Tài Liệu CCNA - Enterprise Intrusion Detection System Monitoring And Reporting
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.65 MB, 69 trang )
Chapter 16
Enterprise Intrusion Detection System Monitoring and Reporting
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-1
Objectives
Upon completion of this chapter, you will be able
to perform the following tasks:
• Define features and key concepts of the Security Monitor.
• Install and verify the Security Monitor functionality.
• Monitor IDS devices with the Security Monitor.
• Administer Security Monitor event rules.
• Use the reporting features of the Security Monitor.
• Administer the Security Monitor server.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-2
Introduction
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-3
What Is the Security Monitor?
The Security Monitor provides event
collection, viewing, and reporting
capability for network devices.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-4
Security Monitor Features
The following are the Security Monitor
features:
• Monitors the following devices:
– Sensor appliances
– IDS Modules
– IOS Routers
– PIX Firewalls
• Web-based monitoring platform
• Custom reporting capability
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-5
Installation
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-6
Installation Requirements
• Hardware
– IBM PC-compatible computer with 800 MHz or faster
– Color monitor capable of viewing 256 colors
– CD-ROM drive
– 100 Mbps or faster network connection
• Memory—1 GB of RAM minimum
• Disk drive space
– 12 GB minimum
– NTFS
• Software
– Windows 2000 Server with Service Pack 2
– ODBC Driver Manager 3.510 or later
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-7
Client Access Requirements
• Hardware—IBM PC-compatible computer with a 300 MHz or
faster
• Memory—256 MB of RAM minimum
• Disk drive space—400 MB virtual memory
• Software
– Windows 98 and NT 4.0
– Windows 2000 Professional with Service Pack 2
– Windows 2000 Server/Advanced Server with Service Pack 2
• Browser
– Internet Explorer 6.0 or later (recommended)
– Netscape Navigator 4.79 or later
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-8
Installation Overview
• VMS Common Services is required for the
Security Monitor.
• VMS Common Services provides the
CiscoWorks server-based components, software
libraries, and software packages developed for
the Security Monitor.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-9
Security Monitor Installation
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-10
Component and Database Location
Selection
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-11
Database Password
and Syslog Port
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-12
Communication Properties
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-13
Upgrade Process
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-14
Getting Started
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-15
CiscoWorks Login
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-16
CiscoWorks User
Authorization Roles
• CiscoWorks user authorization roles allow different
privileges within the VMS and the Security Monitor:
– Help Desk—Read-only for the entire system
– Approver—Read-only for the entire system
– Network Operator—Read-only for the rest of the
system and generates reports
– Network Administrator—Configures devices, and
modifies reports and rules
– System Administrator—Performs all operations
• Users can be assigned multiple authorization roles.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-17
CiscoWorks Add User
Choose Server Configuration>Setup>Security>Add Users.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-18
Security Monitor Launch
Choose VPN/Security Management>Management Center>Security Monitor.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-19
Understanding the
Security Monitor Interface
Path bar
Option bar
Tabs
Tools
TOC
Action buttons
© 2003, Cisco Systems, Inc. All rights reserved.
Page
Instructions
CSIDS 4.0—16-20
Security Monitor Configuration
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-21
Security Monitor Configuration
Security Monitor configuration operations are:
• Adding Devices—Security Monitor monitors the following types of
devices:
– RDEP IDS
– PostOffice IDS
– IOS IDS
– Host IDS
– PIX
• Monitoring Devices—Information monitored falls into the following three
categories:
– Connections
– Statistics
– Events
• Event Notification—Tasks involved to configure notification are as follows:
– Adding Event Rules
– Activating Event Rules
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-22
Devices—Add
Choose Devices.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-23
RDEP Devices—Add
Choose Devices and Select Add.
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-24
RDEP Devices—Add (cont.)
© 2003, Cisco Systems, Inc. All rights reserved.
CSIDS 4.0—16-25
