Installation Guide
Page 1
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
Installation Guide
Page 2
... equipment off and on a circuit different from that interference will be required to provide reasonable protection against harmful interference when the equipment is an adaptation of a program developed by Cisco could void the FCC approval and negate your authority to radio communications. Any examples, command ... AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. These limits are shown for IPS 7.0 © 2010-2012 Cisco Systems, Inc. Cisco Intrusion Prevention System Appliance and Module Installation Guide for illustrative purposes only.
... equipment off and on a circuit different from that interference will be required to provide reasonable protection against harmful interference when the equipment is an adaptation of a program developed by Cisco could void the FCC approval and negate your authority to radio communications. Any examples, command ... AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. These limits are shown for IPS 7.0 © 2010-2012 Cisco Systems, Inc. Cisco Intrusion Prevention System Appliance and Module Installation Guide for illustrative purposes only.
Installation Guide
Page 3
... the Sensor 1-1 How the Sensor Functions 1-1 Capturing Network Traffic 1-1 Your Network Topology 1-3 Correctly Deploying the Sensor 1-3 Tuning the IPS 1-3 Sensor Interfaces 1-4 Understanding Sensor Interfaces 1-4 Command and Control Interface 1-5 Sensing Interfaces 1-6 Interface Support 1-6 TCP Reset Interfaces 1-9 Interface... Mode 1-15 Deploying VLAN Groups 1-16 Supported Sensors 1-17 IPS Appliances 1-18 Introducing the IPS Appliance 1-18 Appliance Restrictions 1-19 Connecting an Appliance to a Terminal Server 1-19 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
... the Sensor 1-1 How the Sensor Functions 1-1 Capturing Network Traffic 1-1 Your Network Topology 1-3 Correctly Deploying the Sensor 1-3 Tuning the IPS 1-3 Sensor Interfaces 1-4 Understanding Sensor Interfaces 1-4 Command and Control Interface 1-5 Sensing Interfaces 1-6 Interface Support 1-6 TCP Reset Interfaces 1-9 Interface... Mode 1-15 Deploying VLAN Groups 1-16 Supported Sensors 1-17 IPS Appliances 1-18 Introducing the IPS Appliance 1-18 Appliance Restrictions 1-19 Connecting an Appliance to a Terminal Server 1-19 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 4
... the IPS 4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS 4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion Prevention System Appliance and Module Installation...
... the IPS 4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS 4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion Prevention System Appliance and Module Installation...
Installation Guide
Page 5
...18 Installing and Removing Interface Cards 3-20 Installing and Removing the Power Supply 3-22 Installing the IPS 4270-20 4-1 Introducing the IPS 4270-20 4-2 Supported Interface Cards 4-3 Hardware Bypass 4-5 4GE Bypass Interface Card 4-5 Hardware ...IPS 4270-20 in the Rack 4-17 Extending the IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS...
...18 Installing and Removing Interface Cards 3-20 Installing and Removing the Power Supply 3-22 Installing the IPS 4270-20 4-1 Introducing the IPS 4270-20 4-2 Supported Interface Cards 4-3 Hardware Bypass 4-5 4GE Bypass Interface Card 4-5 Hardware ...IPS 4270-20 in the Rack 4-17 Extending the IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS...
Installation Guide
Page 6
...4-44 Installing and Removing Fans 4-49 Troubleshooting Loose Connections 4-51 5 C H A P T E R Installing the AIM IPS 5-1 Specifications 5-1 Before Installing the AIM IPS 5-2 Software and Hardware Requirements 5-2 Interoperability With Other IPS Modules 5-3 Restrictions 5-3 Hardware Interfaces 5-4 Installation and Removal Instructions 5-5 Verifying Installation 5-6 6 C H A P T E R Installing...7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01
...4-44 Installing and Removing Fans 4-49 Troubleshooting Loose Connections 4-51 5 C H A P T E R Installing the AIM IPS 5-1 Specifications 5-1 Before Installing the AIM IPS 5-2 Software and Hardware Requirements 5-2 Interoperability With Other IPS Modules 5-3 Restrictions 5-3 Hardware Interfaces 5-4 Installation and Removal Instructions 5-5 Verifying Installation 5-6 6 C H A P T E R Installing...7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01
Installation Guide
Page 7
... AIM IPS 9-5 Logging In to AIP SSM 9-6 Logging In to the IDSM2 9-8 Logging In to the NME IPS 9-9 The NME IPS and the session Command 9-9 Sessioning In to the NME IPS 9-10 Logging In to the Sensor 9-11 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance and Module Installation...
