cisco security professional''''''''s guide to secure intrusion detection systems phần 1 pot

cisco security professional''''s guide to secure intrusion detection systems phần 1 pot

... 14 The Cisco Security Wheel 15 Corporate Security Policy 16 Secure 17 Access Control 17 Encryption 18 Authentication 18 Vulnerability Patching 18 Monitor and Respond 19 Test 19 Manage and Improve 20Threats ... 209Configuring Automatic IP Logging 211 Configuring IP Logging 212 Generating IP Logs 214 Upgrading the Sensor 216 Upgrading from 3 .1 to 4.x 216 267_cssp_ids_TOC.qxd 9/30/03 7 :17 PM Page xv267_cssp_ids_fm.qxd ... IDSChapter 1 1 Summary Solutions Fast Track Frequently Asked Questions267_cssp_ids_ 01. qxd 9/25/03 4:39 PM Page 1 Introduction to Intrusion Detection Systems • Chapter 1 19Monitor and RespondOnce...

cisco security professional''''s guide to secure intrusion detection systems phần 3 pot

... 9/25/03 4:43 PM Page 14 3 15 6 Chapter 4 • Cisco IDS ManagementTable 4 .1 sysconfig-director ParametersField InputDirector Host ID 1- 65535Director Organization ID 1- 65535Director Host Name 256 ... 9/25/03 4:43 PM Page 11 9 Cisco IDS Management • Chapter 4 14 7PostOffice Settings (Watchdog) To configure the additional PostOffice settings (Watchdog) follow these steps: 1. Select the Advanced ... Sensor■Connect to a previously configured Sensor.■Forward alarms to a secondary Director.www.syngress.com267_cssp_IDS_04.qxd 9/25/03 4:44 PM Page 15 7 13 4 Chapter 4 • Cisco IDS Management5. To configure...

cisco security professional''''s guide to secure intrusion detection systems phần 4 pot

... eth1, txNetwork Statisticseth1 Link encap:Ethernet HWaddr 00:E0:29:75:46:75inet addr :19 2 .16 8.50. 51 Bcast :19 2 .16 8.50.255Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU :15 00 Metric :1 RX ... 9/30/03 4 :14 PM Page 19 3 19 0 Chapter 5 • Configuring the Appliance SensorFigure 5.3 Telnet Server Access to IDS Sensor Serial ConsolePassword: ***********Ciscoids -1 Ciscoids -1: login: Cisco IDS ... IP address to log in the IP address field.www.syngress.comFigure 5 .19 Configuring Automatic IP Logging Using the Cisco IDM267_cssp_ids_05.qxd 9/30/03 4 :14 PM Page 212 18 0 Chapter 4 • Cisco IDS...

cisco security professional''''s guide to secure intrusion detection systems phần 6 pot

... similar to this:Router1!interface Ethernet1ip address 17 2 .16 .2 .1 255.255.255.0ip access-group 11 0 out!access-list 11 0 permit tcp 17 2 .16 .1. 30 any eq telnetaccess-list 11 0 deny tcp any 17 2 .16 .2 .10 access-list ... ABC 17 2 .16 .1. 0/24Router1 19 2 .16 8.0.0/29Serial1 .1 Serial0 .1 Router2Serial0.2Serial1 .1 Client1Client2Client3 .10 .20.30Client1Client2Client3 .10 .20.30267_cssp_ids_08.qxd 9/30/03 2: 31 ... IcmpMinCode = 10 – IcmpMinSeq = 11 – IcmpSeq = 12 – IpTOS = 13 – LimitSummary = 14 – MaxInspectLength = 15 – MinHits = 16 – ResetAfterIdle = 15 17 – SigComment = 18 – SigStringInfo = 19 – ThrottleInterval...

cisco security professional''''s guide to secure intrusion detection systems phần 7 potx

... onswitch S1:R4000 -1( config)# monitor session 1 source interface fa2 /1 rxR4000 -1( config)# monitor session 1 destination remote vlan 12 3On switch S2:R4000-2(config)# monitor session 1 source interface ... ACL would be created like so:R6000 (config)# ip access-list 10 1 permit tcp 19 2 .16 8 .1. 0 0.0.0.255 range 10 24 32000 10 .1. 1.0 0.0.0.255 lt 10 24 This list does not need a permit any any clause at the ... 9 .11 Traffic Capture, with Trunking as an Additional FilterIDSM 2IDSM 1 VLAN 10 0VLAN 200VLAN 300VLAN 400PAcketscaptured byVACLclear trunk 5 /1 1 -10 24set trunk 5 /1 100, 200set vlan 10 0...

cisco security professional''''s guide to secure intrusion detection systems phần 10 pot

