-
Installing and Using Cisco Intrusion Prevention System Device Manager 6.2
-
Preface
-
Getting Started
-
Using the Startup Wizard
-
Setting Up the Sensor
-
Configuring Interfaces
-
Configuring Policies
-
Defining Signatures
-
Using the Signature Wizard
-
Configuring Event Action Rules
-
Configuring Anomaly Detections
-
Configuring SSH and Certificates
-
Configuring Attack Response Controller for Blocking and Rate Limiting
-
Configuring SNMP
-
Configuring External Product Interfaces
-
Managing the Sensor
-
Monitoring the Sensor
-
Initializing the Sensor
-
Logging In to the Sensor
-
Obtaining Software
-
Upgrading, Downgrading, and Installing System Images
-
System Architecture
-
Signature Engines
-
Troubleshooting
-
Open Source License Files
-
Glossary
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z
Index
Numerics
4GE bypass interface card
configuration restrictions 5-10
described 5-10
802.1q encapsulation
VLAN groups 5-14
A
accessing IPS software 19-2
access lists
misconfiguration C-26
necessary hosts 3-3
ACLs
adding 3-3
described 12-2
Active Host Blocks pane
field descriptions 16-6
user roles 16-6
active update bulletins 19-10
ad0 pane
default 10-10
described 10-10
tabs 10-10
Add ACL Entry dialog box field descriptions 3-3
Add Active Host Block dialog box field descriptions 16-7
Add Allowed Host dialog box
field descriptions 4-5
user roles 4-4
Add Authorized Key dialog box
field descriptions 11-3
user roles 11-2
Add Blocking Device dialog box
field descriptions 12-15
user roles 12-14
Add Cat 6K Blocking Device Interface dialog box
field descriptions 12-23
user roles 12-21
Add Configured OS Map dialog box
Add Destination Port dialog box field descriptions 10-16
Add Device Login Profile dialog box
field descriptions 12-12
user roles 12-12
Add Event Action Filter dialog box
Add Event Action Override dialog box
Add Event Variable dialog box
Add External Product Interface dialog box
field descriptions 14-6
user roles 14-5
Add Histogram dialog box field descriptions 10-16
adding
ACLs 3-3
a host never to be blocked 12-11
anomaly detection policies 10-9
CSA MC interfaces 14-7
dashboards 2-1
denied attackers 16-5
event action filters 6-15, 9-17
event action overrides 9-13
event action rules policies 9-11
external product interfaces 14-7
gadgets 2-1
host blocks 16-7
IPv4 target value rating 6-19, 9-20
IPv6 target value rating 6-21, 9-22
network blocks 16-9
signature definition policies 7-2
signatures 7-13
signature variables 7-29
Add Inline VLAN Pair dialog box field descriptions 3-9, 5-21
Add Interface Pair dialog box field descriptions 5-19
Add IP Logging dialog box field descriptions 16-14
Add Known Host Key dialog box
field descriptions 11-5
user roles 11-4
Add Master Blocking Sensor dialog box
field descriptions 12-25
user roles 12-24
Add Network Block dialog box field descriptions 16-9
Add Never Block Address dialog box
field descriptions 12-10
user roles 12-7
Add Policy dialog box field descriptions 7-2, 9-11, 10-9
Add Posture ACL dialog box field descriptions 14-7
Add Protocol Number dialog box field descriptions 10-18, 10-25
Add Rate Limit dialog box
field descriptions 16-11
user role 16-10
Address Resolution Protocol see ARP
Add Risk Level dialog box field descriptions 6-31, 9-32
Add Router Blocking Device Interface dialog box
field descriptions 12-19
user roles 12-17
Add Signature dialog box field descriptions 7-8
Add Signature Variable dialog box
field descriptions 7-29
user roles 7-28
Add SNMP Trap Destination dialog box field descriptions 13-4
Add Trusted Host dialog box
field descriptions 11-10
user roles 11-9
Add User dialog box
field descriptions 4-17
user roles 4-17
Add Virtual Sensor dialog box
Add VLAN Group dialog box field descriptions 5-23
Advanced Alert Behavior Wizard
Alert Dynamic Response Fire All window field descriptions 8-27
Alert Dynamic Response Fire Once window field descriptions 8-27
Alert Dynamic Response Summary window field descriptions 8-28
Alert Summarization window field descriptions 8-26
Event Count and Interval window field descriptions 8-26
Global Summarization window field descriptions 8-28
AIC
policy 7-40
signatures (example) 7-41
AIC engine
AIC FTP B-8
AIC FTP engine parameters (table) B-9
AIC HTTP B-8
AIC HTTP engine parameters (table) B-8
described B-8
features B-8
signature categories 7-33
AIC policy enforcement
default configuration 7-34, B-7
sensor oversubscription 7-34, B-7
AIM-IPS
initializing 17-13
installing system image 20-23
logging in 18-5
reimaging 20-23
session command 18-5
setup command 17-13
AIP-SSC-5
bypass mode 5-26
initializing 17-6
logging in 18-6
reimaging 20-26
session command 18-6
AIP-SSM
bypass mode 5-26
initializing 17-16
installing system image 20-27
logging in 18-6
recovering C-66
reimaging 20-26
resetting C-65
session command 18-6
setup command 17-16
alert and log actions (list) 9-8
alert behavior normal 8-26
alert frequency
aggregation 7-21
configuring 7-21
controlling 7-21
modes B-5
Allowed Hosts/Networks pane
configuring 4-5
described 4-4
field descriptions 4-5
alternate TCP reset interface 5-8
Analysis Engine
described 6-2
error messages C-22
IDM exits C-55
verify it is running C-20
virtual sensors 6-2
anomaly detection
asymmetric traffic 10-2, 10-35
configuration sequence 10-5
default configuration (example) 10-4
described 10-2
detect mode 10-4
disabling C-19
inactive mode 10-4
learning accept mode 10-3
learning process 10-3
limiting false positives 10-13, 16-17
operation settings 10-11
protocols 10-3
turning off 10-35
worms
described 10-3
zones 10-4
Anomaly Detection pane
button functions 16-17
described 16-16
field descriptions 16-17
user roles 16-16
anomaly detection policies
ad0 10-8
adding 10-9
cloning 10-9
default policy 10-8
deleting 10-9
Anomaly Detections pane
described 10-8
field descriptions 10-9
