Home » Cisco Manuals » Networking » Cisco IPS-4255-K9 » Manual Viewer

Cisco IPS-4255-K9 Installation Guide - Page 387

passive, fingerprinting, PASV Port Spoof, patch release, PIX Firewall, Post-ACL, Pre-ACL

UPC - 746320951096

Add to My Manuals
Save this manual to your list of manuals

Page 387 highlights

Glossary passive fingerprinting Passive OS Fingerprinting PASV Port Spoof PAT patch release PAWS PCI PDU PEP PER PFC PID ping PIX Firewall PKI POST Post-ACL Pre-ACL Act of determining the OS or services available on a system from passive observation of network interactions. The sensor determines host operating systems by inspecting characteristics of the packets exchanged on the network. An attempt to open connections through a firewall to a protected FTP server to a non-FTP port. This happens when the firewall incorrectly interprets an FTP 227 passive command by opening an unauthorized connection. Port Address Translation. A more restricted translation scheme than NAT in which a single IP address and different ports are used to represent the hosts of a network. Release that addresses defects identified in the update (minor, major, or service pack) binaries after a software release (service pack, minor, or major update) has been released. Protection Against Wrapped Sequence. Protection against wrapped sequence numbers in high performance TCP networks. See RFC 1323. Peripheral Component Interface. The most common peripheral expansion bus used on Intel-based computers. protocol data unit. OSI term for packet. See also BPDU and packet. Cisco Product Evolution Program. PEP is the UDI information that consists of the PID, the VID, and the SN of your sensor. PEP provides hardware version and serial number visibility through electronic query, product labels, and shipping items. packed encoding rules. Instead of using a generic style of encoding that encodes all types in a uniform way, PER specializes the encoding based on the date type to generate much more compact representations. Policy Feature Card. An optional card on a Catalyst 6000 supervisor engine that supports VACL packet filtering. Product Identifier. The orderable product identifier that is one of the three parts of the UDI. The UDI is part of the PEP policy. packet internet groper. Often used in IP networks to test the reachability of a network device. It works by sending ICMP echo request packets to the target host and listening for echo response replies. Private Internet Exchange Firewall. A Cisco network security device that can be programmed to block/enable addresses and ports between networks. Public Key Infrastructure. Authentication of HTTP clients using the clients X.509 certificates. Power-On Self Test. Set of hardware diagnostics that runs on a hardware device when that device is powered up. Designates an ACL from which ARC should read the ACL entries, and where it places entries after all deny entries for the addresses being blocked. Designates an ACL from which ARC should read the ACL entries, and where it places entries before any deny entries for the addresses being blocked. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-15

