-
Installing Management Center for IDS Sensors 1.2 and Monitoring Center for Security 1.2
-
Preface
-
Product Overview
-
Installing, Upgrading, and Uninstalling IDS MC and Security Monitor on Windows
-
Installing, Upgrading, and Uninstalling IDS MC and Security Monitor on Solaris
-
Preparing to Use IDS MC and Security Monitor
-
Troubleshooting
-
Bootstrapping an IDS Sensor Running Cisco Intrusion Detection System Version 3.x Software
-
Initializing an IDS Sensor Running Cisco Intrusion Detection System Version 4.0 Software
-
Index
-
Table of Contents
Initializing an IDS Sensor Running Cisco Intrusion Detection System Version 4.x SoftwareInitializing the Sensor
Creating the Service Account
Upgrading the BIOS on the IDS-4235 and IDS-4250
Initializing an IDS Sensor Running Cisco Intrusion Detection System Version 4.x Software
This appendix describes how to initialize an IDS Sensor running Cisco Intrusion Detection System (IDS) version 4.x software. For more detailed information about installing and setting up a sensor, see the Quick Start Guide for the Cisco Intrusion Detection System Version 4.0 and Quick Start Guide for the Cisco Intrusion Detection System Version 4.1. This appendix contains the following sections:
Initializing the Sensor
After you install the sensors on your network, you can use the setup command to initially configure them.
 |
Note If you have an IDS-4235 or IDS-4250, you must apply the BIOS upgrade before installing the version 4.0 software. See Upgrading the BIOS on the IDS-4235 and IDS-4250. |
|
Note For support reasons, you must set up the service account after initializing the sensor. See Creating the Service Account. |
To initially configure the sensor, follow these steps:
Step 1 Log into the CLI.
a. Session in to the IDS module by entering the session module_number command at the prompt.
b. Log into the IDS appliance by using a serial connection or with a monitor and keyboard.
Step 2 You are prompted to change the default password.
 |
Caution If you forget your password, you may have to re-image your sensor, unless there is another user with administrator privileges. The other administrator can log in and assign a new password to the user who forgot his password. Or, if you have created the service account, you can have TAC create a password. See Creating the Service Account, for more information. |
After you change the password, the sensor# prompt appears.
Step 3 Enter the setup command.
The System Configuration Dialog is displayed
Step 4 Press the spacebar to get to the following question:
Continue with configuration dialog? [yes]:
Step 5 Enter yes to continue.
Step 6 Enter the following information:
The hostname is a case-sensitive character string up to 256 characters. Numbers, "_" and "-" are valid, but spaces are not acceptable. The default is sensor.
An IP address is a 32-bit address written as four octets separated by periods, X.X.X.X, where X = 0-255. The default is 10.1.9.201.
The netmask is a 32-bit address written as four octets separated by periods, X.X.X.X, where X = 0-255. The default for a Class C address is 255.255.255.0.
The default gateway is the default router IP address for the appliance. The default is 10.1.9.1.
You can disable or enable Telnet services. The default is disabled.
The web server port is the TCP port used by the web server (1 to 65535). The default is 443.
|
Note If you change the web server port, you must specify the port in the URL address of your browser when you connect to IDS Device Manager in the format https://sensor ip address:port (for example, https://10.1.9.201:1040). |
Step 7 Enter yes to save the configuration.
Configuration Saved.
Warning: The node must be rebooted for the changes to go into effect.
Step 8 Enter no to avoid rebooting the sensor at this time.
If you modified the IP address, netmask, default gateway or web port, you are prompted for reboot.
Warning: The changes will not go into effect until the node is rebooted. Please use the reset command to complete the configuration.
