Cisco Cisco IPS 4345 Sensor
32
Release Notes for Cisco Intrusion Prevention System 7.1(3)E4
OL-25881-01
Initializing the Sensor
The table below describes how the data will be used by Cisco.
Participation Level = "Partial":
* Type of Data: Protocol Attributes (e.g. TCP max segment size and
options string)
Purpose: Track potential threats and understand threat exposure
* Type of Data: Attack Type (e.g. Signature Fired and Risk Rating)
Purpose: Used to understand current attacks and attack severity
* Type of Data: Connecting IP Address and port
Purpose: Identifies attack source
* Type of Data: Summary IPS performance (CPU utilization memory usage,
inline vs. promiscuous, etc)
Purpose: Tracks product efficacy
Participation Level = "Full" additionally includes:
* Type of Data: Victim IP Address and port
Purpose: Detect threat behavioral patterns
Do you agree to participate in the SensorBase Network?[no]:
Basic Sensor Setup
To perform basic sensor setup using the setup command, follow these steps:
Step 1
Log in to the sensor using an account with administrator privileges.
Note
Both the default username and password are cisco.
Step 2
The first time you log in to the sensor you are prompted to change the default password. Passwords must
be at least eight characters long and be strong, that is, not be a dictionary word. After you change the
password, basic setup begins.
be at least eight characters long and be strong, that is, not be a dictionary word. After you change the
password, basic setup begins.
Step 3
Enter the
setup
command. The System Configuration Dialog is displayed.
Step 4
Specify the hostname. The hostname is a case-sensitive character string up to 64 characters. Numbers,
“_” and “-” are valid, but spaces are not acceptable. The default is sensor.
“_” and “-” are valid, but spaces are not acceptable. The default is sensor.
Step 5
Specify the IP interface. The IP interface is in the form of IP Address/Netmask,Gateway:
X.X.X.X/nn,Y.Y.Y.Y, where X.X.X.X specifies the sensor IP address as a 32-bit address written as 4 octets
separated by periods, nn specifies the number of bits in the netmask, and Y.Y.Y.Y specifies the default
gateway as a 32-bit address written as 4 octets separated by periods.
X.X.X.X/nn,Y.Y.Y.Y, where X.X.X.X specifies the sensor IP address as a 32-bit address written as 4 octets
separated by periods, nn specifies the number of bits in the netmask, and Y.Y.Y.Y specifies the default
gateway as a 32-bit address written as 4 octets separated by periods.
Step 6
Enter
yes
to modify the network access list:
a.
If you want to delete an entry, enter the number of the entry and press Enter, or press Enter to get
to the Permit line.
to the Permit line.
b.
Enter the IP address and netmask of the network you want to add to the access list.
Note
For example, 10.0.0.0/8 permits all IP addresses on the 10.0.0.0 network
(10.0.0.0-10.255.255.255) and 10.1.1.0/24 permits only the IP addresses on the 10.1.1.0
subnet (10.1.1.0-10.1.1.255). If you want to permit access to a single IP address than the
entire network, use a 32-bit netmask. For example, 10.1.1.1/32 permits just the 10.1.1.1
address.
(10.0.0.0-10.255.255.255) and 10.1.1.0/24 permits only the IP addresses on the 10.1.1.0
subnet (10.1.1.0-10.1.1.255). If you want to permit access to a single IP address than the
entire network, use a 32-bit netmask. For example, 10.1.1.1/32 permits just the 10.1.1.1
address.
c.
Repeat Step b until you have added all networks that you want to add to the access list, and then
press Enter at a blank permit line to go to the next step.
press Enter at a blank permit line to go to the next step.