Cisco Cisco IPS 4520 Sensor Libro bianco
46
Intrusion Prevention
August 2012 Series
46
The default username and password for the IPS module is
cisco/cisco. If this is the first time the sensor has been logged
into, there will be a prompt to change the password. Enter the
current password, and then input a new password. Change the
password to a value that complies with the security policy of the
organization.
cisco/cisco. If this is the first time the sensor has been logged
into, there will be a prompt to change the password. Enter the
current password, and then input a new password. Change the
password to a value that complies with the security policy of the
organization.
login: cisco
Password:
[password]
Tech Tip
Step 2:
Run the
setup
command for either the module or an IPS appliance.
sensor# setup
Enter host name[sensor]:
IPS-5545a
Enter IP interface[]:
10.4.24.27/27,10.4.24.1
Modify current access list?[no]:
yes
Current access list entries:
No entries
Permit:
10.4.48.0/24
Permit:
Use DNS server for Global Correlation?[no]:
yes
DNS server IP address[]:
10.4.48.10
Use HTTP proxy server for Global Correlation?[no]:
no
Modify system clock settings?[no]:
no
Participation in the SensorBase Network allows Cisco to
collect aggregated statistics about traffic sent to your IPS.
SensorBase Network Participation level?[off]:
partial
...
Do you agree to participate in the SensorBase Network?[no]:
yes
...
[0] Go to the command prompt without saving this config.
[1] Return to setup without saving this config.
[2] Save this configuration and exit setup.
[3] Continue to Advanced setup.
Enter your selection[3]:
2
...
Warning: The node must be rebooted for the changes to go into
effect.
Continue with reboot? [yes]:
yes
Step 3:
To return to the Cisco ASA command line, type
exit
.
Step 4:
Repeat Step 2 for the IPS module in the standby ASA appliance or
for the IPS appliance being deployed in IDS mode on a distribution switch.
A different host name and IP address must be used on each IPS
device so that monitoring systems do not get confused. In this
example, IPS-5545b and 10.4.24.28 were used on the standby
ASA 5500 Series IPS.
device so that monitoring systems do not get confused. In this
example, IPS-5545b and 10.4.24.28 were used on the standby
ASA 5500 Series IPS.
Tech Tip
Procedure 4
Complete the startup wizard
Once the basic setup in the System Configuration Dialog is complete,
you will use the startup wizard in the integrated management tool, Cisco
Adaptive Security Device Manager/IPS Device Manager (ASDM/IDM)
for Cisco ASAs, or Cisco IDM for IPS Sensor appliances, to complete the
remaining IPS configuration tasks:
you will use the startup wizard in the integrated management tool, Cisco
Adaptive Security Device Manager/IPS Device Manager (ASDM/IDM)
for Cisco ASAs, or Cisco IDM for IPS Sensor appliances, to complete the
remaining IPS configuration tasks:
• Configure time settings
• Configure DNS and NTP servers
• Define a basic IPS configuration
• Configure Inspection Service Rule Policy
• Assign interfaces to virtual sensors
• Configure DNS and NTP servers
• Define a basic IPS configuration
• Configure Inspection Service Rule Policy
• Assign interfaces to virtual sensors
This procedure offers two options. Which you use depends on whether you
will be configuring IPS modules in Cisco ASA appliances, or whether you will
be configuring IPS appliances.
will be configuring IPS modules in Cisco ASA appliances, or whether you will
be configuring IPS appliances.