Cisco Cisco IPS 4255 Sensor
26
Release Notes for Cisco Intrusion Prevention System 7.0(8)E4
OL-26888-01
Cisco Security Intelligence Operations
Recovery Partition Version 1.1 - 7.0(8)E4
Host Certificate Valid from: 17-Jan-2012 to 17-Jan-2014
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 7.0(8)E4 software and the products that
run it:
run it:
•
In IPS 7.0(8)E4 the default value of the Cisco server IP address has been changed from
198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. If you have automatic
update configured on your sensor, you may need to update firewall rules to allow the sensor to
connect to this new IP address.
198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. If you have automatic
update configured on your sensor, you may need to update firewall rules to allow the sensor to
connect to this new IP address.
•
If you get an unauthorized error message while configuring an automatic update, make sure you
have the correct ports open on any firewalls between the sensor and Cisco.com. For example, you
need port 443 for the initial automatic update connection to www.cisco.com, and you need port 80
to download the chosen package from a Cisco file server. The IP address may change for the Cisco
file server, but you can find it in the lastDownloadAttempt section in the output of the show statistics
host command.
have the correct ports open on any firewalls between the sensor and Cisco.com. For example, you
need port 443 for the initial automatic update connection to www.cisco.com, and you need port 80
to download the chosen package from a Cisco file server. The IP address may change for the Cisco
file server, but you can find it in the lastDownloadAttempt section in the output of the show statistics
host command.
•
For IPS 5.0 and later, you can no longer remove the cisco account. You can disable it using the no
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
•
Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the anomaly
detection processor.
detection processor.