8/10/2019 IPS-4.ppt

1/38

2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-1

Using IPS DeviceManager

8/10/2019 IPS-4.ppt

2/38

2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-2

Introduction to the IPSDevice Manager

8/10/2019 IPS-4.ppt

3/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-3

IPS Device Manager

IDM is a web-basedapplication that

enables you toconfigure, manage,and monitor thesensor.

The IDM web serverresides on thesensor and can be

accessed via yourweb browser.

8/10/2019 IPS-4.ppt

4/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-4

IDM Features and Benefits

Web-based embedded architecture

Task-based GUI

Configuration and monitoring

Sensor system administration

Signature grouping

Signature customization

Secure communication (TLS and SSL)

8/10/2019 IPS-4.ppt

5/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-5

TLS and SSL Communications

TLS and SSL use a process called handshaking that involves a

number of coordinated exchanges between a client and a server.

A trusted host certificate is used by the server to verify theidentity of a connecting client.

A server certificate is used by the server to prove its identity tothe client.

IDM

HTTPS

(TLS and SSL)

HTTPS ServerHTTPS Client

IDM

8/10/2019 IPS-4.ppt

6/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-6

IDM System Requirements

Supported operating systems for IDM andtheir corresponding supported browsers:

Windows 2000, Windows XP

Internet Explorer 6.0 with Java Plug-In 1.5

Netscape 7.1 with Java Plug-In 1.5

Sun SPARC Solaris 2.8 or 2.9

Mozilla 1.7 Red Hat Linux 9.0 or Red Hat Enterprise Linux WS,

version 3 running GNOME or KDE

Mozilla 1.7

8/10/2019 IPS-4.ppt

7/38 2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-7

Getting Started with theIDM

8/10/2019 IPS-4.ppt

8/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-8

Logging In to the IDM

8/10/2019 IPS-4.ppt

9/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-9

Trusting the Sensor

8/10/2019 IPS-4.ppt

10/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-10

Trusting Cisco

8/10/2019 IPS-4.ppt

11/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-11

License Key Warning

8/10/2019 IPS-4.ppt

12/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-12

IDM User Interface

ForwardBack Refresh

Help

8/10/2019 IPS-4.ppt

13/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-13

Online IDM Help

8/10/2019 IPS-4.ppt

14/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-14

Configuring Network Settings

Hostname

RemoteAccess

DefaultRoute

NetworkMask

IP Address

Reset

WebServer

Settings

Configuration

Network

Sensor Setup

8/10/2019 IPS-4.ppt

15/38 2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-15

Configuring Certificates

8/10/2019 IPS-4.ppt

16/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-16

Server Certificate

GenerateCertificate

Server

Certificate

Configuration

Certificates

Sensor Setup

8/10/2019 IPS-4.ppt

17/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-17

Trusted Hosts

D

Trusted

HostsAdd

IP Address

8/10/2019 IPS-4.ppt

18/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-18

Trusted Hosts (Cont.)

View

Delete

8/10/2019 IPS-4.ppt

19/38 2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-19

Configuring SSH

8/10/2019 IPS-4.ppt

20/38 2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-20

SSH Communications

The clients key (SSH authorized key) enables theclient to connect without password authentication.

The servers key (SSH host key) is used by thesensor to prove its identity to the client.

CLI

SSH

Client

SSH

SSH

Server

8/10/2019 IPS-4.ppt

21/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-21

SSH Authorized Keys

Authorized

Keys

Add

Sensor Setup

Configuration

SSH

8/10/2019 IPS-4.ppt

22/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-22

SSH Authorized Keys (Cont.)

ID

Modulus Length

Public

Exponent

Public

Modulus

8/10/2019 IPS-4.ppt

23/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-23

SSH Authorized Keys (Cont.)

Edit

Delete

Reset

Apply

8/10/2019 IPS-4.ppt

24/38

8/10/2019 IPS-4.ppt

25/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-25

Known Host Keys

R

Add

Known

Host

Keys

8/10/2019 IPS-4.ppt

26/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-26

Known Host Keys (Cont.)

Retrieve

Host Key

IP Address

8/10/2019 IPS-4.ppt

27/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-27

Known Host Keys (Cont.)

Modulus Length

Public

Modulus

Public

Exponent

8/10/2019 IPS-4.ppt

28/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-28

Known Host Keys (Cont.)

Apply Reset

Delete

Edit

8/10/2019 IPS-4.ppt

29/38

2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-29

Rebooting and ShuttingDown the Sensor

8/10/2019 IPS-4.ppt

30/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-30

Rebooting the Sensor

RebootSensor

Reboot

Sensor

Configuration

8/10/2019 IPS-4.ppt

31/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-31

Shutting Down the Sensor

Shut DownSensor

Shut DownSensor

Configuration

8/10/2019 IPS-4.ppt

32/38

8/10/2019 IPS-4.ppt

33/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-33

The Events Panel

The Events panel enables you to do the following:

Filter event data

View event data

You can filter events based on the following:

Type

Time

Both type and time

8/10/2019 IPS-4.ppt

34/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-34

Configuring the Event Display

Monitoring

Events

View Reset

Selectthe

numberof rows

perpage

To configureevents by type

To configureevents by time

8/10/2019 IPS-4.ppt

35/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-35

Viewing the Events

Back

Next

Sig IDEventsEvent IDSensor UTC TimeType#

Close

Help

Details

8/10/2019 IPS-4.ppt

36/38

2005 Cisco Systems, Inc. All rights reserved. IPS v5.04-36

Viewing Event Details

8/10/2019 IPS-4.ppt

37/38

8/10/2019 IPS-4.ppt

38/38