Creating an IDS Inspection Rule

Previous page
Table of content
Next page

The previous commands configured global parameters, but to configured an IDS policy, you must create a named IDS policy. The named IDS policy is then applied to an interface to activate both the global IDS policies and the named IDS policies that you have configured.

The commands for creating a named IDS policy are similar to the commands that you use to create global policies for both information signatures and attack signatures. The only difference with a named policy is that you configure a name that is used with a policy that gets applied to an interface.

The commands to create a named policy for information and attack signatures are 

 
 Router(config)# ip audit name  audit-name  info action [alarm] [drop] [reset] Router(config)# ip audit name  audit-name  attack action [alarm] [drop] [reset]

To create an IDS policy that is named SECUR for information signatures with the actions of alarm and reset, use the following command: 

 
 Router(config)# ip audit name SECUR info action alarm reset

To create an IDS policy that is named SECUR for attack signatures, with the actions of drop and reset, use the following command: 

 
 Router(config)# ip audit name SECUR attack action drop reset

Applying an IDS Inspection Rule

Once you create a named IDS policy, you must apply that policy to an interface to activate the IDS services.

The command is simply to apply the policy to an interface. First enter interface configuration mode and then use the following command: 

 
 Router(config-if)# ip audit  audit-name  [in out]

To apply the SECUR policy to inbound traffic, simply issue the following command: 

 
 Router(config-if)# ip audit SECUR in

Figure 6.5 shows how to configure an IDS policy and how to apply the policy to an interface.

Figure 6.5. Creation of IDS policy.

graphics/06fig05.gif

Configuring Exclusions for IDS Inspection

As mentioned previously, you should disable signatures for protocols and applications that are not running on your network. Disabling signatures for unused protocols and applications will enhance IDS performance and decrease CPU utilization associated with IDS services.


Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
MySQL Stored Procedure Programming
Project Management JumpStart
A+ Fast Pass
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Competency-Based Human Resource Management
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy