© 2005, Cisco Systems, Inc. All rights reserved. IPS v Lesson 4 Using IPS Device Manager

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Introduction to the IPS Device Manager

© 2005 Cisco Systems, Inc. All rights reserved. IPS v IPS Device Manager IDM is a web-based application that enables you to configure, manage, and monitor the sensor. The IDM web server resides on the sensor and can be accessed via your web browser.

© 2005 Cisco Systems, Inc. All rights reserved. IPS v IDM Features and Benefits Web-based embedded architecture Task-based GUI Configuration and monitoring Sensor system administration Signature grouping Signature customization Secure communication (TLS and SSL)

© 2005 Cisco Systems, Inc. All rights reserved. IPS v TLS and SSL Communications TLS and SSL use a process called handshaking that involves a number of coordinated exchanges between a client and a server. A trusted host certificate is used by the server to verify the identity of a connecting client. A server certificate is used by the server to prove its identity to the client. IDM HTTPS (TLS and SSL) HTTPS Server HTTPS Client IDM

© 2005 Cisco Systems, Inc. All rights reserved. IPS v SDEE and RDEP over HTTPS Sensor Configuratio n XML HTTPS RDEP IDM SDEE Event XML HTTPS

© 2005 Cisco Systems, Inc. All rights reserved. IPS v IDM System Requirements Supported operating systems for IDM and their corresponding supported browsers: Windows 2000, Windows XP –Internet Explorer 6.0 with Java Plug-In 1.5 –Netscape 7.1 with Java Plug-In 1.5 Sun SPARC Solaris 2.8 or 2.9 –Mozilla 1.7 Red Hat Linux 9.0 or Red Hat Enterprise Linux WS, version 3 running GNOME or KDE –Mozilla 1.7

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Getting Started with the IDM

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Logging In to the IDM

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusting the Sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusting Cisco

© 2005 Cisco Systems, Inc. All rights reserved. IPS v License Key Warning

© 2005 Cisco Systems, Inc. All rights reserved. IPS v IDM User Interface ForwardBackRefresh Help

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Online IDM Help

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Configuring Network Settings Hostname Remote Access Default Route Network Mask IP Address Reset Web Server Settings Configuration Network Sensor Setup

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Configuring Certificates

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Server Certificate Generate Certificate Server Certificate Configuration Certificates Sensor Setup

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusted Hosts D Add IP Address

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Trusted Hosts (Cont.) View Delete

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Configuring SSH

© 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Communications The clients key (SSH authorized key) enables the client to connect without password authentication. The servers key (SSH host key) is used by the sensor to prove its identity to the client. CLI SSH Client SSH Server

© 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Authorized Keys Authorized Keys Add Sensor Setup Configuration SSH

© 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Authorized Keys (Cont.) ID Modulus Length Public Exponent Public Modulus

© 2005 Cisco Systems, Inc. All rights reserved. IPS v SSH Authorized Keys (Cont.) Edit Delete Reset Apply

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Sensor SSH Host Key Generate Key Sensor Key

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys R Add Known Host Keys

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys (Cont.) Retrieve Host Key IP Address

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys (Cont.) Modulus Length Public Modulus Public Exponent

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Known Host Keys (Cont.) ApplyReset Delete Edit

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Rebooting and Shutting Down the Sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Rebooting the Sensor Reboot Sensor Configuration

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Shutting Down the Sensor Shut Down Sensor Configuration

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Viewing Events in IDM

© 2005 Cisco Systems, Inc. All rights reserved. IPS v The Events Panel The Events panel enables you to do the following: –Filter event data –View event data You can filter events based on the following: –Type –Time –Both type and time

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Configuring the Event Display Monitoring Events View Reset Select the number of rows per page To configure events by type To configure events by time

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Viewing the Events Back Next Sig IDEventsEvent IDSensor UTC TimeType# Close Help Details

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Viewing Event Details

© 2005, Cisco Systems, Inc. All rights reserved. IPS v Summary

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary The IDM is a web-based Java application that enables you to configure and manage your sensor. The IDM also enables you to view and manage alarm feeds from the sensor. The web server for the IDM resides on the sensor. You can access the web server for the IDM via the Internet Explorer, Netscape, or Mozilla web browsers. By default, TLS provides the security for communications between the sensor and the management system running the IDM.

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary (Cont.) SSH can be used to securely connect to the sensor CLI. You can use the IDM to configure and manage both TLS certificates and SSH keys. You can use the IDM to reboot the sensor. You can use the IDM to put the sensor in a state in which it is safe to power it off. The IDM enables you to filter the events display by type, time, or both.