Guest

Cisco IPS 4200 Series Sensors

Release Notes for Cisco Intrusion Prevention System Manager Express 7.0.3

  • Viewing Options

  • PDF (172.4 KB)
  • Feedback
Release Notes for Cisco Intrusion Prevention System Manager Express 7.0.3

Table Of Contents

Release Notes for Cisco Intrusion Prevention System Manager Express 7.0.3

Contents

IME File List

System Requirements

New and Changed Information

MySDN Decommissioned

Obtaining Software on Cisco.com

Installing or Upgrading Cisco IME and Migrating Data In to the IME

Creating and Changing the IME Password

Recovering the Password

Cisco Security Intelligence Operations

Restrictions and Limitations

Caveats

Resolved Caveats

IME 7.0.3 Caveats

Related Documentation

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco Intrusion Prevention System Manager Express 7.0.3


Published: May 10, 2010, OL-22766-01
Revised: October 28, 2013

Contents

IME File List

System Requirements

New and Changed Information

MySDN Decommissioned

Obtaining Software on Cisco.com

Installing or Upgrading Cisco IME and Migrating Data In to the IME

Creating and Changing the IME Password

Recovering the Password

Cisco Security Intelligence Operations

Restrictions and Limitations

Caveats

Related Documentation

Obtaining Documentation and Submitting a Service Request

IME File List

The following files are part of Cisco IME 7.0.3:

Cisco IME

IME-7.0.3.exe

Readme

IME-7.0.3.readme.txt

System Requirements

The IME has the following system requirements:

Minimum hardware requirements

IBM PC-compatible 2-GHz or faster processor

Color monitor with at least 1024 x768 resolution and a video card capable of 16-bit colors

100-GB hard-disk drive

2-GB RAM

Operating Systems

Windows Vista Business and Ultimate (32-bit only)

Windows XP Professional (32-bit only)

Windows 2003 server

The IME supports the following Cisco IPS hardware platforms:

IPS 4240

IPS 4255

IPS 4260

IPS 4270-20

AIM IPS

AIP SSC-5

AIP SSM-10

AIP SSM-20

AIP SSM-40

IDSM2

NME IPS


Note Although the IME also supports IDS 4210, IDS 4215, IDS 4235, IDS 4250, and NM CIDS, these platforms do support any IPS software past IPS 6.1, and some of the IME features are not supported.


The IME supports the following Cisco IPS versions with the following features:

Cisco IPS 7.0

IPv6

Sensor Configuration

Sensor Health Dashboard

Events Dashboard

Event Monitoring

Reporting

Up to 10 devices

Up to 100 EPS

Cisco IPS 6.2

IPv6

Sensor Configuration

Sensor Health Dashboard

Events Dashboard

Event Monitoring

Reporting

Up to 10 devices

Up to 100 EPS

Cisco IPS 6.1

Sensor Configuration

Sensor Health Dashboard

Events Dashboard

Event Monitoring

Reporting

Up to 10 devices

Up to 100 EPS

Cisco IPS 6.0

Events Dashboard

Events Monitoring

Reporting

Up to 10 devices

Up to 100 EPS

Cisco IPS 5.1

Events Dashboard

Events Monitoring

Reporting

Up to 10 devices

Up to 100 EPS

Cisco IOS IPS 12.3(14)T7 and 12.4(15)T2

Events Dashboard

Events Monitoring

Reporting

Up to 10 devices

Up to 100 EPS

New and Changed Information

IME 7.0.3 has the following new features:

You must now set up a login password for the IME and use it every time you log in to the IME.

MySQL database has been upgraded to 5.1.

The E4 signature engine update is included in the IME.

For More Information

For the procedure for setting up a login password for the IME, see Creating and Changing the IME Password.

MySDN Decommissioned

Because MySDN has been decommissioned, the URL in older versions of the IDM and the IME is no longer functional. If you are using IPS 6.0 or later, we recommend that you upgrade your version of the IDM and the IME.

You can upgrade to the following versions to get the functioning MySDN URL:

IDM 7.0.3

IME 7.0.3

IPS 7.0(4)E4, which contains IDM 7.0.4

If you are using version IPS 5.x, you must look up signature information manually at this URL:

http://tools.cisco.com/security/center/search.x

For More Information

For more information about MySDN, refer to MySDN.

Obtaining Software on Cisco.com

You can find major and minor updates, service packs, signature and signature engine updates, system and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com. Signature updates are posted to Cisco.com approximately every week, more often if needed. Service packs are posted to Cisco.com as needed. Major and minor updates are also posted periodically. Check Cisco.com regularly for the most recent IPS software.

You must have an account with cryptographic access before you can download software. You set this account up the first time you download IPS software from the Download Software site. You can sign up for IPS Alert Bulletins to receive information on the latest software releases.


Note You must be logged in to Cisco.com to download software. You must have an active IPS maintenance contract and a Cisco.com password to download software. You must have a sensor license to apply signature updates.



Caution Do not change the filename. You must preserve the original filename for the sensor to accept the update.

Downloading IPS Software

To download software on Cisco.com, follow these steps:


Step 1 Log in to Cisco.com.