Step 9 Modify the network access lists to allow remote access:
networkParams
-----------------------------------------------
ipAddress: 10.1.9.201
netmask: 255.255.255.0 default: 255.255.255.0
defaultGateway: 10.1.9.1
hostname: sensor
telnetOption: disabled default: disabled
accessList (min: 0, max: 512, current: 1)
-----------------------------------------------
ipAddress: 10.0.0.0
netmask: 255.0.0.0 default: 255.255.255.255
|
Note The access list contains a default network address entry 10.0.0.0/255.0.0.0. You must remove this and modify the access list to suit your network. |
networkParams
-----------------------------------------------
ipAddress: 10.1.9.201
netmask: 255.255.255.0 default: 255.255.255.0
defaultGateway: 10.1.9.1
hostname: sensor
telnetOption: disabled default: disabled
accessList (min: 0, max: 512, current: 2)
-----------------------------------------------
ipAddress: 10.1.2.3
netmask: 255.255.255.255 <defaulted>
xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 xd1 -
ipAddress: 10.10.10.0
netmask: 255.255.255.0 default: 255.255.255.255
Step 10 Configure the time:
b. Specify the standard time offset from UTC in minutes (negative numbers represent time zones west of the Prime Meridian):
|
Note The default recurring summertime parameters are correct for time zones in the United States. The default values specify a start time of 2 a.m. on the first Sunday in April, and a stop time of 2 a.m. on the fourth Sunday in October. The default summertime offset is 60 minutes. |
sensor(config-Host-tim-sum)# exit
sensor(config-Host-tim)# exit
Step 11 Exit configure host mode:
Step 12 Enter yes to apply the changes.
Step 13 Enter no to avoid rebooting the sensor at this time.
Continue with reboot? [yes]: no
Warning: The changes will not go into effect until the node is rebooted. Please use the reset command to complete the configuration.
Step 14 Exit configure terminal mode:
Step 15 Set the clock:
|
Note This step does not apply to the IDS module. You can manually set the clock only on the IDS appliance. |
Step 16 Generate the self-signed X.509 certificate (needed by TLS) by entering the following command:
MD5 fingerprint is 47:B4:C9:36:B1:E7:D2:5E:D1:3E:F6:B7:83:F4:68:60
SHA1 fingerprint is 8B:26:BB:EB:04:D4:9F:27:02:0E:25:F7:BE:0E:91:4F:B8:0A:CF:7B
Step 17 Write down the certificate fingerprints.
You will need these to check the authenticity of the certificate when connecting to this sensor with a web browser.
Step 18 Reboot the sensor:
Step 19 Enter yes to continue rebooting the sensor.
Continue with reset? : yes
Request Succeeded.
Creating the Service Account
You should create a service account for TAC to use during troubleshooting. Although more than one user can have access to the sensor, only one user can have service privileges on a sensor. The service account is for support purposes only.
|
Caution Do not make modifications to the sensor through the service account except under the direction of TAC. If you use the service account to configure the sensor, your configuration is not supported by TAC. We do not support the addition and/or running of an additional service to the operating system through the service account, because it affects the proper performance and proper functioning of the other IDS services. TAC does not support a sensor on which additional services have been added. |
To create the service account, follow these steps:
Step 1 Log into the CLI.
Step 2 Enter configure terminal mode:
Step 3 Create the service account:
Step 4 Enter the password when prompted.
Step 5 Exit configure terminal mode:
When you enter the service account, you receive the following warning:
*********************************************************
Upgrading the BIOS on the IDS-4235 and IDS-4250
You must upgrade the BIOS on your IDS-4235 and IDS-4250 appliances before you install the version 4.0 software.
|
Caution Do not apply this BIOS upgrade to appliance models other than the IDS-4235 and IDS-4250. |
To create and boot the IDS-4235 or IDS-4250 BIOS upgrade diskette, follow these steps:
Step 1 Copy BIOS_A04.exe to a Windows system.
You can find the file in the /BIOS directory on the Cisco Intrusion Detection System 4.0 Upgrade/Recovery CD, or you can download it from Cisco.com. Refer to Release Notes for the Cisco Intrusion Detection System Version 4.0 for the procedure for getting to the IDS version 4.0 page on Cisco.com.
|
Note You must have a Cisco.com account with cryptographic access before you can download software from the IDS page. Refer to Release Notes for the Cisco Intrusion Detection System Version 4.0 for the procedure. |
Step 2 Insert a blank 1.44-MB diskette in the Windows system.
Step 3 Double-click the downloaded BIOS update file, BIOS_A04.exe, on the Windows system to generate the BIOS update diskette.
Step 4 Insert the newly created BIOS update diskette in your IDS-4235 or IDS-4250.
 |
Warning Do not power off or manually reboot the appliance during Step 5. |
|
Caution You cannot upgrade the BIOS from a console connection. You must connect a keyboard and monitor to the appliance so that you can see the output on the monitor. |
Step 5 Boot the IDS appliance and follow the on-screen instructions.
Step 6 Remove the BIOS update diskette from the appliance while the appliance is rebooting, otherwise the BIOS upgrade will be started again.