NIDS

NIDS hardening is usually very straightforward. NIDS generally don't support any ancillary services, so they are fairly easy to secure. The primary hardening task is to ensure that the detection interface is not reachable at L3 and that the management interface connects directly back to a trusted location within your management network. This way, the NIDS should be difficult to access from the location in which you are likely to see the most attacks.

The second main step includes the more traditional hardening functions for any system. Enable logging, set passwords, use SSH, disable unneeded services (if any), and configure NTP.

Configuration commands for the Cisco Intrusion Detection System (IDS; version 4.0 was tested for this book) are based on a simple menu system accessed by connecting to the console port on the device. After logging in (user: cisco, password: cisco), you are then prompted to change the password. Initial configuration is launched by typing setup. Here you can set the following:

• IP address
• Hostname
• Routing
• Access control to the sensor management
• Communications infrastructure (communication back to the IDS manager)
• Password for primary IDS user
• Secure Sockets Layer (SSL) and SSH access for management

After entering these initial values, the IDS sensor can be managed from the IDS management system either embedded on the sensor or at a central location, depending on the size of your deployment.

For more details on the initial configuration of a Cisco IDS sensor, see the guide for getting started at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/15282_01.htm.