user roles 10-8
appliances
application partition image 20-13
initializing 17-7
logging in 18-2
terminal servers
upgrading recovery partition 20-5
Application Inspection and Control see AIC
application partition
described A-3
recovering image 20-13
application policy enforcement
applications XML format A-2
applying software updates C-52
ARC
authentication A-14
blocking
application 12-1
connection-based A-16
not occurring for signature C-41
unconditional blocking A-16
block response A-12
Catalyst 6000 series switch
VACL commands A-18
VACLs A-18
Catalyst switches
VACLs A-15
VLANs A-15
described A-3
design 12-2
device access issues C-38
enabling SSH C-41
features A-13
firewalls
AAA A-17
connection blocking A-17
NAT A-17
network blocking A-17
postblock ACL A-15
preblock ACL A-15
shun command A-17
TACACS+ A-17
formerly Network Access Controller 12-1, 12-3
functions 12-1
illustration A-12
inactive state C-37
interfaces A-13
maintaining states A-15
managed devices 12-7
master blocking sensors A-13
maximum blocks 12-2
misconfigured master blocking sensor C-42
nac.shun.txt file A-15
NAT addressing A-14
number of blocks A-14
postblock ACL A-15
preblock ACL A-15
prerequisites 12-5
rate limiting 12-4
responsibilities A-12
single point of control A-14
SSH A-13
Telnet A-13
troubleshooting C-35
VACLs A-13
verifying device interfaces C-40
verifying status C-36
ARP
Layer 2 signatures B-10
protocol B-10
ARP spoof tools
dsniff B-10
ettercap B-10
assigning actions to signatures 7-17
asymmetric traffic
disabling anomaly detection C-18
Atomic ARP engine
described B-10
parameters (table) B-10
Atomic IP Advanced engine
described B-11
restrictions B-12
Atomic IP engine
parameters (table) B-21
Atomic IPv6 engine
described B-24
Neighborhood Discovery protocol B-25
signatures B-25
signatures (table) B-25
attack relevance rating
calculating risk rating 6-5, 9-3
described 6-5, 6-22, 9-3, 9-23
Attack Response Controller
described A-3
formerly known as Network Access Controller A-3
attack severity rating
calculating risk rating 6-5, 9-3
authenticated NTP 4-7, 4-8, 4-14, C-14, C-15
AuthenticationApp
authenticating users A-20
described A-3
login attempt limit A-19
method A-19
responsibilities A-19
secure communications A-20
sensor configuration A-19
Authorized Keys pane
configuring 11-3
described 11-2
field descriptions 11-2
RSA authentication 11-2
RSA key generation tool 11-3
Auto/Cisco.com Update pane
configuring 15-18
described 15-16
field descriptions 15-18
UNIX-style directory listings 15-17
user roles 15-16
automatic setup 17-1
automatic updates
Cisco.com 15-16
servers
FTP 15-16
SCP 15-16
troubleshooting C-52
automatic upgrade
examples 20-10
information required 20-6
autonegotiation for hardware bypass 5-11
auto-upgrade-option command 20-6
B
backing up
configuration C-2
current configuration C-4
basic setup 17-3
blocking
described 12-1
disabling 12-8
master blocking sensor 12-24
necessary information 12-3
not occurring for signature C-41
prerequisites 12-5
supported devices 12-5
types 12-2
Blocking Devices pane
configuring 12-15
described 12-14
field descriptions 12-14
ssh host-key command 12-15
Blocking Properties pane
adding a host never to be blocked 12-11
configuring 12-9
described 12-7
field descriptions 12-8
BO
described B-62
Trojans B-62
BO2K
described B-62
Trojans B-62
bypass mode
AIP modules 5-26
AIP-SSC-5 5-26
AIP-SSM 5-26
described 5-25
Bypass pane
field descriptions 5-25
user roles 5-25
C
calculating risk rating
attack relevance rating 6-5, 9-3
attack severity rating 6-5, 9-3
signature fidelity rating 6-5, 9-3
cannot access sensor C-23
Cat 6K Blocking Device Interfaces pane
configuring 12-23
described 12-21
field descriptions 12-22
CDP described 5-27
CDP Mode pane
configuring 5-28
field descriptions 5-28
user roles 5-27
certificates
displaying 11-11
Firefox 1-7
generating 11-11
Internet Explorer 1-7
changing Microsoft IIS to UNIX-style directory listings 15-17
cidDump and obtaining information C-90
CIDEE
defined A-31
example A-32
IPS extensions A-31
protocol A-31
supported IPS events A-32
cisco
default password 18-2
default username 18-2
Cisco.com
accessing software 19-2
Active Update Bulletins 19-10
downloading software 19-1
IPS software 19-1
software downloads 19-1
Cisco IOS rate limiting 12-4
Cisco IPS software
files 20-2
new features A-3
Cisco Security Center
described 19-11
URL 19-12
Cisco Services for IPS
clear events command 4-12, 4-16, 16-4, C-17, C-89
Clear Flow States pane described 16-28
clearing
flow states 16-28
statistics C-75
clear password command 15-6, 15-7, C-9, C-11
clock set command 4-15
Clone Event Action Rules dialog box field descriptions 9-11
Clone Policy dialog box field descriptions 7-2, 10-9
Clone Signature dialog box field descriptions 7-8
cloning
anomaly detection policies 10-9
event action rules policies 9-11
signature definition policies 7-2
signatures 7-15
command and control interface
described 5-2
list 5-2
commands
auto-upgrade-option 20-6
clear events 4-12, 4-16, 16-4, C-17, C-89
clear password 15-6, 15-7, C-9, C-11
clock set 4-15
copy backup-config C-3
copy current-config C-3
debug module-boot C-66
downgrade 20-11
hw-module module 1 reset C-65
hw-module module slot_number password-reset 15-7, C-10
setup 4-1, 17-1, 17-3, 17-7, 17-13, 17-16, 17-20, 17-25
show events C-87
show health C-68
show module 1 details C-65
show statistics C-75
show statistics virtual-sensor C-22, C-75
show tech-support C-69
show version C-72
Compare Knowledge Bases dialog box field descriptions 16-19
configuration files
backing up C-2
merging C-2
configuration restrictions
alternate TCP reset interface 5-8
inline interface pairs 5-8
inline VLAN pairs 5-8
interfaces 5-8
physical interfaces 5-8
VLAN groups 5-9
Configure Summertime dialog box field descriptions 3-4, 4-10
configuring
AIC policy parameters 7-40
