[share_ebook] Cisco Secure Intrusion Detection

Description

Table of Contents COURSE INTRODUCTION 1-1 Overview 1-1 Course Objectives 1-2 Lab Topology Overview 1-8 SECURITY FUNDAMENTALS 2-1 Overview 2-1 Objectives 2-2 Need for Network Security 2-3 Network Security Policy 2-10 The Security Wheel 2-13 Network Attack Taxonomy 2-18 Management Protocols and Functions 2-47 Summary 2-54 INTRUSION DETECTION OVERVIEW 3-1 Overview 3-1 Objectives 3-2 Intrusion Detection Terminology 3-3 Intrusion Detection Technologies 3-14 Host-Based Intrusion Protection 3-18 Network-Based Intrusion Detection Systems 3-20 Intrusion Detection Evasive Techniques 3-23 Summary 3-28 CISCO INTRUSION PROTECTION OVERVIEW 4-1 Overview 4-1 Objectives 4-2 Intrusion Protection 4-3 Network Sensor Platforms 4-7 HIPS Platforms 4-13 Security Management 4-19 Cisco Threat Response 4-25 Cisco IDS Communication Overview 4-32 Deploying Cisco IDS 4-36 Summary 4-41 CAPTURING NETWORK TRAFFIC FOR INTRUSION DETECTION SYSTEMS 5-1 Overview 5-1 Objectives 5-2 Traffic Capture Overview 5-3 Configuring SPAN for Catalyst 2900XL, 3500XL, 2950, and 3550 Traffic Capture 5-14 Configuring SPAN for Catalyst 4000, 4500, and 6500 Traffic Capture 5-18 Configuring RSPAN for Catalyst 4000 and 6500 Traffic Capture 5-22 Configuring VACLs for Catalyst 6500 Traffic Capture 5-32 Using the mls ip ids Command for Catalyst 6500 Traffic Capture 5-45 Advanced Catalyst 6500 Traffic Capturing 5-51 Summary 5-59 CISCO INTRUSION DETECTION SYSTEM ARCHITECTURE 6-1 Overview 6-1 Objectives 6-2 Cisco IDS Software Architecture 6-3 User Accounts and Roles 6-11 Summary 6-14 SENSOR APPLIANCE INSTALLATION 7-1 Overview 7-1 Objectives 7-2 Sensor Appliances 7-3 Sensor Installation 7-14 Sensor Initialization 7-23 Summary 7-29 Lab Exercise—Sensor Appliance Initialization Lab 7-1 INTRUSION DETECTION SYSTEM MODULE CONFIGURATION 8-1 Overview 8-1 Objectives 8-2 Introduction 8-3 Ports and Traffic 8-9 Initialization 8-12 Verifying IDSM2 Status 8-15 Summary 8-17 CISCO IDS COMMAND LINE 9-1 Overview 9-1 Objectives 9-2 Command Line Modes 9-3 Initial Configuration Tasks 9-22 Preventive Maintenance and Troubleshooting 9-34 CISCO INTRUSION DETECTION SYSTEM DEVICE MANAGER AND EVENT VIEWER 10-1 Overview 10-1 Objectives 10-3 IDS Device Manager Overview 10-4 IDS Event Viewer Overview 10-9 IDS Event Viewer Installation 10-11 IDS Event Viewer Views 10-15 Network Security Database 10-27 IDS Event Viewer Filters 10-32 IDS Event Viewer Database Administration 10-41 IDS Event Viewer Configuration 10-44 Summary 10-48 Lab Exercise—Cisco IDS Event Viewer Lab 10-1 ENTERPRISE INTRUSION DETECTION SYSTEM MANAGEMENT 11-1 Overview 11-1 Objectives 11-2 Introduction 11-3 Windows Installation 11-5 Solaris Installation 11-13 Architecture 11-19 Getting Started 11-23 IDS MC Workflow 11-29 Summary 11-35 Lab Exercise—Enterprise Intrusion Detection System Management Lab 11-1 SENSOR CONFIGURATION 12-1 Overview 12-1 Objectives 12-2 Sensors and Sensor Groups 12-3 Communications 12-14 Logging 12-17 Summary 12-22 Lab Exercise—Sensor Configuration Lab 12-1 CISCO INTRUSION DETECTION SYSTEM ALARMS AND SIGNATURES 13-1 Overview 13-1 Objectives 13-3 Cisco IDS Signatures 13-4 Cisco IDS Alarms 13-11 Cisco IDS Signature Engines 13-13 Atomic Signature Engines 13-29 Flood Signature Engines 13-37 Service Signature Engines 13-41 State Signature Engines 13-56 String Signature Engines 13-61 Sweep Signature Engines 13-63 Miscellaneous Signature Engines 13-72 Signature Engine Selection 13-76 Summary 13-83 SENSING CONFIGURATION 14-1 Overview 14-1 Objectives 14-2 Global Sensing Configuration 14-3 Signature Configuration 14-6 Signature Filtering 14-18 Signature Tuning 14-26 Custom Signatures 14-30 Summary 14-39 Lab Exercise—Sensing Configuration Lab 14-1 BLOCKING CONFIGURATION 15-1 Overview 15-1 Objectives 15-2 Introduction 15-3 ACL Considerations 15-13 Blocking Sensor Configuration 15-17 Master Blocking Sensor Configuration 15-29 Summary 15-34 Lab Exercise—Blocking Configuration Lab 15-1 ENTERPRISE INTRUSION DETECTION SYSTEM MONITORING AND REPORTING 16-1 Overview 16-1 Objectives 16-3 Introduction 16-4 Installation 16-6 Getting Started 16-14 Security Monitor Configuration 16-20 Security Monitor Event Viewer 16-42 Administration and Reporting 16-56 Summary 16-71 Lab Exercise—Enterprise IDS Monitoring and Reporting Lab 16-1 CISCO INTRUSION DETECTION SYSTEM MAINTENANCE 17-1 Overview 17-1 Objectives 17-2 Software Updates 17-3 Sensor Maintenance 17-6 Summary 17-18 Lab Exercise—Cisco IDS System Maintenance Lab 17-1