- Preface
- Getting Started
- Configuring Dashboards
- Using the Startup Wizard
- Setting Up the Sensor
- Configuring Interfaces
- Configuring Policies
- Defining Signatures
- Using the Signature Wizard
- Configuring Event Action Rules
- Configuring Anomaly Detections
- Configuring Global Correlation
- Configuring SSH and Certificates
- Configuring Attack Response Controller for Blocking and Rate Limiting
- Managing Time-Based Actions
- Configuring SNMP
- Configuring External Product Interfaces
- Managing the Sensor
- Monitoring the Sensor
- Initializing the Sensor
- Logging In to the Sensor
- Obtaining Software
- Upgrading, Downgrading, and Installing System Images
- System Architecture
- Signature Engines
- Troubleshooting
- Glossary
- Index
Cisco Intrusion Prevention System Device Manager Configuration Guide for IPS 7.3
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- May 19, 2014
Chapter: Obtaining Software
Obtaining Software
This chapter describes how to obtain and install the latest Cisco IPS software, and contains the following topics:
IPS 7.3 File List
The currently supported IPS 7.3( x ) versions are 7.3(1)E4 and IPS 7.3(2)E4 All IPS sensors are not supported in each 7.3( x ) version.
For a list of the specific IPS filenames and the IPS versions that each sensor supports, refer to the Release Notes for your IPS version found at this URL:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_release_notes_list.html
Obtaining Cisco IPS Software
You can find major and minor updates, service packs, signature and signature engine updates, system and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com. Signature updates are posted to Cisco.com approximately every week, more often if needed. Service packs are posted to Cisco.com in a release train format, a new release every three months. Major and minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.
You must have an account with cryptographic access before you can download software. You set this account up the first time you download IPS software from the Download Software site.
Note You must be logged in to Cisco.com to download software. You must have an active IPS maintenance contract and a Cisco.com password to download software. You must have a sensor license to apply signature updates.
Downloading Cisco IPS Software
To download software on Cisco.com, follow these steps:
Log in to
Cisco.com
.
Step 2 From the Support drop-down menu, choose
Download Software
.
Step 3 Under Select a Software Product Category, choose
Security Software
.
Step 4 Choose
Intrusion Prevention System (IPS)
.
Step 5 Enter your username and password.
Step 6 In the Download Software window, choose
IPS Appliances > Cisco Intrusion Prevention System
and then click the version you want to download.
Note You must have an IPS subscription service license to download software.
Step 7 Click the type of software file you need. The available files appear in a list in the right side of the window. You can sort by file name, file size, memory, and release date. And you can access the Release Notes and other product documentation.
Step 8 Click the file you want to download. The file details appear.
Step 9 Verify that it is the correct file, and click
Download
.
Step 10 Click
Agree
to accept the software download rules. The File Download dialog box appears. The first time you download a file from Cisco.com, you must fill in the Encryption Software Export Distribution Authorization form before you can download the software.
a. Fill out the form and click
Submit
. The Cisco Systems Inc. Encryption Software Usage Handling and Distribution Policy appears.
b. Read the policy and click
I Accept
. The Encryption Software Export/Distribution Form appears.
If you previously filled out the Encryption Software Export Distribution Authorization form, and read and accepted the Cisco Systems Inc. Encryption Software Usage Handling and Distribution Policy, these forms are not displayed again.
Step 11 Open the file or save it to your computer.
Step 12 Follow the instructions in the Readme or the Release Notes to install the update.
- For more information about IPS maintenance contracts and the procedure for obtaining and installing the license key, see Configuring Licensing.
- For an explanation of the IPS file versioning scheme, see IPS Software Versioning.
IPS Software Versioning
When you download IPS software images from Cisco.com, you should understand the versioning scheme so that you know which files are base files, which are cumulative, and which are incremental.
Note The software version installed on your sensor is listed in the Sensor Information gadget in the Home pane of IDM.
A major update contains new functionality or an architectural change in the product. For example, the Cisco IPS 7.3 base version includes everything (except deprecated features) since the previous major release (the minor update features, service pack fixes, and signature updates) plus any new changes. Major update 7.3(1) requires 5.1(6) and later. With each major update there are corresponding system and recovery packages.
Note The 7.3(1) major update is used to upgrade 5.1(6) and later sensors to 7.3(1) If you are reinstalling 7.3(1) on a sensor that already has 7.3(1) installed, use the system image or recovery procedures rather than the major update.
A minor update is incremental to the major version. Minor updates are also base versions for service packs. The first minor update for 7.3 is 7.4. Minor updates are released for minor enhancements to the product. Minor updates contain all previous minor features (except deprecated features), service pack fixes, signature updates since the last major version, and the new minor features being released. You can install the minor updates on the previous major or minor version (and often even on earlier versions). The minimum supported version needed to upgrade to the newest minor version is listed in the Readme that accompanies the minor update. With each minor update there are corresponding system and recovery packages.