allowed hosts 4-5
allowed networks 4-5
anomaly detection operation settings 10-11
application policy 7-41
authorized keys 11-3
automatic upgrades 20-8
blocking devices 12-15
blocking properties 12-9
Cat 6K blocking device interfaces 12-23
CDP mode 5-28
CPU, Memory, & Load gadget 2-9
CSA MC IPS interfaces 14-4
device login profiles 12-13
event action filters 6-15, 9-17
events 16-3
external zone 10-31
host blocks 16-7
illegal zone 10-25
inline VLAN pairs 3-10
interface pairs 5-19
interfaces 5-17
Interface Status gadget 2-6
internal zone 10-18
IP fragment reassembly signatures 7-44
IP logging 16-14
IPv4 target value rating 6-19, 9-20
IPv6 target value rating 6-21, 9-22
known host keys 11-6
learning accept mode 10-14
Licensing gadget 2-5
maintenance partition
IDSM-2 (Catalyst software) 20-31
IDSM-2 (Cisco IOS software) 20-35
master blocking sensor 12-26
network blocks 16-9
Network Security gadget 2-7
network settings 4-3
NTP servers 4-13
rate limiting 16-11
rate limiting devices 12-15
router blocking device interfaces 12-20
Sensor Health gadget 2-4
Sensor Information gadget 2-3
Sensor Setup window 3-4
sensor to use NTP 4-14
SNMP 13-2
SNMP traps 13-4
TCP fragment reassembly parameters 7-51
time 4-10
Top Applications gadget 2-8
traffic flow notifications 5-27
trusted hosts 11-10
upgrades 20-4
users 4-18
VLAN groups 5-24
VLAN pairs 5-21
control transactions
characteristics A-8
request types A-8
cookies and IDM 1-6
copy backup-config command C-3
copy current-config command C-3
correcting time on the sensor 4-12, C-17
CPU, Memory, & Load gadget
configuring 2-9
described 2-8
creating
Atomic IP Advanced signature 7-27
custom signatures
not using signature engines 8-4
using signature engines 8-2
IPv6 signatures 7-26
Meta signatures 7-24
Post-Block VACLs 12-22
Pre-Block VACLs 12-22
service account C-5
cryptographic account
Encryption Software Export Distribution Authorization from 19-2
obtaining 19-2
cryptographic features (IDM) 1-1
CSA MC
adding interfaces 14-7
configuring IPS interfaces 14-4
host posture events 14-1, 14-4
quarantined IP address events 14-1
supported IPS interfaces 14-4
CtlTransSource
illustration A-11
current
configuration backup C-2
KB setting 16-22
customizing
dashboards 2-1
gadgets 2-1
custom signatures
described 7-5
IPv6 signature 7-26
Custom Signature Wizard
no signature engine sequence 8-4
signature engine sequence 8-2
D
Dashboard pane gadgets 2-2
dashboards
adding 2-1
customizing 2-1
data structures (examples) A-7
DDoS
protocols B-62
Stacheldraht B-62
TFN B-62
debug logging enabling C-44
debug-module-boot command C-66
default policies
ad0 10-8
rules0 9-10
sig0 7-2
defaults
KB filename 10-12
password 18-2
restoring 15-23
username 18-2
virtual sensor vs0 6-3
deleting
anomaly detection policies 10-9
event action filters 6-15, 9-17
event action overrides 9-13
event action rules policies 9-11
imported OS values 16-27
IPv4 target value rating 6-19, 9-20
IPv6 target value rating 6-21, 9-22
KBs 16-23
learned OS values 16-26
signature definition policies 7-2
signature variables 7-29
virtual sensors 6-11
denied attackers
adding 16-5
clearing list 16-5
hit count 16-4
resetting hit counts 16-5
Denied Attackers pane
described 16-4
field descriptions 16-4
user roles 16-4
using 16-5
deny actions (list) 9-8
detect mode (anomaly detection) 10-4
device access issues C-38
Device Login Profiles pane
configuring 12-13
described 12-12
field descriptions 12-12
devices 12-15
Diagnostics Report pane
button functions 16-30
described 16-30
user roles 16-30
using 16-31
diagnostics reports 16-31
Differences between knowledge bases KB_Name and KB_Name window field descriptions 16-20
disabling
anomaly detection C-19
blocking 12-8
interfaces 5-17
disaster recovery C-6
displaying
events C-87
health status C-68
password recovery setting 15-10, C-13
statistics C-75
tech support information C-69
version C-72
Distributed Denial of Service see DDoS
DoS tools B-5
downgrade command 20-11
downgrading sensors 20-12
downloading
KBs 16-24
software 19-1
Download Knowledge Base From Sensor dialog box
described 16-24
field descriptions 16-24
duplicate IP addresses C-26
E
Edit Actions dialog box field descriptions 7-9
Edit Allowed Host dialog box
field descriptions 4-5
user roles 4-4
Edit Authorized Key dialog box
field descriptions 11-3
user roles 11-2
Edit Blocking Device dialog box
field descriptions 12-15
user roles 12-14
Edit Cat 6K Blocking Device Interface dialog box
field descriptions 12-23
user roles 12-21
Edit Configured OS Map dialog box
Edit Destination Port dialog box field descriptions 10-16
Edit Device Login Profile dialog box
field descriptions 12-12
user roles 12-12
Edit Event Action Filter dialog box
Edit Event Action Override dialog box
Edit Event Variable dialog box
Edit External Product Interface dialog box
field descriptions 14-6
user roles 14-5
Edit Histogram dialog box field descriptions 10-16
editing
event action filters 6-15, 9-17
event action overrides 9-13
interfaces 5-17
IPv4 target value rating 6-19, 9-20
IPv6 target value rating 6-21, 9-22
signatures 7-16
signature variables 7-29
virtual sensors 6-11
Edit Inline VLAN Pair dialog box field descriptions 3-9, 5-21
Edit Interface dialog box field descriptions 5-16
Edit Interface Pair dialog box field descriptions 5-19
Edit IP Logging dialog box field descriptions 16-14
Edit Known Host Key dialog box
field descriptions 11-5
user roles 11-4
Edit Master Blocking Sensor dialog box
field descriptions 12-25
user roles 12-24
Edit Never Block Address dialog box
field descriptions 12-10
user roles 12-7
Edit Posture ACL dialog box field descriptions 14-7
Edit Protocol Number dialog box field descriptions 10-18, 10-25
Edit Risk Level dialog box field descriptions 6-31, 9-32
Edit Router Blocking Device Interface dialog box
field descriptions 12-19