Section	Page
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0	1
Preface	13
Contents	13
Audience	13
Comply with Local and National Electrical Codes	13
Organization	15
Conventions	15
Related Documentation	16
Obtaining Documentation and Submitting a Service Request	17
Introducing the Sensor	19
How the Sensor Functions	19
Capturing Network Traffic	19
Your Network Topology	21
Correctly Deploying the Sensor	21
Tuning the IPS	21
Sensor Interfaces	22
Understanding Sensor Interfaces	22
Command and Control Interface	23
Sensing Interfaces	24
Interface Support	24
TCP Reset Interfaces	27
Interface Restrictions	28
Interface Modes	30
Promiscuous Mode	30
IPv6, Switches, and Lack of VACL Capture	31
Inline Interface Pair Mode	32
Inline VLAN Pair Mode	33
VLAN Group Mode	33
Deploying VLAN Groups	34
Supported Sensors	35
IPS Appliances	36
Introducing the IPS Appliance	36
Appliance Restrictions	37
Connecting an Appliance to a Terminal Server	37
IPS Modules	38
Introducing the AIM IPS	38
Introducing the AIP SSM	40
Introducing the IDSM2	42
Introducing the NME IPS	43
Time Sources and the Sensor	44
The Sensor and Time Sources	44
Synchronizing IPS Module System Clocks with the Parent Device System Clock	46
Verifying the Sensor is Synchronized with the NTP Server	46
Correcting the Time on the Sensor	47
Installation Preparation	47
Site and Safety Guidelines	48
Site Guidelines	48
Rack Configuration Guidelines	48
Electrical Safety Guidelines	49
Power Supply Guidelines	50
Working in an ESD Environment	50
Cable Pinouts	51
10/100BaseT and 10/100/1000BaseT Connectors	52
Console Port (RJ-45)	53
RJ-45 to DB-9 or DB-25	54
Installing the IPS 4240 and the IPS 4255	55
Introducing the IPS 4240 and the IPS 4255	55
Front and Back Panel Features	56
Specifications	58
Connecting the IPS 4240 to a Cisco 7200 Series Router	59
Accessories	59
Important Safety Instructions	59
Rack Mounting	60
Installing the IPS 4240 and the IPS 4255	61
Installing the IPS 4240-DC	64
Installing the IPS 4260	69
Introducing the IPS 4260	69
Supported Interface Cards	70
Hardware Bypass	72
4GE Bypass Interface Card	72
Hardware Bypass Configuration Restrictions	73
Hardware Bypass and Link Changes and Drops	74
Front and Back Panel Features	74
Specifications	77
Accessories	77
Important Safety Instructions	78
Rack Mounting	78
Installing the IPS 4260 in a 4-Post Rack	78
Installing the IPS 4260 in a 2-Post Rack	81
Installing the IPS 4260	83
Removing and Replacing the Chassis Cover	86
Installing and Removing Interface Cards	88
Installing and Removing the Power Supply	90
Installing the IPS 4270-20	93
Introducing the IPS 4270-20	94
Supported Interface Cards	95
Hardware Bypass	97
4GE Bypass Interface Card	97
Hardware Bypass Configuration Restrictions	98
Hardware Bypass and Link Changes and Drops	99
Front and Back Panel Features	99
Diagnostic Panel	103
Internal Components	105
Specifications	106
Accessories	107
Installing the Rail System Kit	107
Understanding the Rail System Kit	107
Rail System Kit Contents	108
Space and Airflow Requirements	108
Installing the IPS 4270-20 in the Rack	109
Extending the IPS 4270-20 from the Rack	117
Installing the Cable Management Arm	120
Converting the Cable Management Arm	123
Installing the IPS 4270-20	127
Removing and Replacing the Chassis Cover	130
Accessing the Diagnostic Panel	133
Installing and Removing Interface Cards	133
Installing and Removing the Power Supply	136
Installing and Removing Fans	141
Troubleshooting Loose Connections	143
Installing the AIM IPS	145
Specifications	145
Before Installing the AIM IPS	146
Software and Hardware Requirements	146
Interoperability With Other IPS Modules	147
Restrictions	147
Hardware Interfaces	148
Installation and Removal Instructions	149
Verifying Installation	150
Installing the AIP SSM	151
Specifications	151
Memory Specifications	152
Hardware and Software Requirements	152
Indicators	152
Installation and Removal Instructions	153
Installing the AIP SSM	153
Verifying the Status of the AIP SSM	154
Removing the AIP SSM	155
Installing the IDSM2	157
Specifications	157
Software and Hardware Requirements	158
Minimum Supported the IDSM2 Configurations	158
Using the TCP Reset Interface	159
Front Panel Features	159
Installation and Removal Instructions	160
Required Tools	160
Slot Assignments	161
Installing the IDSM2	161
Verifying Installation	165
Removing the IDSM2	166
Enabling Full Memory Tests	168
Catalyst Software	168
Cisco IOS Software	169
Resetting the IDSM2	169
Catalyst Software	169
Cisco IOS Software	170
Powering the IDSM2 Up and Down	171
Catalyst Software	171
Cisco IOS Software	172
Installing the NME IPS	173
Specifications	173
Before Installing the NME IPS	174
Software and Hardware Requirements	174
Interoperability With Other IPS Modules	175
Restrictions	175
Hardware Interfaces	176
Installation and Removal Instructions	177
Verifying Installation	178
Logging In to the Sensor	179
Supported User Roles	179
Logging In to the Appliance	180
Connecting an Appliance to a Terminal Server	181
Logging In to the AIM IPS	182
The AIM IPS and the session Command	182
Sessioning In to the AIM IPS	183
Logging In to AIP SSM	184
Logging In to the IDSM2	186
Logging In to the NME IPS	187
The NME IPS and the session Command	187
Sessioning In to the NME IPS	188
Logging In to the Sensor	189
Initializing the Sensor	191
Understanding Initialization	191
Simplified Setup Mode	191
System Configuration Dialog	192
Basic Sensor Setup	194
Advanced Setup	197
Advanced Setup for the Appliance	198
Advanced Setup for the AIM IPS	203
Advanced Setup for the AIP SSM	206
Advanced Setup for the IDSM2	210
Advanced Setup for the NME IPS	215
Verifying Initialization	218
Obtaining Software	221
Obtaining Cisco IPS Software	221
IPS Software Versioning	222
Software Release Examples	226
Upgrading Cisco IPS Software to 7.0	227
Accessing IPS Documentation	229
Cisco Security Intelligence Operations	229
Obtaining a License Key From Cisco.com	230
