Sensor
Edit
Virtual
Sensor
Analysis
Engine
Configuration
-
8/10/2019 IPS-5.ppt
25/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-25
Assigning Interfaces to the Virtual Sensor(Cont.)
Assigned
Interfaces
(or Pairs)
Add
Remove
Available
Interfaces
(or Pairs)
-
8/10/2019 IPS-5.ppt
26/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-26
Configuring Traffic Flow Notification
Configuration
Interface
Configuration
Traffic Flow
Notifications
Interface IdleThreshold
Notification
Interval
Missed
Packets
Threshold
ResetApply
-
8/10/2019 IPS-5.ppt
27/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-27
Configuring SoftwareBypass
-
8/10/2019 IPS-5.ppt
28/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-28
Software Bypass
The software bypass feature ensures that packetscontinue to flow
through the sensor even if thesensor hangs or an application
crashes. Here aresome major characteristics of software bypass:
It applies only to inline paired interfaces.
It causes traffic inspection to cease without impactingnetwork
traffic.
It can be used for the following purposes:
Troubleshooting To ensure that traffic continues to flow during
sensor
upgrades
As a failover mechanism
It can be configured to automatically start and stop.
-
8/10/2019 IPS-5.ppt
29/30
2005 Cisco Systems, Inc. All rights reserved. IPS v5.05-29
Configuring Software Bypass Modes
You.
Configuration
Interface
Configuration
Bypass
Bypass
ModeApply Reset
-
8/10/2019 IPS-5.ppt
30/30
![IIM Lko. ppt. for IPS 110907[1]](https://img.pdfslide.us/doc/110x75/577d2a7f1a28ab4e1ea958fe/iim-lko-ppt-for-ips-1109071.jpg)