user roles 12-17
Edit Signature dialog box field descriptions 7-8
Edit Signature Variable dialog box
field descriptions 7-29
user roles 7-28
Edit SNMP Trap Destination dialog box field descriptions 13-4
Edit User dialog box
field descriptions 4-17
user roles 4-17
Edit Virtual Sensor dialog box
field descriptions 6-9
user roles 6-9
Edit VLAN Group dialog box field descriptions 5-23
enabling
debug logging C-44
event action filters 6-15, 9-17
event action overrides 9-13
interfaces 5-17
Encryption Software Export Distribution Authorization form
cryptographic account 19-2
described 19-2
engines
AIC B-7
Atomic B-9
Fixed B-26
Flood B-29
Master B-4
Multi String B-31
Normalizer B-33
Service DNS B-35
Service FTP B-37
Service Generic B-37
Service H225 B-39
Service IDENT B-43
Service MSSQL B-45
Service NTP B-45
Service P2P B-46
Service SMB Advanced B-48
Service SNMP B-50
Service SSH B-50
Service TNS B-51
Sweep Other TCP B-59
Traffic ICMP B-62
Trojan B-62
evAlert A-8
event action filters
Event Action Filters tab
event action overrides
adding 9-13
deleting 9-13
editing 9-13
enabling 9-13
Event Action Overrides tab
described 9-12
field descriptions 9-12
event action rules
described 9-2
functions 9-2
Event Action Rules (rules0) pane described 9-12
Event Action Rules pane
described 9-10
field descriptions 9-10
event action rules policies
adding 9-11
cloning 9-11
deleting 9-11
events
displaying C-87
host posture 14-2
quarantined IP address 14-2
Events pane
configuring 16-3
described 16-2
field descriptions 16-2
Event Store
data structures A-7
described A-2
examples A-7
responsibilities A-6
timestamp A-6
event types C-86
event variables
Event Variables tab
Event Viewer window field descriptions 16-3
evError A-8
evLogTransaction A-8
evShunRqst A-8
evStatus A-8
example custom signatures
Atomic IP Advanced 7-27
Meta engine 7-24
Service HTTP 8-17
String TCP 8-22
external product interfaces
adding 14-7
described 14-1
trusted hosts 14-5
External Product Interfaces pane
described 14-5
field descriptions 14-5
external zone
configuring 10-31
protocols 10-29
user roles 10-29
External Zone tab
described 10-29
tabs 10-29
user roles 10-29
F
fail-over testing 5-10
false positives described 7-4
files
Cisco IPS 20-2
IDSM-2 password recovery 15-8, C-11
Firefox
certificates 1-7
validating CAs 1-7
Fixed engine described B-26
Fixed ICMP engine parameters (table) B-26
Fixed TCP engine parameters (table) B-27
Fixed UDP engine parameters (table) B-28
Flood engine described B-29
Flood Host engine parameters (table) B-29
Flood Net engine parameters (table) B-29
flow states clearing 16-28
FTP servers supported 15-16, 20-2
G
gadgets
adding 2-1
CPU, Memory, & Load 2-8
customizing 2-1
Dashboard pane 2-2
IDM 2-2
IDM home pane 1-2
Interface Status 2-6
Licensing 2-5
Network Security 2-6
Sensor Health 2-4
Sensor Information 2-3
Top Applications 2-7
general settings
General tab
described 6-32, 9-33, 10-15, 10-23
generating diagnostics reports 16-31
Global Variables pane field description 15-15
GRUB menu password recovery 15-4, C-8
H
H.225.0 protocol B-39
H.323 protocol B-39
hardware bypass
autonegotiation 5-11
configuration restrictions 5-10
fail-over 5-10
IPS 4270-20 5-10
supported configurations 5-10
with software bypass 5-10
Home pane
device information 1-2
gadgets 1-2
health information 1-2
interface status 1-2
licensing information 1-2
system resources usage 1-2
updating 1-2
Host Blocks pane
configuring 16-7
described 16-6
host posture events
CSA MC 14-4
described 14-2
HTTP/HTTPS servers 15-16, 20-2
HTTP deobfuscation
ASCII normalization 8-15, B-41
hw-module module 1 reset command C-65
hw-module module slot_number password-reset command 15-7, C-10
I
IDAPI
described A-3
functions A-29
illustration A-30
responsibilities A-29
IDCONF
described A-30
example A-31
XML A-30
IDIOM
defined A-30
messages A-30
IDM
Analysis Engine is busy C-55
cookies 1-6
cryptographic features 1-1
gadgets 2-2
GUI 1-2
logging in 1-4
Signature Wizard supported signature engines 8-2
supported platforms 1-3
system requirements 1-3
user interface 1-2
will not load C-54
IDSM-2
command and control port C-62
configuring
maintenance partition (Catalyst software) 20-31
maintenance partition (Cisco IOS software) 20-35
initializing 17-20
installing
system image (Catalyst software) 20-29
system image (Cisco IOS software) 20-30
logging in 18-7
password recovery image file 15-8, C-11
reimaging 20-28
sessioning 18-7
setup command 17-20
supported configurations C-59
TCP reset port C-64
upgrading
maintenance partition (Catalyst software) 20-39
maintenance partition (Cisco IOS software) 20-39
illegal zone
configuring 10-25
user roles 10-22
Illegal Zone tab
described 10-22
user roles 10-22
IME time synchronization problems C-57
Imported OS pane
clearing 16-27
described 16-27
field descriptions 16-27
imported OS values
clearing 16-27
deleting 16-27
inactive mode (anomaly detection) 10-4
initializing
AIM-IPS 17-13
AIP-SSC-5 17-6
AIP-SSM 17-16
appliances 17-7
IDSM-2 17-20
NME-IPS 17-25
user roles 17-1
verifying 17-28
inline interface pair mode
configuration restrictions 5-8
described 5-12
Inline Interface Pair window
described 3-8
Startup Wizard 3-8
inline VLAN pair mode
described 5-13
supported sensors 5-13
inline VLAN pairs
configuration restrictions 5-8
configuring 3-10
Inline VLAN Pairs pane user roles 5-20
Inline VLAN Pairs window
described 3-9
field descriptions 3-9
Startup Wizard 3-9
installer major version 19-6
installer minor version 19-7
installing
system image
AIM-IPS 20-23
AIP-SSM 20-27
IDSM-2 (Catalyst software) 20-29
IDSM-2 (Cisco IOS software) 20-30
IPS-4240 20-16
IPS-4255 20-16
IPS-4260 20-19
IPS 4270-20 20-21
NME-IPS 20-40
InterfaceApp described A-2
interface pairs
configuring 5-19
described 5-18
Interface Pairs pane
configuring 5-19
described 5-18