... AIM IPS 9-5 Logging In to AIP SSM 9-6 Logging In to the IDSM2 9-8 Logging In to the NME IPS 9-9 The NME IPS and the session Command 9-9 Sessioning In to the NME IPS 9-10 Logging In to the Sensor 9-11 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance and Module Installation...
Installation Guide
Page 8
... E R Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the ...12-8 Automatic Upgrade Examples 12-10 Downgrading the Sensor 12-11 Recovering the Application Partition 12-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01
... E R Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the ...12-8 Automatic Upgrade Examples 12-10 Downgrading the Sensor 12-11 Recovering the Application Partition 12-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01
Installation Guide
Page 9
...an Appliance to a Terminal Server 12-14 Installing the IPS 4240 and IPS 4255 System Images 12-15 Installing the IPS 4260 System Image 12-18 Installing the IPS 4270-20 System Image 12-20 Installing the AIM IPS System Image 12-23 Installing the AIP SSM System ...Recovery A-6 Recovering the Password A-7 Understanding Password Recovery A-8 Recovering the Appliance Password A-8 Using the GRUB Menu A-8 Using ROMMON A-9 Recovering the AIM IPS Password A-10 Recovering the AIP SSM Password A-10 Recovering the IDSM2 Password A-13 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
...an Appliance to a Terminal Server 12-14 Installing the IPS 4240 and IPS 4255 System Images 12-15 Installing the IPS 4260 System Image 12-18 Installing the IPS 4270-20 System Image 12-20 Installing the AIM IPS System Image 12-23 Installing the AIP SSM System ...Recovery A-6 Recovering the Password A-7 Understanding Password Recovery A-8 Recovering the Appliance Password A-8 Using the GRUB Menu A-8 Using ROMMON A-9 Recovering the AIM IPS Password A-10 Recovering the AIP SSM Password A-10 Recovering the IDSM2 Password A-13 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 10
... A-14 Verifying the State of Password Recovery A-15 Troubleshooting Password Recovery A-15 Time and the Sensor A-16 Time Sources and the Sensor A-16 Synchronizing IPS Module Clocks with Parent Device Clocks A-17 Verifying the Sensor is Synchronized with the NTP Server A-17 Correcting Time on the Sensor A-18 Advantages and Restrictions...are Active A-39 Device Access Issues A-41 Verifying the Interfaces and Directions on the Network Device A-43 Enabling SSH Connections to the Network Device A-43 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 x OL-18504-01
... A-14 Verifying the State of Password Recovery A-15 Troubleshooting Password Recovery A-15 Time and the Sensor A-16 Time Sources and the Sensor A-16 Synchronizing IPS Module Clocks with Parent Device Clocks A-17 Verifying the Sensor is Synchronized with the NTP Server A-17 Correcting Time on the Sensor A-18 Advantages and Restrictions...are Active A-39 Device Access Issues A-41 Verifying the Interfaces and Directions on the Network Device A-43 Enabling SSH Connections to the Network Device A-43 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 x OL-18504-01
Installation Guide
Page 11
... Status Information A-67 The AIP SSM and the Data Plane A-69 AIM SSP and the Normalizer Engine A-69 Troubleshooting the AIM IPS and the NME IPS A-69 Interoperability With Other IPS Network Modules A-69 Gathering Information A-70 Health and Network Security Information A-70 Tech Support Information A-71 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
... Status Information A-67 The AIP SSM and the Data Plane A-69 AIM SSP and the Normalizer Engine A-69 Troubleshooting the AIM IPS and the NME IPS A-69 Interoperability With Other IPS Network Modules A-69 Gathering Information A-70 Health and Network Security Information A-70 Tech Support Information A-71 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 12
... A-88 Sensor Events A-88 Understanding the show events Command A-89 Displaying Events A-89 Clearing Events A-92 cidDump Script A-92 Uploading and Accessing Files on the Cisco FTP Site A-93 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xii OL-18504-01
... A-88 Sensor Events A-88 Understanding the show events Command A-89 Displaying Events A-89 Clearing Events A-92 cidDump Script A-92 Uploading and Accessing Files on the Cisco FTP Site A-93 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xii OL-18504-01
Installation Guide
Page 13
...van de apparatuur moet worden voldaan aan de lokale en nationale elektriciteitsvoorschriften. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xiii Comply with the documents listed in conjunction with Local and National Electrical Codes ... Cisco Intrusion Prevention System 7.0. Preface Revised: April 4, 2012, OL-18504-01 Contents This guide describes how to install appliances and modules that contains expanded acronyms and pertinent IPS terms. It is for experienced network security administrators who install and maintain Cisco IPS ...
