1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

Mitigating Layer 2 Attacks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.
DNR-322L & DNR-326.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.
COEN 252: Computer Forensics Router Investigation.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.
Technical Training: DIR-615
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
RADIUS Server (Brocade Controller)
Installing Samba Vicki Insixiengmay Jonathan Krieger.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Advanced Networking for DVRs
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Objectives Define IP Address To be able to assign an IP address with its Subnet Mask and Default Gateway to a PC that operates using Windows 7 or Fedora.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control List ACL. Access Control List ACL.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
Bypass a VPN, ACL, and VLAN ECE 4112 Alaric Craig and Pritesh Patel.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
E /24 LAN /24LAN – / /8 S0 S /8 Head Office Branch Office E /16.
Network Address Translations Project no. : 12 Prof. Edmund Gean Presented by DhruvaPatel( ) Sweta Patel( ) Rushika Patel ( ) Guided.
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
HotEx Radius Manager Installation. hotEx RADIUS Manager Network Diagram.
© 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—15-1 Chapter 15 Blocking Configuration.
Configuring the PIX Firewall Presented by Drew Spesard.
ACCESS CONTROL LIST.
NAT & PAT Network Address Translation Port Address Translation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Linux Operations and Administration
Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.
Programming Software and Setting. Default IP Add : , also can be changed via Programming Software, if forget IP address, Programmer can.
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Run the on your PC to start the firmware configuration process Run IP Config Tool.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Cisco IOS Firewall Context-Based Access Control Configuration
Managing IP Traffic with ACLs
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Network hardening Chapter 14.
How to install and manage exchange server 2010 OP Saklani.
Presentation transcript:

1

2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and firewall to shun an attacker. This functionality is provided by the managed service.

3 Shunning refers to the IDS Sensor's ability to use a network device to deny entry to a specific network host or an entire network. There are three major steps toward using a router or other device to shun an attacker:

4 Set Up Device Management Set Up Device Management Set Up Shunning Set Up Shunning Set Up Intrusion Detection Set Up Intrusion Detection

5 An intrusion detection systems has its core element - a sensor (an analysis engine) that is responsible for detecting intrusions. Sensor properties 

6 Each sensor maintains signatures configured for the segment it monitors. -Inserts TCP resets via the monitoring interface. -Inserts TCP resets via the monitoring interface. -Makes ACL changes to block traffic on routers (or PIX Firewall or Cisco Catalyst 6000 switches) that the sensor manages. -Provides information for alert response/behavior

7 Where to locate sensors? -In loc.1, the sensor is placed to monitor traffic between the protected network and the Internet. -In loc.2, the sensor is monitoring an extranet connection with a business partner. -In loc.3, the sensor is monitoring the network side of a remote access server. In loc.4, the sensor is monitoring an intranet connection

8 Step 1. On the Director interface, click the remote machine you want to configure. Step 2. Click Configure on the Security menu.

9 This presentation uses the network setup shown in this diagram.

10 Add the Sensor into the Director

11

12 After we add the sensor from the Main Menu, we should see sensor-2, as in this example

13

14. Add the range to into the protected network, as shown in this example.

15 Enabling daemons:

16 Once the Sensor has detected the attack, and the ACL is downloaded, and this output is displayed on "House." -house#show access-list Extended IP access list IDS_FastEthernet0/0_in_0 permit ip host any deny ip host any (459 matches) permit ip any any Fifteen Minutes later, "House" goes back to normal, because shunning was set to 15 minutes. -House#show access-list Extended IP access list IDS_FastEthernet0/0_in_1 permit ip host any permit ip any any (12 matches)house# "Light" can ping "House." Light#ping Light#ping

17 Configure Pix Firewall using IDS Sensor How to configure shunning on a PIX using Cisco IDS UNIX Director (formerly known as Netranger Director) and Sensor.

18 This configuration presentation uses the network setup shown in the diagram below.

19 The following steps describe how to configure the Sensor. Telnet to with username root and password attack. Enter sysconfig-sensor. Enter the following information: IP Address : IP Address : IP Netmask : IP Netmask : IP Host Name: sensor-2 IP Host Name: sensor-2 Default Route Default Route Network Access Control Network Access Control10. Communications Infrastructure Communications Infrastructure Sensor Host ID: 49 Sensor Organization ID: 900 Sensor Host Name: sensor-2 Sensor Organization Name: cisco Sensor IP Address: IDS Manager Host ID: 50 IDS Manager Organization ID: 900 IDS Manager Host Name: dir3 IDS Manager Organization Name: cisco IDS Manager IP Address: Save the configuration and the Sensor will reboot.

20 Adding the Sensor Into the Director Telnet to with username netrangr and password attack Enter ovw& to launch HP OpenView In the Main Menu, go to Security > Configure. In the Netranger Configuration Menu, go to File > Add Host, and click Next. Enter the following information, and click Next.

21

22

23 You have successfully added the sensor into the director.

24 In the Main Menu, go to Security > Configure. In the Netranger Configuration Menu, highlight sensor-2 and double click it. Open Device Management. Click Devices > Add, enter the information as shown in the following example. Click OK to continue. The Telnet and enable password are both “Cisco.”

25

26 Click Shunning > Add. Add host

27 Click Shunning > Add, to select sensor-2.cisco as the shunning servers.

28 Open the Intrusion Detection window and click Protected Networks. Add to into the protected network.

29 Click Profile and select Manual Configuration > Modify Signatures. Select Large ICMP Traffic and ID: 2151, click Modify, change the Action from None to Shun and Log. Click OK to continue.

30 Open the System Files folder, open the Daemons window. Make sure you have enabled following daemons.

31 Click OK to continue, and select the version you just modified. Click Save > Apply. Wait for the system to tell you the Sensor is finished, restart Services, and close all the windows for the Netranger configuration

32 Before Launching the Attack Tiger(config)# show telnet inside Tiger(config)# who 0: Tiger(config)# show xlate 1 in use, 1 most used Global Local static Light#ping

33 -Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms. -Shunning is done for indicated IP addresses. -Fifteen minutes later, it goes back to normal because the shunning is set to 15 minutes.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.