field descriptions 5-18
user roles 5-18
interfaces
alternate TCP reset 5-2
command and control 5-2
configuration restrictions 5-8
configuring 5-17
disabling 5-17
editing 5-17
enabling 5-17
logical 3-6
physical 3-6
port numbers 5-1
slot numbers 5-1
support (table) 5-4
TCP reset 5-6
VLAN groups 5-2
Interface Selection window
described 3-8
Startup Wizard 3-8
Interfaces pane
configuring 5-17
described 5-15
field descriptions 5-15
user roles 5-15
Interface Status gadget
configuring 2-6
described 2-6
Interface Summary window described 3-6
internal zone
configuring 10-18
user roles 10-15
Internal Zone tab
described 10-15
user roles 10-15
Internet Explorer validating certificates 1-7
IP fragmentation described B-33
IP fragment reassembly
configuring 7-43
described 7-42
example signature 7-44
mode 7-43
parameters (table) 7-42
signatures 7-44
signatures (table) 7-42
IP logging
event actions 16-13
system performance 16-13
IP Logging pane
configuring 16-14
described 16-13
field descriptions 16-14
user roles 16-13
IP Logging Variables pane described 15-15
IP logs
circular buffer 16-13
states 16-13
TCPDUMP 16-13
viewing 16-14
WireShark 16-13
IPS-4240
installing system image 20-16
reimaging 20-15
IPS-4255
installing system image 20-16
reimaging 20-15
IPS-4260
installing system image 20-19
reimaging 20-19
IPS 4270-20
hardware bypass 5-10
installing system image 20-21
reimaging 20-21
IPS applications
summary A-33
table A-33
XML format A-2
IPS data
types A-7
XML document A-8
IPS events
evAlert A-8
evError A-8
evLogTransaction A-8
evShunRqst A-8
evStatus A-8
list A-8
types A-8
IPS internal communications A-29
IPS modules
time synchronization 4-8, C-16
unsupported features 3-7
IPS Policies pane
described 6-8
field descriptions 6-9
IPS software
application list A-2
available files 19-1
configuring device parameters A-4
directory structure A-32
Linux OS A-2
obtaining 19-1
platform-dependent release examples 19-8
retrieving data A-4
security features A-4
tuning signatures A-4
updating A-4
user interaction A-4
versioning scheme 19-1
IPS software file names
major updates (illustration) 19-4
minor updates (illustration) 19-4
patch releases (illustration) 19-4
service packs (illustration) 19-4
IPv4 Add Target Value Rating dialog box
IPv4 Edit Target Value Rating dialog box
IPv4 target value rating
IPv4 Target Value Rating tab
IPv6
described B-24
IPv6 Add Target Value Rating dialog box
IPv6 Edit Target Value Rating dialog box
IPv6 target value rating
IPv6 Target Value Rating tab
K
KBs
comparing 16-21
default filename 10-12
deleting 16-23
described 10-3
downloading 16-24
initial baseline 10-3
learning accept mode 10-12
loading 16-22
monitoring 16-19
renaming 16-23
saving 16-22
scanner threshold 10-12, 16-16
uploading 16-25
Known Host Keys pane
configuring 11-6
describing 11-5
field descriptions 11-5
L
Learned OS pane
clearing 16-26
described 16-26
field descriptions 16-26
learned OS values
clearing 16-26
deleting 16-26
learning accept mode
anomaly detection 10-3
configuring 10-14
Learning Accept Mode tab
described 10-12
field descriptions 10-13
user roles 10-12
license files
BSD license D-3
expat license D-12
GNU Lesser license D-22
GNU license D-17
licensing
IPS device serial number 1-8, 15-11
Licensing gadget
configuring 2-5
described 2-5
Licensing pane
field descriptions 1-11, 15-13
limitations for concurrent CLI sessions 18-1
listings UNIX-style 15-17
loading KBs 16-22
Logger
functions A-18
syslog messages A-19
logging in
AIM-IPS 18-5
AIP-SSC-5 18-6
AIP-SSM 18-6
appliances 18-2
IDM 1-4
IDSM-2 18-7
NME-IPS 18-10
sensors
SSH 18-11
Telnet 18-11
service role 18-2
user role 18-1
LOKI
described B-62
protocol B-62
loose connections and sensors C-22
M
MainApp
components A-5
host statistics A-5
responsibilities A-5
show version command A-5
maintenance partition
configuring
IDSM-2 (Catalyst software) 20-31
IDSM-2 (Cisco IOS software) 20-35
described A-3
major updates described 19-4
managing rate limiting 16-11
manual block to bogus host C-41
master blocking sensor
described 12-24
not set up properly C-42
Master Blocking Sensor pane
configuring 12-26
described 12-24
field descriptions 12-25
Master engine
alert frequency B-5
alert frequency parameters (table) B-5
described B-3
event actions B-5
general parameters (table) B-4
universal parameters B-4
merging configuration files C-2
Meta engine
parameters (table) B-30
Signature Event Action Processor 7-23, B-30
Meta Event Generator described 6-32, 9-33
minor updates described 19-4
Miscellaneous tab
button functions 7-32
configuring
application policy 7-40
IP fragment reassembly mode 7-43
IP logging 7-52
TCP stream reassembly mode 7-50
described 7-30
field descriptions 7-32
user roles 7-30
modes
anomaly detection detect 10-4
anomaly detection inactive 10-4
anomaly detection learning accept 10-3
bypass 5-25
inline interface pair 5-12
inline VLAN pair 5-13
promiscuous 5-11
VLAN Groups 5-13
modify packets inline modes 6-4
monitoring
events 16-3
KBs 16-19
Multi String engine
described B-31
parameters (table) B-32
Regex B-31
MySDN described 7-5
N
Neighborhood Discovery
options B-25
types B-25
Network Blocks pane
configuring 16-9
described 16-9
field descriptions 16-9
user roles 16-8
Network pane
configuring 4-3
field descriptions 4-2
TLS/SSL 4-3
user roles 4-2
Network Security gadget
configuring 2-7
described 2-6
network security health data reset 16-29
Network Timing Protocol see NTP
never block
hosts 12-7
networks 12-7
NME-IPS
initializing 17-25
installing system image 20-40
logging in 18-10
reimaging 20-40
session command 18-9
setup command 17-25
Normalizer engine
described B-33
IP fragment reassembly B-33
parameters (table) B-34
TCP stream reassembly B-33
Normalizer mode described 6-4
NotificationApp
alert information A-8
described A-3
functions A-8
SNMP gets A-8
SNMP traps A-8
