Beruflich Dokumente
Kultur Dokumente
Configuring Blocking
• Cisco routers
• PIX Security Appliances
• Firewall Services Modules
• Catalyst 5000 family switches
• Catalyst 6000 family switches
Configuratio
n
Sensor Setup
SSH
Add
Known Hosts
Key
IP Address
Retrieve
Host Key
Modulus
Length
Public
Exponent
Public
Modulus
OK
192.168.1.10 172.26.26.1
1
Sensor Attacker
2 detects attacks
attack. 192.168.1.10.
3 Sensor writes ACL. 4 Router blocks attacker.
Untrusted
• When the sensor has Network
full control, no manually
entered ACLs are
allowed. External Inbound
Interfaces ACL
• For an external
interface, prefer an
inbound direction. Internal Outbound
Interfaces ACL
• For an internal interface
prefer an outbound
direction. Protected
Network
Configuration
Signature
Definition
Signature
Configuration
Actions
Request
Block
Connection
Request
Block
Host
Configuration
Enable blocking
Blocking Maximum
Block Entries
Blocking
Properties
Add
Allow the
sensor . . .
blocked
IP Address
Mask
Configuration
Blocking
Add
Device Login
Profiles
Profile
Name
Username
New
Password
Confirm
New
Password
New
Password
Confirm
New
Password
Configuration
Blocking
Blocking
Add
Devices
IP Address
Sensor’s NAT
Address
Device Login
Profile
Device Type
Communication
Configuration
Blocking
Add
Router
Blocking
Device
Interfaces
Blocking
Interface
Direction
Pre-Block
ACL
Post-
Block
ACL
Configuration
Blocking
Add
Cat 6K
Blocking
Devices
Cat 6K
Blocking
Device
VLAN ID
Pre-Block
VACL
Post-
Block
VACL
Monitoring
Active Host
Blocks
Add
Source IP
Enable
Connection
Destination
Blocking
Port
Protocol
Destination
IP
VLAN
Enable
Timeout
Timeout No Timeout
Monitoring
Network
Blocks
Add
Source IP
Netmask
Enable
Timeout
Timeout
No
Timeout
Provider Provider
X Y
Attacker Sensor B
Sensor A Blocks
Router A Blocks
Sensor A
... Protected commands
network Sensor B
to block
Target
© 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0—10-36
Master Blocking Sensor Characteristics
Configuration
Blocking
Add
Master
Blocking
Sensor
IP Address
Port
Username
New
Password
Confirm
New
Password
Use TLS
IP
Address
Network
Mask
Web
FTP
.50
172.26.26.0
.150
172.30.P.0 .1 .1 172.30.Q.0
.2 .2
RBB
prP prQ
172.16.Q.0
172.16.P.0 .1 .1
.4 .4
sensorP sensorQ
.2 .2
rP rQ
10.0.P.0 .2 .2 10.0.Q.0
.100
.100
RTS
RTS
Student PC Student PC
10.0.P.12 10.0.Q.12
© 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0—10-46