Understanding Licensing	230
Service Programs for IPS Products	231
Obtaining and Installing the License Key Using IDM or IME	231
Obtaining and Installing the License Key Using the CLI	233
Upgrading, Downgrading, and Installing System Images	237
Upgrades, Downgrades, and System Images	237
Supported FTP and HTTP/HTTPS Servers	238
Upgrading the Sensor	238
IPS 7.0 Upgrade Files	238
upgrade Command and Options	239
Using the upgrade Command	240
Upgrading the Recovery Partition	241
Configuring Automatic Upgrades	242
Automatic Upgrades	242
auto-upgrade Command and Options	243
Using the auto-upgrade Command	244
Automatic Upgrade Examples	246
Downgrading the Sensor	247
Recovering the Application Partition	248
Application Partition	248
Using the recover Command	248
Installing System Images	249
Understanding ROMMON	250
Supported TFTP Servers	250
Connecting an Appliance to a Terminal Server	250
Installing the IPS 4240 and IPS 4255 System Images	251
Installing the IPS 4260 System Image	254
Installing the IPS 4270-20 System Image	256
Installing the AIM IPS System Image	259
Installing the AIP SSM System Image	261
Reimaging the AIP SSM	262
Reimaging the AIP SSM Using the recover configure/boot Command	262
Installing the IDSM2 System Image	264
Understanding the IDSM2 System Image	264
Installing the IDSM2 System Image for Catalyst Software	264
Installing the IDSM2 System Image for Cisco IOS Software	265
Configuring the IDSM2 Maintenance Partition for Catalyst Software	267
Configuring the IDSM2 Maintenance Partition for Cisco IOS Software	271
Upgrading the IDSM2 Maintenance Partition for Catalyst Software	274
Upgrading the IDSM2 Maintenance Partition for Cisco IOS Software	275
Installing the NME IPS System Image	276
Troubleshooting	279
Bug Toolkit	279
Preventive Maintenance	280
Understanding Preventive Maintenance	280
Creating and Using a Backup Configuration File	281
Backing Up and Restoring the Configuration File Using a Remote Server	281
Creating the Service Account	283
Disaster Recovery	284
Recovering the Password	285
Understanding Password Recovery	286
Recovering the Appliance Password	286
Using the GRUB Menu	286
Using ROMMON	287
Recovering the AIM IPS Password	288
Recovering the AIP SSM Password	288
Recovering the IDSM2 Password	291
Recovering the NME IPS Password	291
Disabling Password Recovery	292
Verifying the State of Password Recovery	293
Troubleshooting Password Recovery	293
Time and the Sensor	294
Time Sources and the Sensor	294
Synchronizing IPS Module Clocks with Parent Device Clocks	295
Verifying the Sensor is Synchronized with the NTP Server	295
Correcting Time on the Sensor	296
Advantages and Restrictions of Virtualization	296
Supported MIBs	297
When to Disable Anomaly Detection	298
Troubleshooting Global Correlation	298
Analysis Engine Not Responding	299
Troubleshooting External Product Interfaces	300
External Product Interfaces Issues	300
External Product Interfaces Troubleshooting Tips	301
Troubleshooting the Appliance	301
Hardware Bypass and Link Changes and Drops	302
Troubleshooting Loose Connections	302
Analysis Engine is Busy	303
Connecting the IPS 4240 to a Cisco 7200 Series Router	303
Communication Problems	304
Cannot Access the Sensor CLI Through Telnet or SSH	304
Correcting a Misconfigured Access List	306
Duplicate IP Address Shuts Interface Down	307
SensorApp and Alerting	308
SensorApp Not Running	308
Physical Connectivity, SPAN, or VACL Port Issue	310
Unable to See Alerts	311
Sensor Not Seeing Packets	313
Cleaning Up a Corrupted SensorApp Configuration	315
Blocking	315
Troubleshooting Blocking	316
Verifying ARC is Running	316
Verifying ARC Connections are Active	317
Device Access Issues	319
Verifying the Interfaces and Directions on the Network Device	321
Enabling SSH Connections to the Network Device	321
Blocking Not Occurring for a Signature	322
Verifying the Master Blocking Sensor Configuration	323
Logging	324
Understanding Debug Logging	324
Enabling Debug Logging	325
Zone Names	328
Directing cidLog Messages to SysLog	329
TCP Reset Not Occurring for a Signature	330
Software Upgrades	331
Upgrading and Analysis Engine	332
Which Updates to Apply and Their Prerequisites	332
Issues With Automatic Update	333
Updating a Sensor with the Update Stored on the Sensor	333
Troubleshooting IDM	334
Cannot Launch IDM - Loading Java Applet Failed	334
Cannot Launch IDM-Analysis Engine Busy	335
IDM, Remote Manager, or Sensing Interfaces Cannot Access Sensor	335
Signatures Not Producing Alerts	336
Troubleshooting IME	337
Time Synchronization on IME and the Sensor	337
Not Supported Error Message	337
Troubleshooting the IDSM2	337
Diagnosing IDSM2 Problems	338
Minimum Supported IDSM2 Configurations	339
Switch Commands for Troubleshooting	339
Status LED Off	340
Status LED On But the IDSM2 Does Not Come Online	341
Cannot Communicate With the IDSM2 Command and Control Port	342
Using the TCP Reset Interface	344
Connecting a Serial Cable to the IDSM2	344
Troubleshooting the AIP SSM	344
Health and Status Information	345
The AIP SSM and the Data Plane	347
AIM SSP and the Normalizer Engine	347
Troubleshooting the AIM IPS and the NME IPS	347
Interoperability With Other IPS Network Modules	347
Gathering Information	348
Health and Network Security Information	348
Tech Support Information	349
Understanding the show tech-support Command	349
Displaying Tech Support Information	349
Tech Support Command Output	350
Version Information	352
Understanding the show version Command	352
Displaying Version Information	352
Statistics Information	354
Understanding the show statistics Command	355
Displaying Statistics	355
Interfaces Information	365
Understanding the show interfaces Command	365
Interfaces Command Output	365
Events Information	366
Sensor Events	366
Understanding the show events Command	367
Displaying Events	367
Clearing Events	370
cidDump Script	370
Uploading and Accessing Files on the Cisco FTP Site	371
Glossary	373

