ebook img

Cisco Intrusion Prevention System Appliance and Module PDF

414 Pages·2012·8.52 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cisco Intrusion Prevention System Appliance and Module

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a ClassA digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: This equipment has been tested and found to comply with the limits for a ClassB digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If the equipment causes interference to radio or television reception, which can be determined by turning the equipment off and on, users are encouraged to try to correct the interference by using one or more of the following measures: • Reorient or relocate the receiving antenna. (cid:129) Increase the separation between the equipment and receiver. (cid:129) Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. (cid:129) Consult the dealer or an experienced radio/TV technician for help. Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED ORIMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Ciscotrademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 © 2009-2012 Cisco Systems, Inc. All rights reserved. C O N T E N T S Preface xiii Contents xiii Audience xiii Comply with Local and National Electrical Codes xiii Organization xv Conventions xv Related Documentation xvi Obtaining Documentation and Submitting a Service Request xvii CHAPTER 1 Introducing the Sensor 1-1 How the Sensor Functions 1-1 Capturing Network Traffic 1-1 Your Network Topology 1-3 Correctly Deploying the Sensor 1-3 Tuning the IPS 1-3 Sensor Interfaces 1-4 Understanding Sensor Interfaces 1-4 Command and Control Interface 1-5 Sensing Interfaces 1-6 Interface Support 1-6 TCP Reset Interfaces 1-9 Interface Restrictions 1-10 Interface Modes 1-12 Promiscuous Mode 1-12 IPv6, Switches, and Lack of VACL Capture 1-13 Inline Interface Pair Mode 1-14 Inline VLAN Pair Mode 1-15 VLAN Group Mode 1-15 Deploying VLAN Groups 1-16 Supported Sensors 1-17 IPS Appliances 1-18 Introducing the IPS Appliance 1-18 Appliance Restrictions 1-19 Connecting an Appliance to a Terminal Server 1-19 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 iii Contents IPS Modules 1-20 Introducing the AIMIPS 1-20 Introducing the AIPSSM 1-22 Introducing the IDSM2 1-24 Introducing the NMEIPS 1-25 Time Sources and the Sensor 1-26 The Sensor and Time Sources 1-26 Synchronizing IPS Module System Clocks with the Parent Device System Clock 1-28 Verifying the Sensor is Synchronized with the NTP Server 1-28 Correcting the Time on the Sensor 1-29 Installation Preparation 1-29 Site and Safety Guidelines 1-30 Site Guidelines 1-30 Rack Configuration Guidelines 1-30 Electrical Safety Guidelines 1-31 Power Supply Guidelines 1-32 Working in an ESD Environment 1-32 Cable Pinouts 1-33 10/100BaseT and 10/100/1000BaseT Connectors 1-34 Console Port (RJ-45) 1-35 RJ-45 to DB-9 or DB-25 1-36 CHAPTER 2 Installing the IPS4240 and the IPS4255 2-1 Introducing the IPS4240 and the IPS4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS4240 and the IPS4255 2-7 Installing the IPS4240-DC 2-10 CHAPTER 3 Installing the IPS4260 3-1 Introducing the IPS4260 3-1 Supported Interface Cards 3-3 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 iv OL-18504-01 Contents Hardware Bypass Configuration Restrictions 3-5 Hardware Bypass and Link Changes and Drops 3-6 Front and Back Panel Features 3-6 Specifications 3-9 Accessories 3-9 Important Safety Instructions 3-10 Rack Mounting 3-10 Installing the IPS4260 in a 4-Post Rack 3-10 Installing the IPS4260 in a 2-Post Rack 3-13 Installing the IPS4260 3-15 Removing and Replacing the Chassis Cover 3-18 Installing and Removing Interface Cards 3-20 Installing and Removing the Power Supply 3-22 CHAPTER 4 Installing the IPS4270-20 4-1 Introducing the IPS 4270-20 4-2 Supported Interface Cards 4-3 Hardware Bypass 4-5 4GE Bypass Interface Card 4-5 Hardware Bypass Configuration Restrictions 4-6 Hardware Bypass and Link Changes and Drops 4-7 Front and Back Panel Features 4-7 Diagnostic Panel 4-11 Internal Components 4-13 Specifications 4-14 Accessories 4-15 Installing the Rail System Kit 4-15 Understanding the Rail System Kit 4-15 Rail System Kit Contents 4-16 Space and Airflow Requirements 4-16 Installing the IPS4270-20 in the Rack 4-17 Extending the IPS4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 v Contents Installing and Removing Interface Cards 4-41 Installing and Removing the Power Supply 4-44 Installing and Removing Fans 4-49 Troubleshooting Loose Connections 4-51 CHAPTER 5 Installing the AIMIPS 5-1 Specifications 5-1 Before Installing the AIMIPS 5-2 Software and Hardware Requirements 5-2 Interoperability With Other IPS Modules 5-3 Restrictions 5-3 Hardware Interfaces 5-4 Installation and Removal Instructions 5-5 Verifying Installation 5-6 CHAPTER 6 Installing the AIPSSM 6-1 Specifications 6-1 Memory Specifications 6-2 Hardware and Software Requirements 6-2 Indicators 6-2 Installation and Removal Instructions 6-3 Installing the AIPSSM 6-3 Verifying the Status of the AIPSSM 6-4 Removing the AIPSSM 6-5 CHAPTER 7 Installing the IDSM2 7-1 Specifications 7-1 Software and Hardware Requirements 7-2 Minimum Supported the IDSM2 Configurations 7-2 Using the TCP Reset Interface 7-3 Front Panel Features 7-3 Installation and Removal Instructions 7-4 Required Tools 7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01 Contents Enabling Full Memory Tests 7-12 Catalyst Software 7-12 Cisco IOS Software 7-13 Resetting the IDSM2 7-13 Catalyst Software 7-13 Cisco IOS Software 7-14 Powering the IDSM2 Up and Down 7-15 Catalyst Software 7-15 Cisco IOS Software 7-16 CHAPTER 8 Installing the NMEIPS 8-1 Specifications 8-1 Before Installing the NMEIPS 8-2 Software and Hardware Requirements 8-2 Interoperability With Other IPS Modules 8-3 Restrictions 8-3 Hardware Interfaces 8-4 Installation and Removal Instructions 8-5 Verifying Installation 8-6 CHAPTER 9 Logging In to the Sensor 9-1 Supported User Roles 9-1 Logging In to the Appliance 9-2 Connecting an Appliance to a Terminal Server 9-3 Logging In to the AIMIPS 9-4 The AIMIPS and the session Command 9-4 Sessioning In to the AIMIPS 9-5 Logging In to AIPSSM 9-6 Logging In to the IDSM2 9-8 Logging In to the NMEIPS 9-9 The NMEIPS and the session Command 9-9 Sessioning In to the NMEIPS 9-10 Logging In to the Sensor 9-11 CHAPTER 10 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 vii Contents System Configuration Dialog 10-2 Basic Sensor Setup 10-4 Advanced Setup 10-7 Advanced Setup for the Appliance 10-8 Advanced Setup for the AIMIPS 10-13 Advanced Setup for the AIPSSM 10-16 Advanced Setup for the IDSM2 10-20 Advanced Setup for the NMEIPS 10-25 Verifying Initialization 10-28 CHAPTER 11 Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the License Key Using IDM or IME 11-11 Obtaining and Installing the License Key Using the CLI 11-13 CHAPTER 12 Upgrading, Downgrading, and Installing System Images 12-1 Upgrades, Downgrades, and System Images 12-1 Supported FTP and HTTP/HTTPS Servers 12-2 Upgrading the Sensor 12-2 IPS 7.0 Upgrade Files 12-3 upgrade Command and Options 12-3 Using the upgrade Command 12-4 Upgrading the Recovery Partition 12-5 Configuring Automatic Upgrades 12-6 Automatic Upgrades 12-7 auto-upgrade Command and Options 12-7 Using the auto-upgrade Command 