statistics A-10
system health information A-9
NTP
authenticated 4-7, 4-8, 4-14, C-14, C-15
configuring servers 4-13
incorrect configuration 4-8, C-16
time synchronization 4-6, C-14
unauthenticated 4-7, 4-8, 4-14, C-14, C-15
NTP configuration verifying 4-9
O
obtaining
cryptographic account 19-2
IPS software 19-1
one-way TCP reset described 6-32, 9-33
Operation Settings tab
described 10-10
field descriptions 10-11
user roles 10-10
OS Identifications tab
OS maps
other actions (list) 9-9
Other Protocols tab
describing 10-17
enabling other protocols 10-17
external zone 10-31
field descriptions 10-17, 10-31
illegal zone 10-24
P
P2P networks described B-46
partitions
application A-3
maintenance A-3
recovery A-3
passive OS fingerprinting
password policy caution 15-2, 15-3
password recovery
password requirements configuration 15-2
Passwords pane
described 15-2
field descriptions 15-2
patch releases described 19-5
peacetime learning (anomaly detection) 10-3
physical connectivity issues C-30
physical interfaces configuration restrictions 5-8
platforms concurrent CLI sessions 18-1
prerequisites for blocking 12-5
promiscuous delta
calculating risk rating 6-5, 9-3
promiscuous mode
described 5-11
packet flow 5-11
protocols
ARP B-10
CIDEE A-31
DDoS B-62
H.323 B-39
H225.0 B-39
ICMPv6 B-11
IDAPI A-29
IDCONF A-30
IDIOM A-30
IPv6 B-24
LOKI B-62
MSSQL B-45
Neighborhood Discovery B-25
Q.931 B-39
SDEE A-31
Signature Wizard 8-11
Q
Q.931 protocol
described B-39
SETUP messages B-39
quarantined IP address events described 14-2
R
rate limiting
ACLs 12-5
configuring 16-11
described 12-4
managing 16-11
percentages 16-10
routers 12-4
service policies 12-5
supported signatures 12-4
Rate Limits pane
described 16-10
field descriptions 16-11
RDEP event server deprecated A-21
rebooting the sensor 15-23
Reboot Sensor pane
configuring 15-23
described 15-23
user roles 15-23
recover command 20-12
recovering
AIP-SSM C-66
application partition image 20-13
recovery partition
described A-3
upgrading 20-5
reimaging
AIM-IPS 20-23
AIP-SSC-5 20-26
AIP-SSM 20-26
appliances 20-12
described 20-1
IDSM-2 20-28
IPS-4240 20-15
IPS-4255 20-15
IPS-4260 20-19
IPS 4270-20 20-21
NME-IPS 20-40
sensors 20-1
removing
last applied
service pack 20-12
signature update 20-12
renaming KBs 16-23
Reset Network Security Health pane
described 16-29
field descriptions 16-29
user roles 16-29
reset not occurring for a signature C-50
resetting
AIP-SSM C-65
network security health data 16-29
Restore Default Interface dialog box field descriptions 3-7
Restore Defaults pane
configuring 15-23
described 15-23
user roles 15-23
restoring
current configuration C-4
defaults 15-23
risk categories
Risk Category tab
risk rating
described 6-22
ROMMON
described 20-14
IPS-4240 20-16
IPS-4255 20-16
IPS-4260 20-19
remote sensors 20-14
serial console port 20-14
TFTP 20-14
Router Blocking Device Interfaces pane
configuring 12-20
described 12-17
field descriptions 12-19
RTT
described 20-14
TFTP limitation 20-14
S
Save Knowledge Base dialog box
described 16-21
field descriptions 16-22
saving KBs 16-22
scheduling automatic upgrades 20-8
SDEE
described A-31
HTTP A-31
protocol A-31
server requests A-31
security and SSH 11-1
security information
Cisco Security Center 19-11
MySDN 7-5
security policies described 6-1, 7-1, 9-1, 10-1
sensing interfaces
described 5-3
modes 5-3
PCI cards 5-3
SensorApp
Alarm Channel A-23
Analysis Engine A-23
described A-3
event action filtering A-24
inline packet processing A-24
IP normalization A-24
packet flow A-25
processors A-22
responsibilities A-22
risk rating A-24
Signature Event Action Processor A-22, A-25
TCP normalization A-24
Sensor Health gadget
configuring 2-4
described 2-4
metrics 2-4
status 2-4
Sensor Health pane
described 15-14
field descriptions 15-15
Sensor Information gadget
configuring 2-3
described 2-3
Sensor Key pane
button functions 11-7
described 11-7
field descriptions 11-7
sensor SSH key
displaying 11-7
generating 11-7
user roles 11-7
sensors
access problems C-23
asymmetric traffic disabling anomaly detection C-18
blocking itself 12-8
configuring to use NTP 4-14
corrupted SensorApp configuration C-34
diagnostics reports 16-31
disaster recovery C-6
downgrading 20-12
incorrect NTP configuration 4-8, C-16
interface support 5-4
IP address conflicts C-26
logging in
SSH 18-11
Telnet 18-11
loose connections C-22
misconfigured access lists C-26
not seeing packets C-33
NTP time source 4-14
NTP time synchronization 4-6, C-14
partitions A-3
physical connectivity C-30
preventive maintenance C-2
process not running C-28
rebooting 15-23
reimaging 20-1
restoring defaults 15-23
sensing process not running C-28
setting up 4-1
setup command 4-1, 17-1, 17-3, 17-7
shutting down 15-24
statistics 16-32
system information 16-32
troubleshooting software upgrades C-53
upgrading 20-4
using NTP time source 4-12
Sensor Setup window
described 3-2
Startup Wizard 3-2
Server Certificate pane
button functions 11-11
certificate
displaying 11-11
generating 11-11
described 11-11
field descriptions 11-11
user roles 11-11
service account
creating C-5
TAC A-29
troubleshooting A-29
Service DNS engine
described B-35
parameters (table) B-36
Service engine
described B-35
Layer 5 traffic B-35
Service FTP engine
described B-37
parameters (table) B-37
PASV port spoof B-37
Service Generic engine
described B-37
parameters (table) B-38
Service H225 engine
ASN.1PER validation B-39
described B-39
features B-39
parameters (table) B-40
TPKT validation B-39
Service HTTP engine
parameters (table) B-41
Service IDENT engine
described B-43
parameters (table) B-43
service-module ids-sensor slot/port session command 18-4, 18-9
Service MSRPC engine
parameters (table) B-44
Service MSSQL engine
described B-45
MSSQL protocol B-45
parameters (table) B-45
Service NTP engine
described B-45
parameters (table) B-45
