SlideShare a Scribd company logo

IPS CONFIGURATion of devices. Information security

Download as PPT, PDF
U
uselessacclmaoo

IPS config of devices

Education
1 of 26
IPS CONFIGURATION
IPS Network Sensing • Network sensing - accomplished using Cisco IPS sensors and Cisco IOS IPS devices. • Cisco IPS sensors and Cisco IOS IPS devices - IPS devices or sensors.
Capturing Network Traffic • sensor can operate in either promiscuous or inline mode.
IPS DEPLOYMENT
Capturing Network Traffic • When responding to attacks, the sensor can do the following: – Insert TCP resets via the sensing interface. – Make ACL changes on switches, routers, and firewalls that the sensor manages. – Generate IP session logs, session replay, and trigger packets display.
Capturing Network Traffic • IP session logs are used to gather information about unauthorized use. • Implement multiple packet drop actions to stop worms and viruses.
Correctly Deploying the Sensor • Before deploy and configure the sensors, check: – The size and complexity of your network. – Connections between your network and other networks, including the Internet. – The amount and type of traffic on your network. • Always position the IPS sensor behind a perimeter- filtering device. • Correct placement significantly reduces the number of alerts, which increases the amount of actionable data you can use to investigate security violations.
Tuning the IPS • Ensures that the alerts you see, reflect true actionable information. • Tips: – Place your sensor on your network behind a perimeter-filtering device. – Deploy the sensor with the default signatures in place. – Make sure that the event action override is set to drop packets with a risk rating greater than 90.
Tuning the IPS – Filter out known false positives caused by specialized software, such as vulnerability scanner and load balancers – Filter the Informational alerts. – Analyse the remaining actionable alerts: • Research the alert. • Fix the attack source. • Fix the destination host. • Modify the IPS policy to provide more information
IPS Configuration Procedure Step 1: Install and connect the device to your network. Install the device software and perform basic device configuration. Install the licenses required for all of the services running on the device. Step 2: Add the device to the Security Manager device inventory. Step 3: Configure the interfaces as described in Configuring Interfaces. Step 4: Use the Virtual Sensors policy to assign interfaces to the virtual sensors. Step 5: Configure basic device access platform policies. Step 6: Configure basic server access platform policies. Step 7: Configure the Logging policy if you want non-default logging.
Procedure Step8 : Configure IPS signatures and event actions. Step 9: Configure blocking or rate limiting hosts. Step 10: Configure other desired advanced IPS services. Step 11: Maintain the device Step 12: Monitor the device
Identifying Allowed Hosts Step 1: Do one of the following to open the Allowed Hosts policy: - (Device view) Select Platform > Device Admin > Device Access > Allowed Hosts from the Policy selector. - (Policy view) Select IPS > Platform > Device Admin > Allowed Hosts, then select an existing policy or create a new one.
Identifying Allowed Hosts Step 2: Do one of the following: - To add an entry, click the Add Row button and fill in the Access List dialog box. - You can add up to 512 entries. - To edit an entry, select it and click the Edit Row button. - To delete an entry, select it and click the Delete Row button.
Identifying Allowed Hosts Step 3: When adding or editing an entry, specify the host or network address in the Add or Modify Access List dialog box, then click OK. You can enter addresses using the following formats: - Host address—A simple IP address, such as 10.100.10.10. - Network address—A network address and mask, such as 10.100.10.0/24 or 10.100.10.0/255.255.255.0.
Identifying Allowed Hosts - A network/host policy object—Click Select to select an existing object or to create a new one. To use the object in this policy, it must have a single value, either a single network or a single host.
Configuring SNMP Step 1: Do one of the following to open the SNMP policy: - (Device view) Select Platform > Device Admin > Device Access > SNMP from the Policy selector. - (Policy view) Select IPS > Platform > Device Admin > Device Access > SNMP, then select an existing policy or create a new one.
Configuring SNMP Step 2: On the General Configuration tab, configure at least the following options. – Enable SNMP Gets/Sets – Read-Only Community String – Read-Write Community String Step 3: If you want to configure SNMP traps, click the SNMP Trap Configuration tab and configure at least the following options. - Enable Notifications - Trap Destinations
Configuring SNMP Step 4: If you configure trap destinations, you must also ensure that the desired alerts include the Request SNMP Trap action. You have the following options for adding this action: - Easy way - Precise way Step 5: Add the SNMP management stations to the Allowed Hosts policy. The management stations must be allowed hosts to access the sensor.
IPS user accounts, and Security Manager discovery and deployment considerations
• Understanding IPS User Roles • Understanding Managed and Unmanaged IPS Passwords • Understanding How IPS Passwords are Discovered and Deployed • Configuring IPS User Accounts • Configuring User Password Requirements • Configuring AAA Access Control for IPS Devices
Understanding IPS User Roles • Four User Roles: – Viewer – Operator – Administrator – Service
Understanding Managed and Unmanaged IPS Passwords • The status of a password is indicated in the Is Password Managed? column of the Platform > Device Admin > Device Access > User Accounts policy: - No - the password for this account is not configured in Security Manager. - Yes - the password for this account was configured or updated in Security Manager.
Understanding How IPS Passwords are Discovered and Deployed • Discovery – Active – Expired – Locked • Deployment
Configuring IPS User Accounts • The user accounts policy should have at least these accounts: – Cisco – An administrator account – Cisco IOS IPS devices use the same user accounts that are defined for the router
Configuring User Password Requirements • To configure IPS password requirements, select one of the following policies: – Device view Select Platform > Device Admin > Device Access > Password Requirements from the Policy selector. – Policy view Select IPS > Platform > Device Admin > Password Requirements from the Policy Type selector, then select an existing policy or create a new one.
Configuring AAA Access Control for IPS Devices • When you configure the AAA server object, you must adhere to the following restrictions: – Host – Timeout – Protocol – Key – Port

