CSIDS 4.0—11-5IDS MC Features Features of the IDS MC Sensor are as follows: • Web-based management platform • Enterprise management of IDS devices – IDS appliance running version 3.01 S4
Trang 1© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-1
Chapter 11
Enterprise IDS Management
Trang 2© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-2
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
• Define features and key concepts of the IDS MC.
• Describe the IDS MC Architecture.
• Install the IDS MC.
• Understand the IDS MC deployment.
Trang 3© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-3
Introduction
Trang 4© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-4
What is the IDS MC?
The IDS MC is a web-based application that
centralizes and accelerates the deployment and management of multiple IDS Sensors or IDSMs.
IDS MC PC
Sensor Sensor Sensor
Trang 5© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-5
IDS MC Features
Features of the IDS MC Sensor are as follows:
• Web-based management platform
• Enterprise management of IDS devices
– IDS appliance running version 3.0(1) S4 or higher
– IDSM running version 3.0(5) S23 or later
– Up to 300 Sensors
• Provides the ability to create Sensor groups
• Provides a mechanism to require approval of
configurations
• Provides the ability to import Sensor configurations
• Pushes signature and service pack updates to the IDS
devices
Trang 6© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-6
Windows Installation
Trang 7© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-7
Server Requirements—Windows
• Hardware
– IBM PC-compatible computer, 1 GHz Pentium CPU or faster
– Color monitor with video card capable of viewing 16-bit of color
– CD-ROM drive
– 100 Mbps network connection or faster
• Memory
– 1 GB of RAM minimum
– 2 GB of virtual memory minimum
• Hard drive space
– 12 GB of free space minimum
– NTFS
• Software
– Windows 2000 Server or Professional with Service Pack 3
– Microsoft ODBC Driver Manager 3.510 or later
Trang 8© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-8
Client Access Requirements—Windows
• Hardware—IBM PC-compatible computer, 300 MHz or faster
– Windows 2000 Professional with Service Pack 2 or 3
– Windows 2000 Server with Service Pack 2 or 3
– Windows 2000 Advanced Server
Trang 9© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-9
Installation Overview
• CiscoWorks Common Services are required for
the IDS MC.
CiscoWorks Server-based components software libraries, and software packages developed for the IDS MC.
Trang 10© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-10
Installation Process
Trang 11© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-11
Installation Process (cont.)
Trang 12© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-12
Installation Process (cont.)
Trang 13© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-13
Upgrade Process
Trang 14© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-14
Solaris Installation
Trang 15© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-15
Server Requirements—Solaris
• Hardware
– UltraSPARC II, IIi, or IIe chipsets – UltraSPARC III or IIIc chipsets
• System Software—Solaris 2.7 or Solaris 2.8
Trang 16© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-16
Client Access Requirements—Solaris
• Hardware—Solaris SPARCstation or Sun Ultra
10 with a 333 MHz processor with one of the
following operating systems:
– Solaris 2.7
– Solaris 2.8
Trang 17© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-17
Installation Overview
• CiscoWorks Common Services are required for
the IDS MC.
CiscoWorks Server-based components software libraries, and software packages developed for the IDS MC.
Trang 18© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-18
===============- Software Install Tool Started -=====================
===- Welcome to the IDS Management Center and Security Monitor 1.0 Setup program.
======================================================================
INFO: This server architecture is 32-bit compatible.
INFO: /tmp directory has 777 permissions.
INFO: /etc/hosts is readable by all.
INFO: OS major is 5 and OS minor is 8
INFO: OS major or minor patch version not set.
INFO: Checking group entry casusers
INFO: Group created for installable packages is casusers.
INFO: Checking user entry casuser
INFO: casuser for installable packages exists.
INFO: No user added to the system.
INFO: Warning - No PRMOPT_INSTALL_TYPE section in TOC-file.
INFO: Warning - No installation default mode set.
Trang 19© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-19
Installation Process (cont.)
1) IDS Management Center
2) Security Monitor
3) All of the Above (IDS Management Center + Security Monitor)
Select one of the items using its number or enter q to quit [q] 1
INFO: You entered 1 as the option
Loading properties from info files, working
Making a list of dependencies, working
Making a list of dependencies for CSCOids, working
Making a list of dependencies for CSCOnsdb, working
Making a list of dependencies for CSCOossh, working
Making a list of dependencies, working
INFO: performing prerequisite: /cdrom/idsmc1.02002-11-14/info/idscom/prerequisite
INFO: performing prerequisite: CSCOids: /cdrom/idsmc1.02002-11-14/packages/CSCOids/
Enter IDS MC/Security Monitor Database Password:
Confirm Password :
INFO: Password Encryption is Successful.
Enter IDS MC/Security Monitor Database Location : [/opt/CSCOpx/MDC/Sybase/Db/IDS]
Entered value is /opt/CSCOpx/MDC/Sybase/Db/IDS
Creating file /tmp/cscotmp/idsinstall.properties
.
.
.
Trang 20© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-20
Installation Process (cont.)
Trang 21© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-21
Architecture
Trang 22© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-22
IDS MC Architecture Overview
Trang 23© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-23
IDS MC Directories
IDS MC home directory
\updates
Trang 24© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-24
Trang 25© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-25
Getting Started
Trang 26© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-26
CiscoWorks Login
Trang 27© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-27
CiscoWorks User
Authorization Roles
CiscoWorks user authorization roles allow for
different privileges within IDS MC:
• Help Desk—Read-only for the entire system.
• Approver—Read-only for the rest of the system, and
Approve configurations.
• Network Operator—Read-only for the rest of the system,
and deploy configurations.
• Network Administrator—Read-only for the rest of the
system, edit devices and device groups.
• System Administrator—All operations may be performed
by the system administrator.
• Users can be assigned multiple authorization roles.
Trang 28© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-28
CiscoWorks Add User
Choose Server Configuration>Setup>Security>Add Users.
Trang 29© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-29
IDS MC Launch
Choose VPN/Security Management>Management Center>IDS Sensors.
Trang 30© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-30
Understanding the IDS MC Interface
Instructions Page
Path bar
Object bar Object Selector handle
TOC Option bar Tabs
Trang 31© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-31
IDS Workflow
Trang 32© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-32
Workflow
The workflow consists of the following three-step process:
Step 1 Generate—Allows you to generate configuration
files for Sensors.
Step 2 Approve—(Optional.) Allows you to manage
configuration files proposed for deployment
deployment jobs and manage deployment jobs.
Trang 33© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-33
Workflow—Generate
Choose Deployment>Generate.
Trang 34© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-34
Workflow—Deploy
Choose Deployment>Deploy>Submit.
Trang 35© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-35
Workflow—Deploy (Schedule)
Trang 36© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-36
Workflow—Deploy (Pending)
Choose Deployment>Deploy>Pending.
Trang 37© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-37
Workflow—Deploy (Pending) (cont.)
Choose Deployment>Deploy>Pending.
Trang 38© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-38
Summary
Trang 39© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-39
Summary
• The IDS MC provides a web-based interface for
configuring and managing multiple IDS Sensors.
• The IDS MC allows for a three-step process of deploying
new configurations to Sensors.
– Generate the configuration.
– Approve the configuration (Optional.)
– Deploy the configuration.
• The IDS MC can be installed on Windows-based and
Solaris-based servers.
Trang 40© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-40
Lab Exercise
Trang 41© 2003, Cisco Systems, Inc All rights reserved CSIDS 4.0—11-41
.4
sensorP
.4 sensorQ
.100
172.30.Q.0 172.30.P.0
Lab Visual Objective
RBB