IOS IPS Auto Update Functionality

Cisco provides IOS Intrusion Prevention System (IPS) software and signature updates on a regular basis. The IOS IPS Auto Update feature does a periodic update of these signatures automatically. In Cisco IOS Release 15.5(2)T and later releases, the auto update is provided by the BSD infrastructure. Prior to this release, the auto update was done by the IDA application.

This module provides an overview of the feature and explains how to configure it.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About IOS IPS Auto Update Functionality

IOS IPS Auto Update Overview

Cisco IOS Intrusion Prevention System (IPS) protects a network infrastructure from malicious traffic or attacks. Cisco provides IOS IPS software and signature updates on a regular basis. As new forms of network attacks are devised, new signatures are developed to combat them. IOS IPS auto update does a periodic update of these signatures automatically.

In Cisco IOS Release 15.5(2)T and later releases, IOS IPS auto update uses the Borderless Software Delivery (BSD) infrastructure. IOS IPS auto update will only support update requests coming through BSD. Prior to this release, IDA was used for auto update.

IOS IPS auto update supports two kinds of auto updates and these are:

  • Auto update from a local FTP/TFTP server:

    You can configure IOS IPS to automatically update its signatures from a local URL (using FTP/TFTP). You need to manually download the signature file from Cisco.com and place it in the FTP/TFTP server path which is configured in IOS IPS. Based on the configuration, IOS IPS periodically updates its signatures from the local server path.

    Note: Auto update from local a local URL does not verify if the signature file is the latest or not; but takes the signature file that is available in the configured location.

  • Auto update from www.cisco.com:

    You can configure IOS IPS to automatically update its signatures from Cisco.com. IOS IPS checks for the latest signature package availability, and if an upgrade to the currently running signature version is available, the signature is downloaded and upgraded.

Catalog File Service Functionality

Borderless Software Delivery (BSD) server provides the catalog file service functionality to support selective IOS IPS image update.

A catalog which consists of filters corresponding to image versions and packages which are supported for these image versions are uploaded on the BSD server. When the IOS IPS sends a request through the BSD client, the server sends a response that contains the list of software updates available for the image version running on the router. The IOS IPS interface selects the software update to be retrieved from the BSD server, and downloads the image. Image download from Cisco.com is done using HTTP.

You can configure the interval at which to initiate the auto update. IOS IPS starts a timer based on the configured interval, and on expiry of the timer the auto update starts.

How to Configure IOS IPS Auto Update Functionality

Configuring IOS IPS Auto Update

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip ips auto-update

    4.    cisco

    5.    occur-at [monthly | weekly] days minutes hours

    6.    username name password password

    7.    exit

    8.    bsd-client server url url

    9.    password encryption aes

    10.    key config-key password-encryption

    11.    exit

    12.    show ip ips configuration


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example: 
    Device> enable
     
    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example: 
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip ips auto-update


    Example: 
    Device(config)# ip ips auto-update
     

    Enables automatic signature updates for Cisco IOS Intrusion Prevention System (IPS) and enters IPS-auto-update configuration mode.

     
    Step 4 cisco


    Example: 
    Device(config-ips-auto-update)# cisco
     

    Enables automatic IOS IPS signature updates from Cisco.com.

     
    Step 5 occur-at [monthly | weekly] days minutes hours


    Example: 
    Device(config-ips-auto-update)# occur-at weekly 4 23 23
     

    Defines a preset time after which IOS IPS automatically obtains updated signature information.

     
    Step 6 username name password password


    Example: 
    Device(config-ips-auto-update)# username myips password secret
     

    Defines a username and password to access signature files from the server.

     
    Step 7 exit


    Example: 
    Device(config-ips-auto-update)# exit
     

    Exits IPS-auto-update configuration mode and returns to global configuration mode.

     
    Step 8 bsd-client server url url


    Example: 
    Device(config)# bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
     

    Configures the Borderless Software Delivery (BSD) server URL to auto download signatures.

     
    Step 9 password encryption aes


    Example: 
    Device(config)# password encryption aes
     

    Enables a type 6 encrypted preshared key.

     
    Step 10 key config-key password-encryption


    Example: 
    Device(config)# key config-key password-encryption
     

    Stores a type 6 encryption key in local NVRAM.

     
    Step 11 exit


    Example: 
    Device(config)# exit
     

    Exits global configuration mode and returns to privileged EXEC mode.

     
    Step 12 show ip ips configuration


    Example: 
    Device# show ip ips configuration
     

    Displays IPS information such as configured sessions, signatures, and additional configuration information that includes default values.

     
    Example

    The following is sample output from the show ip ips configuration command: 

    Device# show ip ips configuration

Event notification through syslog is enabled
Event notification through Net Director is enabled
Default action(s) for info signatures is alarm
Default action(s) for attack signatures is alarm
Default threshold of recipients for spam signature is 25
PostOffice:HostID:5 OrgID:100 Addr:10.2.7.3 Msg dropped:0
HID:1000 OID:100 S:218 A:3 H:14092 HA:7118 DA:0 R:0
    CID:1 IP:172.16.0.20 P:45000 S:ESTAB (Curr Conn)
 
Audit Rule Configuration
 Audit name AUDIT.1
    info actions alarm

    Configuration Examples for IOS IPS Auto Update Functionality

    Verifying IOS IPS Auto Update Functionality

    Use the following commands to verify your IOS IPS auto update functionality:

    SUMMARY STEPS

      1.    enable

      2.    show ip ips auto-update

      3.    show ip ips statistics

      4.    clear ip ips statistics


    DETAILED STEPS
      Step 1   enable


      Example: 
      Device> enable
      Enables privileged EXEC mode.

      • Enter your password if prompted

      Step 2   show ip ips auto-update


      Example:

      Displays the automatic signature update configuration. 

      Device# show ip ips auto-update
      Step 3   show ip ips statistics


      Example:

      Displays the information such as the number of packets audited and the number of alarms sent. 

      Device# show ip ips statistics
      Step 4   clear ip ips statistics


      Example:

      Resets statistics of packets analyzed and alarms sent. 

      Device# clear ip ips statistics

      Example: Configuring IOS IPS Auto Update

      Device# configure terminal
Device(config)# ip ips auto-update
Device(config-ips-auto-update)# cisco
Device(config-ips-auto-update)# occur-at weekly 4 23 23 
Device(config-ips-auto-update)# username myips password secret
Device(config-ips-auto-update)# exit
Device(config)# bsd-client server https://cloudsso.cisco.com/as/token.oauth2
Device(config)# password encryption aes
Device(config)# key config-key password-encryption
Device(config)# end

      Additional References for IOS IPS Auto Update Functionality

      Related Documents

      Related Topic

      Document Title

      Cisco IOS commands

      Cisco IOS Master Command List, All Releases

      Security commands

      Technical Assistance

      Description Link

      The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

      To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

      Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​support

      Feature Information for IOS IPS Auto Update Functionality

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

      Table 1 Feature Information for IOS IPS Auto Update Functionality

      Feature Name

      Software Releases

      Feature Configuration Information

      IOS IPS Auto Update Functionality

      15.5(2)T

      Cisco provides IOS Intrusion Prevention System (IPS) software and signature updates on a regular basis. The IOS IPS Auto Update feature does a periodic update of these signatures automatically. In Cisco IOS Release 15.5(2)T and later releases, the auto update is provided by the BSD infrastructure. Prior to this release, the auto update was done by the IDA application.

      The following commands were introduced or modified for this feature: bsd-client server, clear ip ips statistics, ips signature update, show ip ips auto-update, show ip ips statistics.