Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.

Published byDwayne Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and."— Presentation transcript:

1 1

2 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and firewall to shun an attacker. This functionality is provided by the managed service.

3 3 Shunning refers to the IDS Sensor's ability to use a network device to deny entry to a specific network host or an entire network. There are three major steps toward using a router or other device to shun an attacker:

4 4 Set Up Device Management Set Up Device Management Set Up Shunning Set Up Shunning Set Up Intrusion Detection Set Up Intrusion Detection

5 5 An intrusion detection systems has its core element - a sensor (an analysis engine) that is responsible for detecting intrusions. Sensor properties 

6 6 Each sensor maintains signatures configured for the segment it monitors. -Inserts TCP resets via the monitoring interface. -Inserts TCP resets via the monitoring interface. -Makes ACL changes to block traffic on routers (or PIX Firewall or Cisco Catalyst 6000 switches) that the sensor manages. -Provides information for alert response/behavior

7 7 Where to locate sensors? -In loc.1, the sensor is placed to monitor traffic between the protected network and the Internet. -In loc.2, the sensor is monitoring an extranet connection with a business partner. -In loc.3, the sensor is monitoring the network side of a remote access server. In loc.4, the sensor is monitoring an intranet connection

8 8 Step 1. On the Director interface, click the remote machine you want to configure. Step 2. Click Configure on the Security menu.

9 9 This presentation uses the network setup shown in this diagram.

10 10 Add the Sensor into the Director

11 11

12 12 After we add the sensor from the Main Menu, we should see sensor-2, as in this example

13 13

14 14. Add the range 10.64.10.1 to 10.64.10.254 into the protected network, as shown in this example.

15 15 Enabling daemons:

16 16 Once the Sensor has detected the attack, and the ACL is downloaded, and this output is displayed on "House." -house#show access-list Extended IP access list IDS_FastEthernet0/0_in_0 permit ip host 10.64.10.49 any deny ip host 100.100.100.2 any (459 matches) permit ip any any Fifteen Minutes later, "House" goes back to normal, because shunning was set to 15 minutes. -House#show access-list Extended IP access list IDS_FastEthernet0/0_in_1 permit ip host 10.64.10.49 any permit ip any any (12 matches)house# "Light" can ping "House." Light#ping 10.64.10.45 Light#ping 10.64.10.45

17 17 Configure Pix Firewall using IDS Sensor How to configure shunning on a PIX using Cisco IDS UNIX Director (formerly known as Netranger Director) and Sensor.

18 18 This configuration presentation uses the network setup shown in the diagram below.

19 19 The following steps describe how to configure the Sensor. Telnet to 10.66.79.199 with username root and password attack. Enter sysconfig-sensor. Enter the following information: IP Address : 10.66.79.199 IP Address : 10.66.79.199 IP Netmask : 255.255.255.224 IP Netmask : 255.255.255.224 IP Host Name: sensor-2 IP Host Name: sensor-2 Default Route 10.66.79.193 Default Route 10.66.79.193 Network Access Control Network Access Control10. Communications Infrastructure Communications Infrastructure Sensor Host ID: 49 Sensor Organization ID: 900 Sensor Host Name: sensor-2 Sensor Organization Name: cisco Sensor IP Address: 10.66.79.199 IDS Manager Host ID: 50 IDS Manager Organization ID: 900 IDS Manager Host Name: dir3 IDS Manager Organization Name: cisco IDS Manager IP Address: 10.66.79.201 Save the configuration and the Sensor will reboot.

20 20 Adding the Sensor Into the Director Telnet to 10.66.79.201 with username netrangr and password attack Enter ovw& to launch HP OpenView In the Main Menu, go to Security > Configure. In the Netranger Configuration Menu, go to File > Add Host, and click Next. Enter the following information, and click Next.

21 21

22 22

23 23 You have successfully added the sensor into the director.

24 24 In the Main Menu, go to Security > Configure. In the Netranger Configuration Menu, highlight sensor-2 and double click it. Open Device Management. Click Devices > Add, enter the information as shown in the following example. Click OK to continue. The Telnet and enable password are both “Cisco.”

25 25

26 26 Click Shunning > Add. Add host 100.100.100.100

27 27 Click Shunning > Add, to select sensor-2.cisco as the shunning servers.

28 28 Open the Intrusion Detection window and click Protected Networks. Add 10.66.79.1 to 10.66.79.254 into the protected network.

29 29 Click Profile and select Manual Configuration > Modify Signatures. Select Large ICMP Traffic and ID: 2151, click Modify, change the Action from None to Shun and Log. Click OK to continue.

30 30 Open the System Files folder, open the Daemons window. Make sure you have enabled following daemons.

31 31 Click OK to continue, and select the version you just modified. Click Save > Apply. Wait for the system to tell you the Sensor is finished, restart Services, and close all the windows for the Netranger configuration

32 32 Before Launching the Attack Tiger(config)# show telnet 10.66.79.199 255.255.255.255 inside Tiger(config)# who 0: 10.66.79.199 Tiger(config)# show xlate 1 in use, 1 most used Global 100.100.100.100 Local 10.66.79.204 static Light#ping 100.100.100.100

33 33 -Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms. -Shunning is done for indicated IP addresses. -Fifteen minutes later, it goes back to normal because the shunning is set to 15 minutes.

Download ppt "1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.

DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.
DNR-322L & DNR-326.

DNR-322L & DNR-326.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.

PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.

Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.
Technical Training: DIR-615

Technical Training: DIR-615
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
RADIUS Server (Brocade Controller)

RADIUS Server (Brocade Controller)
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Advanced Networking for DVRs

Advanced Networking for DVRs
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Similar presentations

Ads by Google