Service P2P engine described B-46
service packs described 19-4
Service RPC engine
Service SMB Advanced engine
described B-48
parameters (table) B-48
Service SNMP engine
described B-50
parameters (table) B-50
Service SSH engine
described B-50
parameters (table) B-51
Service TNS engine
described B-51
parameters (table) B-52
session command
AIM-IPS 18-5
AIP-SSC-5 18-6
AIP-SSM 18-6
IDSM-2 18-7
NME-IPS 18-9
sessioning
AIM-IPS 18-5
AIP-SSM 18-6
IDSM-2 18-7
NME-IPS 18-10
setting
current KB 16-22
system clock 4-16
setting up
sensors 4-1
setup
automatic 17-1
simplified mode 17-1
setup command 4-1, 17-1, 17-3, 17-7, 17-13, 17-16, 17-20, 17-25
show events command C-86, C-87
show health command C-68
show interfaces command C-85
show module 1 details command C-65
show settings command 15-10, C-13
show statistics command C-75
show statistics virtual-sensor command C-22, C-75
show tech-support command C-69
show version command C-72
Shut Down Sensor pane
configuring 15-24
described 15-24
user roles 15-24
shutting down the sensor 15-24
sig0 pane
default 7-3
described 7-3
field descriptions 7-6
signatures
assigning actions 7-17
cloning 7-14
tuning 7-16
tabs 7-3
signature/virus update files described 19-5
signature definition policies
adding 7-2
cloning 7-2
default policy 7-2
deleting 7-2
sig0 7-2
Signature Definitions pane
described 7-2
field descriptions 7-2
signature engines
AIC B-7
Atomic B-9
Atomic ARP B-10
Atomic IP Advanced B-11
Atomic IPv6 B-24
creating custom signatures 8-2
described B-1
event actions B-6
Fixed B-26
Flood B-29
Flood Host B-29
Flood Net B-29
list B-2
Multi String B-31
Normalizer B-33
Service B-35
Service DNS B-35
Service FTP B-37
Service Generic B-37
Service H225 B-39
Service IDENT B-43
Service MSSQL B-45
Service NTP engine B-45
Service P2P B-46
Service SMB Advanced B-48
Service SNMP B-50
Service SSH engine B-50
Service TNS B-51
supported by IDM 8-2
Sweep B-57
Sweep Other TCP B-59
Traffic ICMP B-62
Trojan B-62
signature engine update files described 19-6
Signature Event Action Filter
Signature Event Action Handler described 9-6, A-26
Signature Event Action Override described 9-6, A-25
Signature Event Action Processor
logical flow of events 9-7, A-26
signature fidelity rating
calculating risk rating 6-5, 9-3
signatures
adding 7-13
alert frequency 7-21
assigning actions 7-17
cloning 7-15
custom 7-5
default 7-4
described 7-4
editing 7-16
false positives 7-4
no TCP reset C-50
rate limits 12-4
subsignatures 7-4
tuned 7-4
tuning 7-16
signature updates installation time 15-17
signature variables
adding 7-29
deleting 7-29
described 7-28
editing 7-29
Signature Variables tab
configuring 7-29
field descriptions 7-29
Signature Wizard
alert behavior 8-26
Alert Response window field descriptions 8-25
Atomic IP Engine Parameters window field descriptions 8-14
described 8-1
ICMP Traffic Type window field descriptions 8-13
Inspect Data window field descriptions 8-13
MSRPC Engine Parameters window field descriptions 8-13
protocols 8-11
Protocol Type window field descriptions 8-12
Service HTTP Engine Parameters window field descriptions 8-16
Service RPC Engine Parameters window field descriptions 8-19
Service Type window field descriptions 8-14
signature identification 8-12
Signature Identification window field descriptions 8-12
State Engine Parameters window field descriptions 8-20
String ICMP Engine Parameters window field descriptions 8-20
String TCP Engine Parameters window field descriptions 8-21
String UDP Engine Parameters window field descriptions 8-24
supported signature engines 8-2
Sweep Engine Parameters window field descriptions 8-25
TCP Sweep Type window field descriptions 8-14
TCP Traffic Type window field descriptions 8-14
UDP Sweep Type window field descriptions 8-13
UDP Traffic Type window field descriptions 8-13
using 8-5
Welcome window field descriptions 8-11
SNMP
configuring 13-2
described 13-1
Get 13-1
GetNext 13-1
Set 13-1
Trap 13-1
SNMP General Configuration pane
configuring 13-2
described 13-2
field descriptions 13-2
user roles 13-2
SNMP traps
configuring 13-4
described 13-1
SNMP Traps Configuration pane
described 13-3
field descriptions 13-4
user roles 13-3
software architecture
ARC (illustration) A-12
IDAPI (illustration) A-30
software bypass
supported configurations 5-10
with hardware bypass 5-10
software downloads Cisco.com 19-1
software file names
recovery (illustration) 19-6
signature/virus updates (illustration) 19-5
signature engine updates (illustration) 19-6
system image (illustration) 19-6
software release examples
platform-dependent 19-8
platform identifiers 19-8
platform-independent 19-7
software updates
supported FTP servers 15-16, 20-2
supported HTTP/HTTPS servers 15-16, 20-2
SPAN port issues C-30
SSH
security 11-1
understanding 11-1
SSH Server
private keys A-20
public keys A-20
standards
CIDEE A-31
IDCONF A-30
IDIOM A-30
SDEE A-31
Startup Wizard
access lists 3-3
adding virtual sensors 3-12
Add Virtual Sensor dialog box 3-11
described 3-1
Inline Interface Pair window
described 3-8
field descriptions 3-8
Inline VLAN Pairs window configuration 3-10
Interface Selection window 3-8
Interface Summary window 3-6
Sensor Setup window
configuring 3-4
field descriptions 3-2
Traffic Inspection Mode window 3-8
Virtual Sensors window
described 3-11
field descriptions 3-11
State engine
parameters (table) B-53
Statistics pane
button functions 16-31
categories 16-31
described 16-31
using 16-32
statistics viewing 16-32
String engine described 8-20, 8-21, 8-24, B-54
String ICMP engine parameters (table) B-55
String TCP engine parameters (table) B-55
String UDP engine parameters (table) B-56
subinterface 0 described 5-14
subsignatures described 7-4
summarization
Summarizer described 6-32, 9-33
Summary pane
button functions 5-15
described 5-14
supported