Recommended

6421 b Module-09
6421 b Module-096421 b Module-09
6421 b Module-09Bibekananada Jena
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)ManageEngine, Zoho Corporation
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxCisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxzachdwg
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightManageEngine, Zoho Corporation
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 

Recommended

6421 b Module-09
6421 b Module-096421 b Module-09
6421 b Module-09Bibekananada Jena
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)ManageEngine, Zoho Corporation
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxCisco Next-Generation IPS and how to install Firepower version 6.X.pptx
Cisco Next-Generation IPS and how to install Firepower version 6.X.pptxzachdwg
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightManageEngine, Zoho Corporation
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
ManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine, Zoho Corporation
 
ManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine, Zoho Corporation
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Lect_11.pptx
Lect_11.pptxLect_11.pptx
Lect_11.pptxARUNC20BCE0294
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
PCI DSS Scoping and Applicability
PCI DSS Scoping and ApplicabilityPCI DSS Scoping and Applicability
PCI DSS Scoping and ApplicabilityManish Mahapatra
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
Chapter08
Chapter08Chapter08
Chapter08Muhammad Ahad
 
SyAM Software Solutions Overview
SyAM Software Solutions OverviewSyAM Software Solutions Overview
SyAM Software Solutions OverviewSyAM Software
 
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOCISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOHappy Sad
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
Aci dp
Aci dpAci dp
Aci dpZchabar Jhie
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes ControlCase
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxColloqueRISQ
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerManageEngine
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 

More Related Content

Similar to IPS CONFIGURATion of devices. Information security

Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
PCI DSS Scoping and Applicability
PCI DSS Scoping and ApplicabilityPCI DSS Scoping and Applicability
PCI DSS Scoping and ApplicabilityManish Mahapatra
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
SyAM Software Solutions Overview
SyAM Software Solutions OverviewSyAM Software Solutions Overview
SyAM Software Solutions OverviewSyAM Software
 
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOCISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOHappy Sad
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes ControlCase
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxColloqueRISQ
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerManageEngine
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 

Similar to IPS CONFIGURATion of devices. Information security (20)

ManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical Overview
 
ManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer training
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Lect_11.pptx
Lect_11.pptxLect_11.pptx
Lect_11.pptx
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
PCI DSS Scoping and Applicability
PCI DSS Scoping and ApplicabilityPCI DSS Scoping and Applicability
PCI DSS Scoping and Applicability
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
 
Chapter08
Chapter08Chapter08
Chapter08
 
SyAM Software Solutions Overview
SyAM Software Solutions OverviewSyAM Software Solutions Overview
SyAM Software Solutions Overview
 
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOCISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
 
System Client Details
System Client DetailsSystem Client Details
System Client Details
 
Aci dp
Aci dpAci dp
Aci dp
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latéraux
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManager
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
 

Recently uploaded

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 

Recently uploaded (20)

