Cisco IPS-4240-K9 - Intrusion Protection Sys 4240, IOS Getting Started Manual

White Paper

Getting Started with Cisco IOS IPS with 5.x Format Signatures: A Step-by-Step Guide

This guide is divided into two sections: Getting Started with Cisco IOS® IPS and Signature Tuning.

The first section of the guide provides a detailed step-by-step process using the Cisco IOS Software command-line interface (CLI) to get started in using the Cisco IOS IPS 5.x format signatures. It contains the following five steps:

Step 1: Downloading Cisco IOS IPS Files Step 2: Creating Directory on Flash Step 3: Configuring Cisco IOS IPS Crypto Key Step 4: Enabling Cisco IOS IPS Step 5: Loading Signatures to Cisco IOS IPS

Each step and specific commands are described. The Additional Commands and References section under each step provides additional information. Example configurations are displayed in a box below each command.

The second section of the guide provides instructions and examples on advanced options for signature tuning. Topics include:



Enable/Disable Signatures



Retire/Unretire Signatures



Change Signature Actions

Prerequisites

Before getting started with the above steps, ensure that you have the following:



A Cisco 870, 1800, 2800, or 3800 Series Integrated Services Router



128 MB or more DRAM and at least 2 MB free flash memory



Console or Telnet connectivity to the router



Cisco IOS Software Release 12.4(11)T or later



A valid Cisco.com login username and password



A current Cisco Services for IPS Contract for licensed signature update services

You should be familiar with basic router commands for:

   

Exec mode Configure mode Exit configure mode Backup and restore configuration

White Paper

References

Cisco IOS Basic Skills:

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter091 86a0080118cd0.html

Cabling and Setup Quick Start Guide for Cisco 800 Series Access Routers:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/85x87x/857qsg/index.htm

1 Downloading Cisco IOS IPS Files

The first step is to download IOS IPS signature package files and public crypto key from Cisco.com. These files are required in later steps of configuration.

Step 1.1 Download the required signature files from Cisco.com to your PC.

 Ensure that you have a valid Cisco.com username and password.



Cisco.com location:



Files to download:

http://www.cisco.com/cgi-bin/tablebuild.pl/ios-v5sigup

IOS-Sxxx-CLI.pkg: Latest signature package; pick the signature package with largest number in xxx

realm-cisco.pub.key.txt: Public crypto key

Additional Commands and References

Cisco IOS IPS Website:

http://www.cisco.com/go/iosips

2 Creating Directory on Flash

The second step is to create a directory on your router’s flash where you can store the required signature files and signature configurations.

Step 2.1 To create a directory, enter the following command at the router prompt: mkdir <directory name>

training#mkdir ipsstore Create directory filename [ipsstore]? Created dir flash:ipsstore

White Paper

Additional Commands and References

To verify the contents of the flash, enter the following command at the router prompt:

show flash:

training#show flash: 24576K bytes of processor board System flash (Intel Strataflash) Directory of flash:/ 2 –rwx 17198508 --- -- ---- --:--:-- ----- c870-

advipservicesk9-mz.12.4-11.T1 3 drwx 0 Aug 11 2006 23:16:18 -08:00 ipsstore 23482368 bytes total (6279168 bytes free)

To rename the directory name, use the Rename Directory Command example or the combination of the Remove Directory Command and Create Directory Command at the router prompt.

Rename the directory (Rename Directory Command):

rename <current name> <new name>

training#rename ipsstore ips Destination filename [ips]?

First remove the directory (Remove Directory Command):

rmdir <current directory name>

Create the directory again (Create Directory Command):

mkdir <new directory name>

training#rmdir ips Remove directory filename [ips]? Delete flash:ips? [confirm] Removed dir flash:ips training#mkdir ipsstore Create directory filename [ipsstore]? Created dir flash:ipsstore

White Paper

3 Configuring Cisco IOS IPS Crypto Key

The third step is to configure the crypto key used by Cisco IOS IPS. This key is located in the realm-cisco.pub.key.txt file that was downloaded to the PC from Cisco.com.

Step 3.1 Open the text file and copy the contents of the file

Step 3.2 Enter ‘configure terminal’ to enter Router Configure Mode

Step 3.3 Paste the text file content at the ‘<hostname>(config)#’ prompt

Step 3.4 Enter the show run command at the router prompt to confirm that the crypto key is configured: show run (only the crypto key portion of the configuration is shown below)

crypto key pubkey-chain rsa named-key realm-cisco.pub signature key-string

30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101

00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16

17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E

5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35

FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85

50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36

006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE

2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3

F3020301 0001

Quit

Step 3.5 Compare the crypto key configuration with the text file to make sure that the key is correctly configured.

Step 3.6 Save the configuration: copy running-configure startup-configure

+ 8 hidden pages

Cisco IPS-4240-K9 - Intrusion Protection Sys 4240, IOS Getting Started Manual

Specifications and Main Features

Frequently Asked Questions

User Manual