Match case Limit results 1 per page

Glossary

GL-15

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0

OL-18504-01

passive

fingerprinting

Act of determining the OS or services available on a system from passive observation of network

interactions.

Passive OS

Fingerprinting

The sensor determines host operating systems by inspecting characteristics of the packets exchanged

on the network.

PASV Port Spoof

An attempt to open connections through a firewall to a protected FTP server to a non-FTP port. This

happens when the firewall incorrectly interprets an FTP 227

passive

command by opening an

unauthorized connection.

PAT

Port Address Translation. A more restricted translation scheme than NAT in which a single IP address

and different ports are used to represent the hosts of a network.

patch release

Release that addresses defects identified in the update (minor, major, or service pack) binaries after a

software release (service pack, minor, or major update) has been released.

PAWS

Protection Against Wrapped Sequence. Protection against wrapped sequence numbers in high

performance TCP networks. See

RFC 1323

PCI

Peripheral Component Interface. The most common peripheral expansion bus used on Intel-based

computers.

PDU

protocol data unit. OSI term for packet. See also BPDU and packet.

PEP

Cisco Product Evolution Program. PEP is the UDI information that consists of the PID, the VID, and

the SN of your sensor. PEP provides hardware version and serial number visibility through electronic

query, product labels, and shipping items.

PER

packed encoding rules. Instead of using a generic style of encoding that encodes all types in a uniform

way, PER specializes the encoding based on the date type to generate much more compact

representations.

PFC

Policy Feature Card. An optional card on a Catalyst 6000 supervisor engine that supports VACL packet

filtering.

PID

Product Identifier. The orderable product identifier that is one of the three parts of the UDI. The UDI

is part of the PEP policy.

ping

packet internet groper. Often used in IP networks to test the reachability of a network device. It works

by sending ICMP echo request packets to the target host and listening for echo response replies.

PIX Firewall

Private Internet Exchange Firewall. A Cisco network security device that can be programmed to

block/enable addresses and ports between networks.

PKI

Public Key Infrastructure. Authentication of HTTP clients using the clients X.509 certificates.

POST

Power-On Self Test. Set of hardware diagnostics that runs on a hardware device when that device is

powered up.

Post-ACL

Designates an ACL from which ARC should read the ACL entries, and where it places entries after all

deny entries for the addresses being blocked.

Pre-ACL

Designates an ACL from which ARC should read the ACL entries, and where it places entries before

any deny entries for the addresses being blocked.