Step 2 From the Support drop-down menu, choose Download Software.

Step 3 Under Select a Software Product Category, choose Security Software.

Step 4 Choose Intrusion Prevention System (IPS).

Step 5 Enter your username and password.

Step 6 In the Download Software window, choose IPS Appliances > Cisco Intrusion Prevention System and then click the version you want to download.


Note You must have an IPS subscription service license to download software.


Step 7 Click the type of software file you need. The available files appear in a list in the right side of the window. You can sort by file name, file size, memory, and release date. And you can access the Release Notes and other product documentation.

Step 8 Click the file you want to download. The file details appear.

Step 9 Verify that it is the correct file, and click Download.

Step 10 Click Agree to accept the software download rules. The first time you download a file from Cisco.com, you must fill in the Encryption Software Export Distribution Authorization form before you can download the software.

Fill out the form and click Submit. The Cisco Systems Inc. Encryption Software Usage Handling and Distribution Policy appears.

Read the policy and click I Accept. The Encryption Software Export/Distribution Form appears.

If you previously filled out the Encryption Software Export Distribution Authorization form, and read and accepted the Cisco Systems Inc. Encryption Software Usage Handling and Distribution Policy, these forms are not displayed again. The File Download dialog box appears.

Step 11 Open the file or save it to your computer.

Step 12 Follow the instructions in the Readme or these Release Notes to install the update.


Installing or Upgrading Cisco IME and Migrating Data In to the IME

This section describes how to install and upgrade the IME, and how to migrate data from IEV or a previous version of the IME.

Cisco IEV, Cisco IOS IPS

If you have a version of Cisco IPS Event Viewer installed, the Install wizard prompts you to remove it before installing the IME.

The IME event monitoring is also supported in IOS-IPS versions that support the Cisco IPS 5.x/6.x signature format. We recommend IOS-IPS 12.4(15)T4 if you intend to use the IME to monitor an IOS IPS device. Some of the new IME functionality including health monitoring is not supported.

Installation Notes and Caveats

Observe the following when installing or upgrading the IME:

You can install IME 7.0.3 over all versions of the IME but not over IEV. All alert database and user settings are preserved.

IME 7.0.3 detects previous versions of IEV and prompts you to manually remove the older version before installing IME 7.0.3 or to install the IME on another system. The installation program then stops.

Make sure you close any open instances of the IME before upgrading to IME 7.0.3.

Disable any anti-virus or host-based intrusion detection software before beginning the installation, and close any open applications. The installer spawns a command shell application that may trigger your host-based detection software, which causes the installation to fail.

You must be administrator to install the IME.

IME 7.0.3 coexists with other instances of the MySQL database. If you have a MySQL database installed on your system, you do NOT have to uninstall it before installing IME 7.0.3.

Installing or Upgrading to IME 7.0.3

To install the IME, follow these steps:


Step 1 From the Download Software site on Cisco.com, download the IME executable file (IME-7.0.3.exe) to your computer.

Step 2 Double-click the executable file. The Cisco IPS Manager Express - InstallShield Wizard appears. You receive a warning if you have a previous version of Cisco IPS Event Viewer installed. Acknowledge the warning, and exit installation. Remove the older version of IEV, and then continue IME installation.

Step 3 Click Next to start IME installation.

Step 4 Accept the license agreement and click Next.

Step 5 Click Next to choose the destination folder, click Install to install the IME, and then click Finish to exit the wizard. The Cisco IME and Cisco IME Demo icons are now on your desktop.


Note The first time you start the IME, you are prompted to set up a password.



Migrating IEV Data

To migrate IEV 5.x events to the IME, you must exit the installation and manually export the old events by using the IEV 5.x export function to move the data to local files. After installing IME 7.0.3, you can import these files to the new IME system.


Note IME 7.0.3 does not support import and migration functions for IEV 4.x.


To export event data from IEV 5.x to a local file, follow these steps:


Step 1 From IEV 5.x, choose File > Database Administration > Export Database Tables.

Step 2 Enter the file name and select the table(s).

Step 3 Click OK. The events in the selected table(s) are exported to the specified local file.


Importing IEV Event Data In to the IME

To import event data in to the IME, follow these steps:


Step 1 From the IME, choose File > Import.

Step 2 Select the file exported from IEV 5.x and click Open. The contents of the selected file are imported in to the IME.


For More Information

For more information about Cisco IME, refer to Cisco Intrusion Prevention System Manager Express Configuration Guide for IPS 7.0.

Creating and Changing the IME Password


Note Beginning with IME 7.0.3, you are required to create a password to access the IME.


When you start the IME for the first time, the Password Policy dialog box appears. Enter a password that you will use to access the IME. Reenter the password to confirm, and then click OK. From now on when you log in to the IME, enter your password in the Enter IME password field and click OK. To change the IME password, choose Tools > Change User Password, and enter your existing password and your new password, and then reenter the new password to confirm. When you uninstall and reinstall the IME, you must create a user password. You do not have to restart the IME after a password change.