A service packs is cumulative following a base version release (minor or major). Service packs are released in a train release format with several new features per train. Service packs contain all service pack fixes since the last base version (minor or major) and the new features and defect fixes being released. Service packs require the minor version. The minimum supported version needed to upgrade to the newest service pack is listed in the Readme that accompanies the service pack. Service packs also include the latest engine update. For example, if service pack 7.3(3) is released, and E4 is the latest engine level, the service pack is released as 7.3(3)E4.
A patch release is used to address defects that are identified in the upgrade binaries after a software release. Rather than waiting until the next major or minor update, or service pack to address these defects, a patch can be posted. Patches include all prior patch releases within the associated service pack level. The patches roll into the next official major or minor update, or service pack.
Before you can install a patch release, the most recent major or minor update, or service pack must be installed. For example, patch release 7.3(1p1) requires 7.3(1).
Note Upgrading to a newer patch does not require you to uninstall the old patch. For example, you can upgrade from patch 7.3(1p1) to 7.3(1p2) without first uninstalling 7.3(1p1).
Figure 21-1 illustrates what each part of the IPS software file represents for major and minor updates, service packs, and patch releases.
Figure 21-1 IPS Software File Name for Major and Minor Updates, Service Packs, and Patch Releases
Signature Update and Singnature Engine Update
A signature update is a package file containing a set of rules designed to recognize malicious network activities. Signature updates are released independently from other software updates. Each time a major or minor update is released, you can install signature updates on the new version and the next oldest version for a period of at least six months. Signature updates are dependent on a required signature engine version. Because of this, a req designator lists the signature engine required to support a particular signature update. Signature updates also contain the latest threat profile updates. If there is a new threat profile, it will be installed along with the signature update.
The signature engine update is contained in the signature updates.
Figure 21-2 illustrates what each part of the IPS software file represents for signature updates and signagure engine updates.
Figure 21-2 IPS Software File Name for Signature Updates and Signature Engine Updates
Recovery and System Image Files
Recovery and system image files contain separate versions for the installer and the underlying application. The installer version contains a major and minor version field. The major version is incremented by one of any major changes to the image installer, for example, switching from .tar to rpm or changing kernels. The minor version can be incremented by any one of the following:
- Minor change to the installer, for example, a user prompt added.
- Repackages require the installer minor version to be incremented by one if the image file must be repackaged to address a defect or problem with the installer.
Figure 21-3 illustrates what each part of the IPS software file represents for recovery and system image filenames.
Figure 21-3 IPS Software File Name for Recovery and System Image Files
For a table listing the types of files with examples of filenames and corresponding software releases, see Software Release Examples.
Software Release Examples
Table 21-1 lists the Cisco IPS software release examples.
Table 21-1 Cisco IPS Software Release Examples
Signature update and signature engine update1 |
Weekly for signature updates, as needed for signature engine updates |
|||
Service packs2 |
||||
Minor version update3 |
||||
Major version update4 |
||||
Patch release5 |
||||
Recovery package6 |
||||
System image7 |
Table 21-2 describes the platform identifiers used in filenames.
- For instructions on how to access these files on Cisco.com, see Obtaining Cisco IPS Software.
- For procedures for installing the various software files, see Chapter22, “Upgrading, Downgrading, and Installing System Images”
Accessing IPS Documentation
You can find IPS documentation at this URL:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_series_home.html
Or to access IPS documentation from Cisco.com, follow these steps:
Log in to
Cisco.com
.
Step 3 Under Support at the bottom of the page, click
Documentation
.
Step 4 Choose
Products > Security > Intrusion Prevention System (IPS) > IPS Appliances > Cisco IPS 4200 Series Sensors
. The Cisco IPS 4200 Series Sensors page appears. All of the most up-to-date IPS documentation is on this page.
Note Although you will see references to other IPS documentation sites on Cisco.com, this is the site with the most complete and up-to-date IPS documentation.
Step 5 Click one of the following categories to access Cisco IPS documentation:
Note You must be logged into Cisco.com to access the software download site.
- Release and General Information —Contains documentation roadmaps and release notes.
- Reference Guides —Contains command references and technical references.
- Design —Contains design guide and design tech notes.
- Install and Upgrade —Contains hardware installation and regulatory guides.
- Configure —Contains configuration guides for IPS CLI, IDM, and IME.
- Troubleshoot and Alerts —Contains TAC tech notes and field notices.
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current vulnerabilities and security threats. It also has reports on other security topics that help you protect your network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
http://tools.cisco.com/security/center/home.x
Cisco Security Intelligence Operations is also a repository of information for individual signatures, including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
Feedback