...van de apparatuur moet worden voldaan aan de lokale en nationale elektriciteitsvoorschriften. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xiii Comply with the documents listed in conjunction with Local and National Electrical Codes ... Cisco Intrusion Prevention System 7.0. Preface Revised: April 4, 2012, OL-18504-01 Contents This guide describes how to install appliances and modules that contains expanded acronyms and pertinent IPS terms. It is for experienced network security administrators who install and maintain Cisco IPS ...
Installation Guide
Page 15
...to use the setup command to install the AIM IPS. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for which you supply values are optional. Describes how to install the NME IPS Describes how to log in to upgrade sensors ...to install the IPS 4240 and the IPS 4255. Contains IPS acronyms and terms. Conventions This document uses the following sections: Section 1 2 3 4 5 6 7 8 9 10 Title "Introducing the Sensor" "Installing the IPS 4240 and the IPS 4255" "Installing the IPS 4260" "Installing the IPS 4270-20" "Installing the AIM IPS" "Installing the...
...to use the setup command to install the AIM IPS. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for which you supply values are optional. Describes how to install the NME IPS Describes how to log in to upgrade sensors ...to install the IPS 4240 and the IPS 4255. Contains IPS acronyms and terms. Conventions This document uses the following sections: Section 1 2 3 4 5 6 7 8 9 10 Title "Introducing the Sensor" "Installing the IPS 4240 and the IPS 4255" "Installing the IPS 4260" "Installing the IPS 4270-20" "Installing the AIM IPS" "Installing the...
Installation Guide
Page 16
.... Optional alternative keywords are grouped in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for Cisco Intrusion Prevention System • Installing and Using Cisco Intrusion Prevention System Device Manager • Installing and Using Cisco Intrusion Prevention System Manager Express • Cisco Intrusion Prevention System Command Reference • Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line...
.... Optional alternative keywords are grouped in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for Cisco Intrusion Prevention System • Installing and Using Cisco Intrusion Prevention System Device Manager • Installing and Using Cisco Intrusion Prevention System Manager Express • Cisco Intrusion Prevention System Command Reference • Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line...
Installation Guide
Page 17
... feeds are a free service and Cisco currently supports RSS Version 2.0. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor ...Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. Preface Contents • Regulatory Compliance and Safety Information for IPS...
... feeds are a free service and Cisco currently supports RSS Version 2.0. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor ...Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. Preface Contents • Regulatory Compliance and Safety Information for IPS...
Installation Guide
Page 18
Contents Preface xviii Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
Contents Preface xviii Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
Installation Guide
Page 19
... contains the following sections: • How the Sensor Functions, page 1-1 • Supported Sensors, page 1-17 • IPS Appliances, page 1-18 • IPS Modules, page 1-20 • Time Sources and the Sensor, page 1-26 • Installation Preparation, page 1-29 • Site... and their model numbers, see Supported Sensors, page 1-17. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-1 In this guide, the term sensor refers to protect your network. For a complete list of sensors operating in either promiscuous or inline...
... contains the following sections: • How the Sensor Functions, page 1-1 • Supported Sensors, page 1-17 • IPS Appliances, page 1-18 • IPS Modules, page 1-20 • Time Sources and the Sensor, page 1-26 • Installation Preparation, page 1-29 • Site... and their model numbers, see Supported Sensors, page 1-17. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-1 In this guide, the term sensor refers to protect your network. For a complete list of sensors operating in either promiscuous or inline...
Installation Guide
Page 20
... this interface is always Ethernet. SSH is used to protect the CLI and TLS/SSL is taken. Additionally, TCP resets are enabled by default on signatures associated with the manager workstation or network devices (Cisco switches, routers, and firewalls). How the Sensor Functions ..., not current traffic. This interface has an assigned IP address, which allows it to protect the manager workstation. If selected as an action on switches, routers, and firewalls that the sensor manages. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-2 OL-18504-01
... this interface is always Ethernet. SSH is used to protect the CLI and TLS/SSL is taken. Additionally, TCP resets are enabled by default on signatures associated with the manager workstation or network devices (Cisco switches, routers, and firewalls). How the Sensor Functions ..., not current traffic. This interface has an assigned IP address, which allows it to protect the manager workstation. If selected as an action on switches, routers, and firewalls that the sensor manages. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-2 OL-18504-01
Installation Guide
Page 21
... between your network and other networks (and the Internet). • The amount and type of a firewall, your sensor the highest protection. Proper sensor placement can use vulnerability signatures for IPS 7.0 1-3 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for attack evaluation. Chapter 1 Introducing the Sensor How the Sensor Functions • Generate...
... between your network and other networks (and the Internet). • The amount and type of a firewall, your sensor the highest protection. Proper sensor placement can use vulnerability signatures for IPS 7.0 1-3 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for attack evaluation. Chapter 1 Introducing the Sensor How the Sensor Functions • Generate...