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 

IPS CONFIGURATion of devices. Information security

  • 2. IPS Network Sensing • Network sensing - accomplished using Cisco IPS sensors and Cisco IOS IPS devices. • Cisco IPS sensors and Cisco IOS IPS devices - IPS devices or sensors.
  • 3. Capturing Network Traffic • sensor can operate in either promiscuous or inline mode.
  • 5. Capturing Network Traffic • When responding to attacks, the sensor can do the following: – Insert TCP resets via the sensing interface. – Make ACL changes on switches, routers, and firewalls that the sensor manages. – Generate IP session logs, session replay, and trigger packets display.
  • 6. Capturing Network Traffic • IP session logs are used to gather information about unauthorized use. • Implement multiple packet drop actions to stop worms and viruses.
  • 7. Correctly Deploying the Sensor • Before deploy and configure the sensors, check: – The size and complexity of your network. – Connections between your network and other networks, including the Internet. – The amount and type of traffic on your network. • Always position the IPS sensor behind a perimeter- filtering device. • Correct placement significantly reduces the number of alerts, which increases the amount of actionable data you can use to investigate security violations.
  • 8. Tuning the IPS • Ensures that the alerts you see, reflect true actionable information. • Tips: – Place your sensor on your network behind a perimeter-filtering device. – Deploy the sensor with the default signatures in place. – Make sure that the event action override is set to drop packets with a risk rating greater than 90.
  • 9. Tuning the IPS – Filter out known false positives caused by specialized software, such as vulnerability scanner and load balancers – Filter the Informational alerts. – Analyse the remaining actionable alerts: • Research the alert. • Fix the attack source. • Fix the destination host. • Modify the IPS policy to provide more information
  • 10. IPS Configuration Procedure Step 1: Install and connect the device to your network. Install the device software and perform basic device configuration. Install the licenses required for all of the services running on the device. Step 2: Add the device to the Security Manager device inventory. Step 3: Configure the interfaces as described in Configuring Interfaces. Step 4: Use the Virtual Sensors policy to assign interfaces to the virtual sensors. Step 5: Configure basic device access platform policies. Step 6: Configure basic server access platform policies. Step 7: Configure the Logging policy if you want non-default logging.
  • 11. Procedure Step8 : Configure IPS signatures and event actions. Step 9: Configure blocking or rate limiting hosts. Step 10: Configure other desired advanced IPS services. Step 11: Maintain the device Step 12: Monitor the device
  • 12. Identifying Allowed Hosts Step 1: Do one of the following to open the Allowed Hosts policy: - (Device view) Select Platform > Device Admin > Device Access > Allowed Hosts from the Policy selector. - (Policy view) Select IPS > Platform > Device Admin > Allowed Hosts, then select an existing policy or create a new one.
  • 13. Identifying Allowed Hosts Step 2: Do one of the following: - To add an entry, click the Add Row button and fill in the Access List dialog box. - You can add up to 512 entries. - To edit an entry, select it and click the Edit Row button. - To delete an entry, select it and click the Delete Row button.
  • 14. Identifying Allowed Hosts Step 3: When adding or editing an entry, specify the host or network address in the Add or Modify Access List dialog box, then click OK. You can enter addresses using the following formats: - Host address—A simple IP address, such as 10.100.10.10. - Network address—A network address and mask, such as 10.100.10.0/24 or 10.100.10.0/255.255.255.0.
  • 15. Identifying Allowed Hosts - A network/host policy object—Click Select to select an existing object or to create a new one. To use the object in this policy, it must have a single value, either a single network or a single host.
  • 16. Configuring SNMP Step 1: Do one of the following to open the SNMP policy: - (Device view) Select Platform > Device Admin > Device Access > SNMP from the Policy selector. - (Policy view) Select IPS > Platform > Device Admin > Device Access > SNMP, then select an existing policy or create a new one.
  • 17. Configuring SNMP Step 2: On the General Configuration tab, configure at least the following options. – Enable SNMP Gets/Sets – Read-Only Community String – Read-Write Community String Step 3: If you want to configure SNMP traps, click the SNMP Trap Configuration tab and configure at least the following options. - Enable Notifications - Trap Destinations
  • 18. Configuring SNMP Step 4: If you configure trap destinations, you must also ensure that the desired alerts include the Request SNMP Trap action. You have the following options for adding this action: - Easy way - Precise way Step 5: Add the SNMP management stations to the Allowed Hosts policy. The management stations must be allowed hosts to access the sensor.
  • 19. IPS user accounts, and Security Manager discovery and deployment considerations
  • 20. • Understanding IPS User Roles • Understanding Managed and Unmanaged IPS Passwords • Understanding How IPS Passwords are Discovered and Deployed • Configuring IPS User Accounts • Configuring User Password Requirements • Configuring AAA Access Control for IPS Devices
  • 21. Understanding IPS User Roles • Four User Roles: – Viewer – Operator – Administrator – Service
  • 22. Understanding Managed and Unmanaged IPS Passwords • The status of a password is indicated in the Is Password Managed? column of the Platform > Device Admin > Device Access > User Accounts policy: - No - the password for this account is not configured in Security Manager. - Yes - the password for this account was configured or updated in Security Manager.
  • 23. Understanding How IPS Passwords are Discovered and Deployed • Discovery – Active – Expired – Locked • Deployment
  • 24. Configuring IPS User Accounts • The user accounts policy should have at least these accounts: – Cisco – An administrator account – Cisco IOS IPS devices use the same user accounts that are defined for the router
  • 25. Configuring User Password Requirements • To configure IPS password requirements, select one of the following policies: – Device view Select Platform > Device Admin > Device Access > Password Requirements from the Policy selector. – Policy view Select IPS > Platform > Device Admin > Password Requirements from the Policy Type selector, then select an existing policy or create a new one.
  • 26. Configuring AAA Access Control for IPS Devices • When you configure the AAA server object, you must adhere to the following restrictions: – Host – Timeout – Protocol – Key – Port