The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco provides IOS Intrusion Prevention System (IPS) software and signature updates on a regular basis. The IOS IPS Auto Update feature does a periodic update of these signatures automatically. In Cisco IOS Release 15.5(2)T and later releases, the auto update is provided by the BSD infrastructure. Prior to this release, the auto update was done by the IDA application.
This module provides an overview of the feature and explains how to configure it.
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco IOS Intrusion Prevention System (IPS) protects a network infrastructure from malicious traffic or attacks. Cisco provides IOS IPS software and signature updates on a regular basis. As new forms of network attacks are devised, new signatures are developed to combat them. IOS IPS auto update does a periodic update of these signatures automatically.
In Cisco IOS Release 15.5(2)T and later releases, IOS IPS auto update uses the Borderless Software Delivery (BSD) infrastructure. IOS IPS auto update will only support update requests coming through BSD. Prior to this release, IDA was used for auto update.
Auto update from a local FTP/TFTP server:
You can configure IOS IPS to automatically update its signatures from a local URL (using FTP/TFTP). You need to manually download the signature file from Cisco.com and place it in the FTP/TFTP server path which is configured in IOS IPS. Based on the configuration, IOS IPS periodically updates its signatures from the local server path.
Note: Auto update from local a local URL does not verify if the signature file is the latest or not; but takes the signature file that is available in the configured location.
Auto update from www.cisco.com:
You can configure IOS IPS to automatically update its signatures from Cisco.com. IOS IPS checks for the latest signature package availability, and if an upgrade to the currently running signature version is available, the signature is downloaded and upgraded.
Borderless Software Delivery (BSD) server provides the catalog file service functionality to support selective IOS IPS image update.
A catalog which consists of filters corresponding to image versions and packages which are supported for these image versions are uploaded on the BSD server. When the IOS IPS sends a request through the BSD client, the server sends a response that contains the list of software updates available for the image version running on the router. The IOS IPS interface selects the software update to be retrieved from the BSD server, and downloads the image. Image download from Cisco.com is done using HTTP.
You can configure the interval at which to initiate the auto update. IOS IPS starts a timer based on the configured interval, and on expiry of the timer the auto update starts.
1.
enable
2.
configure
terminal
3.
ip
ips
auto-update
4.
cisco
5.
occur-at
[monthly
|
weekly]
days
minutes
hours
6.
username
name
password
password
7.
exit
8.
bsd-client
server
url
url
9.
password
encryption
aes
10.
key
config-key
password-encryption
11.
exit
12.
show
ip
ips
configuration
The following is sample output from the show ip ips configuration command:
Device# show ip ips configuration
Event notification through syslog is enabled
Event notification through Net Director is enabled
Default action(s) for info signatures is alarm
Default action(s) for attack signatures is alarm
Default threshold of recipients for spam signature is 25
PostOffice:HostID:5 OrgID:100 Addr:10.2.7.3 Msg dropped:0
HID:1000 OID:100 S:218 A:3 H:14092 HA:7118 DA:0 R:0
CID:1 IP:172.16.0.20 P:45000 S:ESTAB (Curr Conn)
Audit Rule Configuration
Audit name AUDIT.1
info actions alarm
Use the following commands to verify your IOS IPS auto update functionality:
1.
enable
2.
show
ip
ips
auto-update
3.
show
ip
ips
statistics
4.
clear
ip
ips
statistics
Device# configure terminal Device(config)# ip ips auto-update Device(config-ips-auto-update)# cisco Device(config-ips-auto-update)# occur-at weekly 4 23 23 Device(config-ips-auto-update)# username myips password secret Device(config-ips-auto-update)# exit Device(config)# bsd-client server https://cloudsso.cisco.com/as/token.oauth2 Device(config)# password encryption aes Device(config)# key config-key password-encryption Device(config)# end
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
Security commands |
|
| Description | Link |
|---|---|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
|
Feature Name |
Software Releases |
Feature Configuration Information |
|---|---|---|
|
IOS IPS Auto Update Functionality |
15.5(2)T |
Cisco provides IOS Intrusion Prevention System (IPS) software and signature updates on a regular basis. The IOS IPS Auto Update feature does a periodic update of these signatures automatically. In Cisco IOS Release 15.5(2)T and later releases, the auto update is provided by the BSD infrastructure. Prior to this release, the auto update was done by the IDA application. The following commands were introduced or modified for this feature: bsd-client server, clear ip ips statistics, ips signature update, show ip ips auto-update, show ip ips statistics. |
Feedback