Cisco IPS-4240-K9 Getting Started Guide

Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Manual

Get Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 PDF manuals and user guides
UPC - 746320950679
View all Cisco IPS-4240-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco IPS-4240-K9 manual content summary:

  • Cisco IPS-4240-K9 | Getting Started Guide - Page 1
    to the router Cisco IOS Software Release 12.4(11)T or later A valid Cisco.com login username and password A current Cisco Services for IPS Contract for licensed signature update services You should be familiar with basic router commands for: Exec mode Configure mode Exit configure mode Backup and
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 2
    to download IOS IPS signature package files and public crypto key from Cisco.com. These files are required in later steps of configuration. Step 1.1 Download the required signature files from Cisco.com to your PC. Ensure that you have a valid Cisco.com username and password. Cisco.com location: http
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 3
    ): mkdir training#rmdir ips Remove directory filename [ips]? Delete flash:ips? [confirm] Removed dir flash:ips training#mkdir ipsstore Create directory filename [ipsstore]? Created dir flash:ipsstore All contents are Copyright © 1992-2007 Cisco Systems, Inc. All rights reserved
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 4
    at the router prompt to confirm that the crypto key is configured: show run (only the crypto key portion of the configuration is shown below) crypto key pubkey-chain rsa named-key realm-cisco.pub signature key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00C19E93
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 5
    Cisco IOS IPS The fourth step is to configure Cisco IOS IPS using the following sequence of steps: Step 4.1 Create a rule name (this will be used on an interface to enable IPS) ip ips name training#configure terminal training(config)# ip ips name myips Step 4.2 Configure IPS signature
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 6
    Step 4.4 Configure Cisco IOS IPS to use the default basic signature set: training(config)#ip ips signature-category training(config-ips-category)# category all training (config-ips-category-action)# retired true training (config-ips-category-action)# exit training(config-ips-category)# category
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 7
    : 338 -Total active compiled signatures Total Signatures with invalid parameters: 1 training# Additional Commands and References After Cisco IOS IPS loads the signature package into memory, it starts reading signatures and attempts to build them according to the configuration. An error message such
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 8
    to Cisco IOS IPS: training#copy usbflash1:IOS-S261-CLI.pkg idconf All signatures are by default configured to 'Alarm' action only. If you want to configure additional actions, the following CLI commands are available to change the signature configurations. training(config)#ip ips signature-category
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 9
    default signature definitions 6 Enable/Disable Signatures You can use the Cisco IOS Software command-line interface (CLI) to enable or disable one signature or a group of signatures based on signature categories. Following are example CLI commands to disable signature 6130/10. training#configure
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 10
    a signature instructs Cisco IOS IPS to compile the signature into memory and use the signature to scan traffic. Following are sample CLI commands to retire signature 6130/10. training#configure terminal Enter configuration commands, one per line. End with CNTL/Z. training(config)#ip ips signature
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 11
    use the Cisco IOS Software CLI to change signature actions for one signature or a group of signatures based on signature categories. Following are example CLI commands to change signature action to alert, drop, and reset for signature 6130/10. training#configure terminal Enter configuration commands
  • Cisco IPS-4240-K9 | Getting Started Guide - Page 12
    training(config-ips-category-action)#event-action reset-tcpconnection training(config-ips-category-action)#exit training(config-ips-category)#exit Do you want to accept these changes? [confirm]y training(config)# Additional Commands and References Cisco IOS IPS Configuration Guide: http://www.cisco
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
White Paper
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 12
Getting Started with Cisco IOS IPS with 5.x Format
Signatures: A Step-by-Step Guide
This guide is divided into two sections: Getting Started with Cisco IOS
®
IPS and Signature
Tuning.
The first section of the guide provides a detailed step-by-step process using the Cisco IOS
Software command-line interface (CLI) to get started in using the Cisco IOS IPS 5.x format
signatures. It contains the following five steps:
Step 1: Downloading Cisco IOS IPS Files
Step 2: Creating Directory on Flash
Step 3: Configuring Cisco IOS IPS Crypto Key
Step 4: Enabling Cisco IOS IPS
Step 5: Loading Signatures to Cisco IOS IPS
Each step and specific commands are described. The
Additional Commands and References
section under each step provides additional information. Example configurations are displayed in a
box below each command.
The second section of the guide provides instructions and examples on advanced options for
signature tuning. Topics include:
°
Enable/Disable Signatures
°
Retire/Unretire Signatures
°
Change Signature Actions
Prerequisites
Before getting started with the above steps, ensure that you have the following:
°
A Cisco 870, 1800, 2800, or 3800 Series Integrated Services Router
°
128 MB or more DRAM and at least 2 MB free flash memory
°
Console or Telnet connectivity to the router
°
Cisco IOS Software Release 12.4(11)T or later
°
A valid Cisco.com login username and password
°
A current Cisco
Services for IPS Contract
for licensed signature update services
You should be familiar with basic router commands for:
°
Exec mode
°
Configure mode
°
Exit configure mode
°
Backup and restore configuration