HTTP/HTTPS servers 15-16, 20-2
IDM platforms 1-3
IDSM-2 configurations C-59
IPS interfaces for CSA MC 14-4
Sweep engine
Sweep Other TCP engine described B-59
switch commands for troubleshooting C-59
system architecture
directory structure A-32
supported platforms A-1
system clock setting 4-16
system components IDAPI A-30
System Configuration Dialog
described 17-2
example 17-2
system image
installing
AIM-IPS 20-23
AIP-SSC-5 20-26
AIP-SSM 20-26
IPS-4240 20-16
IPS-4255 20-16
IPS-4260 20-19
IPS 4270-20 20-21
IDSM-2 (Catalyst software) 20-29
IDSM-2 (Cisco IOS software) 20-30
NME-IPS 20-40
System Information pane
described 16-32
using 16-32
system information viewing 16-32
system requirements IDM 1-3
T
TAC
service account 4-17, A-29, C-4
show tech-support command C-69
target value rating
calculating risk rating 6-5, 9-3
described 6-5, 6-18, 6-20, 9-3, 9-19, 9-21
TCP fragmentation described B-33
TCP Protocol tab
enabling TCP 10-15
external zone 10-29
field descriptions 10-16
illegal zone 10-23
TCP reset interfaces
conditions 5-7
described 5-6
list 5-7
TCP resets
IDSM-2 port C-64
not occurring C-50
TCP stream reassembly
described 7-45
mode 7-50
parameters (table) 7-46
signatures (table) 7-46
terminal server setup 18-3, 20-15
testing fail-over 5-10
TFN2K
described B-62
Trojans B-62
TFTP and RTT 20-14
TFTP servers
recommended
UNIX 20-14
Windows 20-14
threat rating described 6-6, 9-4
Thresholds for KB Name window
described 16-18
field descriptions 16-18
filtering information 16-18
time correcting on the sensor 4-12, C-17
Time pane
configuring 4-10
described 4-6
field descriptions 4-9
user roles 4-6
time sources
time synchronization and IPS modules 4-8, C-16
TLS
described 4-3
Top Applications gadget
configuring 2-8
described 2-7
Traffic Anomaly engine
traffic flow notifications
configuring 5-27
described 5-26
Traffic Flow Notifications pane
configuring 5-27
field descriptions 5-27
user roles 5-26
Traffic ICMP engine
DDoS B-62
described B-62
LOKI B-62
parameters (table) B-62
TFN2K B-62
Traffic Inspection Mode window described 3-8
Traps Configuration pane configuration 13-4
Tribe Flood Network 2000 see TFN2K
Trojan engine
BO2K B-62
described B-62
TFN2K B-62
Trojans
BO B-62
BO2K B-62
LOKI B-62
TFN2K B-62
troubleshooting
AIP-SSM
commands C-65
debugging C-66
recovering C-66
reset C-65
Analysis Engine busy C-55
applying software updates C-52
ARC
blocking not occurring for signature C-41
device access issues C-38
enabling SSH C-41
inactive state C-37
misconfigured master blocking sensor C-42
verifying device interfaces C-40
automatic updates C-52
cannot access sensor C-23
cidDump C-90
cidLog messages to syslog C-48
communication C-23
corrupted SensorApp configuration C-34
debug logger zone names (table) C-48
debug logging C-44
disaster recovery C-6
duplicate sensor IP addresses C-26
enabling debug logging C-44
external product interfaces 14-10, C-21
gathering information C-68
IDM
cannot access sensor C-55
will not load C-54
IDSM-2
command and control port C-62
diagnosing problems C-58
serial cable C-64
status indicator C-60
switch commands C-59
IME time synchronization C-57
IPS modules time drift 4-8, C-16
manual block to bogus host C-41
misconfigured access list C-26
NTP C-49
physical connectivity issues C-30
preventive maintenance C-2
reset not occurring for a signature C-50
sensing process not running C-28
sensor events C-86
sensor loose connections C-22
sensor not seeing packets C-33
sensor software upgrade C-53
show events command C-86
show interfaces command C-84, C-85
show statistics command C-74, C-75
show tech-support command C-69, C-70
show version command C-72
software upgrades C-51
SPAN port issue C-30
upgrading to 6.0 C-51
verifying Analysis Engine is running C-20
verifying ARC status C-36
Trusted Hosts pane
configuring 11-10
described 11-9
field descriptions 11-10
tuned signatures described 7-4
tuning
AIC signatures 7-41
IP fragment reassembly signatures 7-44
signatures 7-16
turning off anomaly detection 10-35
U
UDP Protocol tab
described 10-17, 10-23, 10-24, 10-30
enabling UDP 10-17
external zone 10-30
field descriptions 10-30
unassigned VLAN groups described 5-14
unauthenticated NTP 4-7, 4-8, 4-14, C-14, C-15
UNIX-style directory listings 15-17
Update Sensor pane
configuring 15-21
described 15-20
field descriptions 15-21
user roles 15-20
updating
Cisco.com 15-20
FTP server 15-20
Home pane 1-2
sensors 15-21
upgrading
maintenance partition
IDSM-2 (Catalyst software) 20-39
IDSM-2 (Cisco IOS software) 20-39
minimum required version 19-9
recovery partition 20-5, 20-12
sensors 20-4
to 6.x C-51
to 6.2 19-9
uploading KBs
FTP 16-25
SCP 16-25
Upload Knowledge Base to Sensor dialog box
described 16-25
field descriptions 16-25
URLs for Cisco Security Center 19-12
Users pane
configuring 4-18
field descriptions 4-17
user roles A-28
using
debug logging C-44
TCP reset interfaces 5-7
V
VACLs
described 12-2
Post-Block 12-22
Pre-Block 12-22
verifying
NTP configuration 4-9
sensor initialization 17-28
sensor setup 17-28
viewing
IP logs 16-14
statistics 16-32
system information 16-32
virtual sensors
default virtual sensor 6-3, 6-8
deleting 6-11
editing 6-11
stream segregation 6-4
Virtual Sensors window described 3-11
VLAN groups
802.1q encapsulation 5-14
configuration restrictions 5-9
configuring 5-24
deploying 5-23
described 5-13
switches 5-23
VLAN Groups pane
configuring 5-24
described 5-22
field descriptions 5-23
user roles 5-22
VLAN IDs 5-22
VLAN Pairs pane
configuring 5-21
describing 5-20
field descriptions 5-20
W
watch list rating
calculating risk rating 6-6, 9-4
Web Server
HTTP 1.0 and 1.1 support A-21
private keys A-20
public keys A-20
SDEE support A-21
worms
Blaster 10-2
Code Red 10-2
Nimbda 10-2
protocols 10-3
Sasser 10-2
scanners 10-3
Slammer 10-2
SQL Slammer 10-2
Z
zones
external 10-4
illegal 10-4
internal 10-4