Note The IME does not support user roles or multiple sessions, so you do not need to configure a user name.


Password Requirements

The IME password has the following requirements:

Must contain at least 8 characters and no more than 80.

Must contain characters from at least three of the following classes:

Lower case letters

Upper case letters

Digits

Special characters (! @ $ % & *)

No single character repeated more than two times consecutively.

All input must be ASCII characters.


Note The IME performs other checks to make sure that the password is secure. You receive an error message if the password does not pass validation.


Recovering the Password

To recover the IME password, follow these steps:


Step 1 Stop the IME client.

Step 2 Delete the hosts.cfg file from the installed directory.

Example

C:\Documents and Settings\All Users\Application Data\Cisco Systems\IME\iev\hosts.cfg
 
   

Step 3 Restart the IME client.

Step 4 You are prompted to create a password.

No events are lost from the database, including new events between the time you deleted hosts.cfg and restarted the IME. However, the event account user name and password will be used for both events and configuration. If you had different user names and passwords for the event and configuration roles, you must edit each device to restore them.


Cisco Security Intelligence Operations

The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current vulnerabilities and security threats. It also has reports on other security topics that help you protect your network and deploy your security systems to reduce organizational risk.

You should be aware of the most recent security threats so that you can most effectively secure and manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.

Cisco Security Intelligence Operations contains a Security News section that lists security articles of interest. There are related security tools and links.

You can access Cisco Security Intelligence Operations at this URL:

http://tools.cisco.com/security/center/home.x

Cisco Security Intelligence Operations is also a repository of information for individual signatures, including signature ID, type, structure, and description.

You can search for security alerts and signatures at this URL:

http://tools.cisco.com/security/center/search.x

Restrictions and Limitations

The following restrictions and limitations apply to Cisco IME 7.03:

You can use the IME to monitor sensors running Cisco IPS 5.0 and later; however, some of the new features and functionality in the IME are only supported on sensors running IPS 6.1 or later.

IME 7.0.3 does not support Cisco IPS 4.x or 3.x sensors.

You can install IME 7.0.3 over all versions of the IME but not over IEV. All alert database and user settings are preserved.

IME 7.0.3 detects previous versions of IEV and prompts you to manually remove the older version before installing IME 7.0.3 or to install the IME on another system. The installation program then stops.

Make sure you close any open instances of the IME before upgrading to IME 7.0.3.

Disable any anti-virus or host-based intrusion detection software before beginning the installation, and close any open applications. The installer spawns a command shell application that may trigger your host-based detection software, which causes the installation to fail.

You must be administrator to install the IME.

IME 7.0.3 coexists with other instances of the MySQL database. If you have a MySQL database installed on your system, you do NOT have to uninstall it before installing IME 7.0.3.

The IME launches MySDN from the last browser window you opened, which is the default setting for Windows. To change this default behavior, in Internet Explorer, choose Tools > Internet Options, and then click the Advanced tab. Scroll down and uncheck the Reuse windows for launching shortcuts check box.

For More Information

For more information about MySDN, refer to MySDN.

Caveats

This section lists the resolved and known caveats, and contains the following topics:

Resolved Caveats

IME 7.0.3 Caveats

Resolved Caveats

The following known issues have been resolved in the IME 7.0.3 release:

CSCte39189—IME MySQL package has been EOL

CSCte58381—IME should not allow external access

CSCte58426—IME: There should be authentication to access IME

CSCte39141—IME: MySQL uses fixed credentials

CSCtf56805—IME support for user password recovery

CSCte25655—IME should report nightly build

CSCtc12978—IME process stops when user logs off

CSCtf04091—Add IPS E4 engine support in IME 7.0.3

CSCsr02064—E-mail configuration missing from IME Help

CSCtb88455—IME Installation should check minimum memory requirements

IME 7.0.3 Caveats

The following known issues are found in Cisco IME 7.0.3:

CSCtg35987—Issue when add service account in Config User and Event Sub User Name

CSCtg50407—Unexpected java exception when generate IME Reports

CSCtg50439—Events not retrieved when source address is the victim

CSCtg63072—Deleted IME customer reports show back after exit/restart IME client

CSCso13143—Events for pull down menu should take care of more than 10 attackers

CSCtg53580—Misspell Exporting as Expoting on Export Alarm Data

CSCtb88463—Video Help needs updating for 10 device, and new features

CSCtg14777—IME Installation wizard should warn user if IME client is running

Related Documentation

For more information on Cisco IPS, refer to the following documentation found at this URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_series_home.html

Documentation Roadmap for Cisco Intrusion Prevention System

Cisco Intrusion Prevention System Device Manager Configuration Guide

Cisco Intrusion Prevention System Manager Express Configuration Guide

Cisco Intrusion Prevention System Command Reference

Cisco Intrusion Prevention System Sensor CLI Configuration Guide

Cisco Intrusion Prevention System Appliance and Module Installation Guide

Installling and Removing Interface Cards in Cisco IPS-4260 and IPS 4270-20

Regulatory Compliance and Safety Information for the Cisco Intrusion Detection and Prevention System 4200 Series Appliance Sensor

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.