Communications Infrastructure Values
-
Communications Infrastructure Values
|
Field |
Input |
|
Sensor Host ID |
1–65535 |
|
Sensor Organization ID |
1–65535 |
|
Sensor Host Name |
256 alphanumeric characters; no spaces; "-" and "_" are
okay |
|
Sensor Organization Name |
256 alphanumeric characters; no spaces; "-" and "_" are
okay |
|
Sensor IP Address |
Valid IP address |
|
IDS Manager Host ID |
1–65535 |
|
IDS Manager Organization ID |
1–65535 |
|
IDS Manager Host Name |
256 alphanumeric characters; no spaces; "-" and "_" are
okay |
|
IDS Manager Organization Name |
256 alphanumeric characters; no spaces; "-" and "_" are
okay |
|
IDS Manager IP Address |
Valid IP address |
The sensor host ID and the IDS manager host ID must be unique, as
well as all subsequent sensors and devices added to the IDS infrastructure. This
number can be any number between 1 and 65535. The organization ID should be the
same for all devices in the infrastructure. This organization ID is used to
group sensors and management devices together and can be between 1 and 65535.
The organization name should also be the same for all devices. This is typically
the location where you work, or where it is installed. Once all settings have
been made, the sensor will prompt you to create the configuration file.
Cisco says you should use only lowercase letters to define
organization names. The host and organization name are case-sensitive with
regards to how postoffice processes audit events on the local host. Host and
organization names are not passed between different postoffice clients, only the
host and organization IDs. The /usr/nr/etc/hosts file is where this information
is listed for the Cisco IDS infrastructure. The syntax is as follows: [host ID]. [organization ID] [host name].[organization name]
8.100 localhost
8.100 sensor1.security
4.100 ids-mgr.security
The preceding sample is what the hosts file entries look like
on the sensor. Notice there are two entries for the sensor itself: localhost and
sensor1.security.
-
You now need to write the configuration. Verify all of the
settings on the screen (shown in Figure 3.12) and type y to accept
the settings. If any of the settings are incorrect, type n to
discard the settings and repeat the configuration steps. A message is displayed
once all the configuration files have been written to successfully. Once the
configuration files have been written, you should get the message, shown in Figure
3.13, telling you that all configuration files were written
successfully.
Figure 3.12: sysconfig-sensor Settings
Figure 3.13: The sysconfig-sensor Success Message
-
You now need to set the date, time, and time zone for your
organization. Use the Date/Time and Time Zone section, shown in Figure
3.14, to synchronize the sensor with the rest of the network. You have the
option of entering a specific date, time, and time zone, or, entering a host to
synchronize with, such as a time server on the network.
Figure 3.14: Date/Time
and Time Zone
-
You can now change/set your passwords as needed. Use the
Passwords option, shown in Figure 3.15, to change the root or netrangr
passwords. Once the password has been changed the old password is not saved on
the system anywhere. It is important to remember the new passwords.
Figure 3.15: The Passwords
-
You now need to configure your Secure Communications. The
secure communications menu shown in Figure 3.16 is used to
define configuration settings for encrypted communications between the sensor
and the IDS Management device. Before we get into configuring the secure
communication, it is important to remember IPSec is used mainly for connection
to CSPM or the Director, and not the IDS Event Viewer, which is used with the
IDS Manager.
Figure 3.16: Secure
Communications
|
Note |
IPSec is supported on sensors running version 2.5 or later,
Unix Directors running version 2.2.2 or later, and version 2.3.i or later for
CSPM. SSH is supported on sensors running version
3.0. |
Using SSH provides a command and control (C & C) interface
that allows you to administer the Sensor remotely without exposing plain-text
usernames and passwords to the network connecting you to the Sensor.
To configure secure communications, you have two options:
Option 1: IPSec Communications
To use IPSec communications, follow these
steps:
-
Select suboption 1 in Secure
Communication, IPSec Communications. You will see the IPSec Communications
window.
-
Select option 1, Session Keys. Here you
have the option of accepting the default keys or creating custom keys. For
default keys, proceed with step 3. For custom keys, skip to step 5.
-
Select option 1 to access the Set Up Default Keys screen.
-
Enter the inbound and outbound Security Port Index (SPI)
values. (Refer to Table 3.2 for SPI values.) Once this is done, proceed
to step 7.
-
Select option 2 to access the Set Up Custom Keys screen.
-
Enter the key values. (Refer to Table 3.2 for key value
options.)
-
Exit back to the IPSec Communications screen.
208 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
