|
CSIDS Exam Cram 2 (Exam 642-531) Authors: Newman D.P., Manalo K.M. Published year: 2004 Pages: 11-13/213 |
| [ LiB ] |
You can access the command-line interface (CLI) by using the console port, Telnet and SSH to the command and control interface, or a direct monitor and keyboard ports on most models. However, the IDS-4215 does not have monitor and keyboard ports.
The IDS 4.0 supports SSH versions 1 and 2 protocols.
CLI locations:
|
Syntax |
Location |
|---|---|
|
Sensor# |
Privilege exec |
|
Sensor(config)# |
Global configuration |
|
Sensor(config-if)# |
Command and control interface |
|
Sensor(config-ifs)# |
Sensing interface |
|
Sensor(config-ifg)# |
Interface group |
|
Sensor(config-Host-net)# |
NetworkParams configuration |
The NetworkParams configures several sensor networking settings, such as IP address, default gateway, hostname, and access list.
The interface command-control mode enables you to configure an IP address for the sensor.
The NetworkAccess service allows the configuration of managed devices; it has the prompt sensor(config-NetworkAccess)# .
Configuring a managed device:
Set the VTY line password (Telnet).
Set the enable password. (Make it the same as the VTY line.)
Enable Telnet on the device.
Add the sensor to the trusted host list on the device.
WebServer Service that allows the configuration of the HTTP/HTTPS cidwebServer application. The command prompt is sensor(config-WebServer)# .
Virtual-sensor-configuration Level that allows you to fine-tune signature settings or even create custom signatures. The command prompt is sensor(config-vsc)# .
All signature tuning and custom signatures created are linked to this virtualSensor group.
To reset String.TCP settings back to default, use sensor(config-vsc)# reset-signature STRING.TCP all at the virtual-sensor-configuration level.
| [ LiB ] |
| [ LiB ] |
Use the ssh authorized-key command to add a public key for the current user for a client allowed to use Rivest Shamir Adleman (RSA) authentication to log in to the local SSH server.
The copy /erase backup-config current-config command first erases the destination file before copying the backup-config to the current-config.
The sensor has two partitions. The recover command re-images the application partition with the image stored on the recovery partition. An example is Sensor(config)#recover application-partition .
The recover application partition command is not supported on the IDSM2 switch module.
Two methods for updating a sensor are using the sensor(config)# upgrade command or using IDS MC. The command supports four source locations: FTP, Secure Copy Protocol (SCP), HTTP, or HTTPS.
You can use the sensor(config)# downgrade command to remove the latest update.
You must upgrade IDS MC prior to upgrading the sensor with service packs or signature updates.
The update filename IDS-K9-sp-4.0-2-S42.rpm.pkg has a service pack level of 2, an IDS major release 4.0, and signature level 42.
For SSH, the sensor and blocking device must exchange keys manually using the ssh host-key command. Also, Data Encryption Standard (DES) or Triple DES (3DES) must be available.
| [ LiB ] |
| [ LiB ] |
IDM requires Netscape 4.79 or Internet Explorer 5.5 with Service Pack 2 (SP2) or higher as client browsers.
The Network Security Database (NSDB) provides detailed signature and vulnerability information and is a component of IEV.
IEV custom view allows you to use filters to select what traffic you want to view and to adjust the order in which the columns appear by using the up and down arrow buttons .
You can import archived IDS log files from the sensor into IEV.
The events displayed in the Statistical Graph reflect the average number of alarms received by IEV, based on the filter that is applied to the data source. Therefore, depending on the filter, the Statistical Graph might not reflect the true average number of alarms.
| [ LiB ] |
|
CSIDS Exam Cram 2 (Exam 642-531) Authors: Newman D.P., Manalo K.M. Published year: 2004 Pages: 11-13/213 |