12-8 Downgrading the Sensor 12-10 Recovering the Application Partition 12-11 Application Partition 12-11 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01 Contents Using the recover Command 12-11 Installing System Images 12-12 Understanding ROMMON 12-13 Supported TFTP Servers 12-13 Connecting an Appliance to a Terminal Server 12-13 Installing the IPS4240 and IPS4255 System Images 12-14 Installing the IPS4260 System Image 12-17 Installing the IPS 4270-20 System Image 12-19 Installing the AIMIPS System Image 12-22 Installing the AIPSSM System Image 12-24 Reimaging the AIPSSM 12-25 Reimaging the AIPSSM Using the recover configure/boot Command 12-25 Installing the IDSM2 System Image 12-27 Understanding the IDSM2 System Image 12-27 Installing the IDSM2 System Image for Catalyst Software 12-28 Installing the IDSM2 System Image for Cisco IOS Software 12-29 Configuring the IDSM2 Maintenance Partition for Catalyst Software 12-30 Configuring the IDSM2 Maintenance Partition for Cisco IOS Software 12-34 Upgrading the IDSM2 Maintenance Partition for Catalyst Software 12-38 Upgrading the IDSM2 Maintenance Partition for Cisco IOS Software 12-38 Installing the NMEIPS System Image 12-39 APPENDIX A Troubleshooting A-1 Bug Toolkit A-1 Preventive Maintenance A-2 Understanding Preventive Maintenance A-2 Creating and Using a Backup Configuration File A-3 Backing Up and Restoring the Configuration File Using a Remote Server A-3 Creating the Service Account A-5 Disaster Recovery A-6 Recovering the Password A-7 Understanding Password Recovery A-8 Recovering the Appliance Password A-8 Using the GRUB Menu A-8 Using ROMMON A-9 Recovering the AIMIPS Password A-10 Recovering the AIPSSM Password A-10 Recovering the IDSM2 Password A-13 Recovering the NMEIPS Password A-13 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 ix Contents Disabling Password Recovery A-14 Verifying the State of Password Recovery A-15 Troubleshooting Password Recovery A-15 Time and the Sensor A-16 Time Sources and the Sensor A-16 Synchronizing IPS Module Clocks with Parent Device Clocks A-17 Verifying the Sensor is Synchronized with the NTP Server A-17 Correcting Time on the Sensor A-18 Advantages and Restrictions of Virtualization A-18 Supported MIBs A-19 When to Disable Anomaly Detection A-20 Troubleshooting Global Correlation A-20 Analysis Engine Not Responding A-21 Troubleshooting External Product Interfaces A-22 External Product Interfaces Issues A-22 External Product Interfaces Troubleshooting Tips A-23 Troubleshooting the Appliance A-23 The Sensor and Jumbo Packet Frame Size A-24 Hardware Bypass and Link Changes and Drops A-24 Troubleshooting Loose Connections A-24 Analysis Engine is Busy A-25 Connecting the IPS4240 to a Cisco 7200 Series Router A-25 Communication Problems A-26 Cannot Access the Sensor CLI Through Telnet or SSH A-26 Correcting a Misconfigured Access List A-28 Duplicate IP Address Shuts Interface Down A-29 SensorApp and Alerting A-30 SensorApp Not Running A-30 Physical Connectivity, SPAN, or VACL Port Issue A-32 Unable to See Alerts A-33 Sensor Not Seeing Packets A-35 Cleaning Up a Corrupted SensorApp Configuration A-37 Blocking A-37 Troubleshooting Blocking A-38 Verifying ARC is Running A-38 Verifying ARC Connections are Active A-39 Device Access Issues A-41 Verifying the Interfaces and Directions on the Network Device A-43 Enabling SSH Connections to the Network Device A-43 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 x OL-18504-01

Description:
iii Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 CONTENTS Preface xiii Contents xiii Supported Sensors xiii
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.