... 310 8-MIME Overﬂow Bug 611 0-RPC RSTATD Sweep 611 1-RPC RUSERSD Sweep 611 2-RPC NFS Sweep 611 3-RPC MOUNTD Sweep 611 4-RPC YPPASSWDD Sweep 611 5-RPC SELECTION_SVC Sweep 611 6-RPC REXD Sweep 611 7-RPC ... 518 8-HTTP Tunneling ■Release version S 11 517 8-MS Index Server File/Path Recon 517 9-PHP-Nuke File Upload 518 0-sgiMerchant Directory Traversal 518 1-MacOS Apache File Disclosure 518 1 :1- MacOS ... 10 000 :10 00-IP-Spoof Interface 1 10 000 :10 01- IP-Spoof Interface 2 ■Release version 1. 0 11 00-IP Fragment Attack 11 01- Unknown IP Protocol 2000-ICMP Echo Reply 20 01- ICMP Host Unreachable 2002-ICMP...

cisco security professional''''s guide to secure intrusion detection systems phần 2 pps

... mode) 10 .0.0.4 -> sensor1 UDP D=45000 S=45000 LEN=56sensor1 -> 10 .0.0.4 UDP D=45000 S=45000 LEN=56 17 2 .18 .12 4 .14 2 -> sensor1 UDP D=45000 S=45000 LEN=56sensor1 -> 17 2 .18 .12 4 .19 4 UDP ... (Fast Ethernet) to be usedfor monitoring and control. Due to its processing capabilities, the Cisco 4 210 isoptimized to monitor multiple T1/E1,T3, or Ethernet environments.The 4 210 could also ... fromwww .cisco. com/kobayashi/sw-center/ciscosecure/ids/crypto/.Q: What’s the difference between Cisco s PostOfﬁce Protocol and RDEP? A: Both are proprietary and secure mechanisms Cisco uses to control...

cisco security professional''''s guide to secure intrusion detection systems phần 5 ppsx

... current4,47,2003/06 /18 ,22:40:23,2003/06 /18 ,14 :40:23 ,10 008,57 ,10 0,OUT,OUT,2,3030,0,TCP/IP ,10 .4.2.75,0.0.0.0,0 ,13 9,0.0.0.0, 4,48,2003/06 /18 ,23: 21: 50,2003/06 /18 ,15 : 21: 50 ,10 008,57 ,10 0,OUT,OUT,2,3030,0,TCP/IP ,10 .8.3.24,0.0.0.0,0 ,13 9,0.0.0.0,7 To ... %DTP-5-TRUNKPORTON:Port 4 /1 has becomedot1q trunk2003 Jun 15 07:32: 51 PDT -07:00 %PAGP-5-PORTTOSTP:Port 4 /1 joined bridgeport 4 /1 2003 Jun 15 07:32: 51 PDT -07:00 %PAGP-5-PORTTOSTP:Port 4/2 ... Conﬁguring the Cisco IDSM SensorFigure 6 .17 Sample of the show vlan Command 2 /1- 6,2/9-26,2/30-363/6 -14 4/2 10 0 delete active 89 10 1 FAILOVER active 91 10 02 fddi-default active 6 10 03 token-ring-default...

cisco security professional''''s guide to secure intrusion detection systems phần 8 docx

... provided by the Security Monitor .To access the Security Monitor from the CiscoWorks2000Desktop, select the Monitoring Center and then the Security Monitor,asshown in Figure 10 .38. To access reports ... material of the Cisco Secure Intrusion Detection Systems Exam (CSIDS 9E0 -10 0) still refers to a total number of59 signatures that Cisco IOS-IDS supports.www.syngress.com267 _Cisco_ IDS _11 .qxd 9/30/03 ... Chapter 11 • Cisco Firewall/IDS IOSWe have now conﬁgured Router1 with a hostid of 2 and an orgid of 10 0 .To be able to successfully communicate with the Director, Router1 also needs to know where to...

cisco security professional''''s guide to secure intrusion detection systems phần 9 pdf

... list of usernames withSNMP OID .1. 3.6 .1. 4 .1. 77 .1. 2.25. SubSigId 1 fires when an attempt ismade to enumerate the list of network shares with SNMP OID .1. 3.6 .1. 4 .1. 77 .1. 2.27.■4504-SNMP IOS Configuration ... LOCK ■Sub Sig 11 UNLOCK ■Sub Sig 12 REVLABEL ■Sub Sig 13 REVLOG Sub ■Sig 14 REVADD ■Sub Sig 15 REVNUM ■Sub Sig 16 SETATTRIBUTE ■Sub Sig 17 GETATTRIBUTE ■Sub Sig 18 GETATTRIBUTENAMES ... sent.■ 311 1 :1- W32 Sircam Malicious Code:Alarms when SirCam virus e-mailattachment is received.■ 311 2-Lotus Domino Mail Loop DoS: Alarms when a To: field in the mail isdetected greather than 10 0...

Xem thêm