Thursday, August 30, 2012

IOS IPS config Steps


  • Enabling IOS IPS on a router is fairly simple
    • Globally load the IPS Signature Package
    • Then create an IPS Rule
    • Then apply that rule to an interface either inbound or outbound
    • To decrypt the signature files we need an RSA Key based on the Cisco Public key
  • Configuration steps
    • "retire"(disable) all signature categories & then "unretire" (enable) the basic IOS IPS category.
    • created a directory in flash to store the IPS configuration
    • Create an IOS IPS rule.
    • Specify the location of the signature configuration information.
    • Apply the 
at No comments:

Cisco Intrusion Prevent System (IPS)


  • Cisco IPS is a feature that must be enable on Cisco routers.
  • It provides Deep Packet Inspection (DPI) of traffic transiting the router.
  • This is especially useful in branch offices
    • to catch worms, viruses, and other exploits before they leave the local site.
  • Routers with the security image come with a package of signature files loaded in their flash.
    • Signature updates are posted on the Cisco website.
    • These signature updates are downloaded to TFTP server & then to server.
  • When IOS IPS is configured, the router acts as an inline IPS,
    • & compare each packet that flows through it to known signature.
  • Router actions upon finding a signature match include
    • Dropping the packet
    • Resetting the connection
    • Sending an alarm log message
    • Blocking traffic from the packet source for a configurable amount of time
    • Blocking traffic on the connection for a configurable amount of time
  • IOS IPS can be configurable through the command line,
    • or, using the Security Device Manger(SDM)

at No comments:

ZFW Configuration


  • Create the desired zones on the router
  • Decide how traffic should travel between the zones
    • and then create zone-pairs on the router
  • Create Class maps
    • to identify the inter-zone traffic
    • that must be inspected by the firewall
  • Create Policy maps
    • to assign policies to traffic
    • ans associate class maps with them.
  • Policy Maps were assigned to the appropriate zone-pair.
  • Assign interfaces to zones.
    • an interface may be assigned to only one security zone

at No comments:

ZFW Inspection & Controlling of Protocols


  • HTTP & HTTPS
  • SMTP, Extened SMTP(ESMTP), POP3, & IMAP
  • Peer-to-peer applications, with the ability to use heuristics to track port hopping
  • Instant messaging applications(AOl, Yahoo!, & MSM as of this writing)
  • Remote Procedure Calls (RPC)

at No comments:
Subscribe to: Posts (Atom)