• No results found

Lab Configure IOS Firewall IDS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lab Configure IOS Firewall IDS"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Lab 5.2.5 Configure IOS Firewall IDS

Estimated Time: 15 minutes

Number of Team Members: Two teams with four students per team.

Objective

In this lab, the student will learn how to perform the following tasks: • Initialize IOS Firewall IDS on the router

• Configure and apply audit rules • Verify the IDS router configuration • Test the IDS router configuration • Set and test protected addresses

Scenario

The Intrusion Detection Systems provide a level of protection beyond the firewall by protecting the network from internal and external attacks and threats. Cisco IOS Firewall IDS technology enhances perimeter firewall protection by taking appropriate action on packets and flows that violate the security policy or represent malicious network activity based on almost 100 predefined IDS signatures.

Topology:

(2)

Preparation

Begin with the standard lab topology and verify the standard router configuration on the pod routers. Test the connectivity between the pod routers. Access the perimeter router console port using the terminal emulator on the Windows 2000 server. If desired, save the router configuration to a text file for later analysis. Refer back to the Student Lab Orientation if more help is needed.

Tools and resources or equipment

In order to complete the lab, the standard lab topology is required: • Two pod routers

• Two student PCs with HyperTerminal installed • One SuperServer

• One backbone switch and one backbone router • Two console cables

Additional materials

Further information about the objectives covered in this lab can be found at the following websites:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter091 86a00800d9819.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_reference_chapter09 186a00800d9808.html

Command list

In this lab exercise, the following commands will be used. Refer to this list if assistance or help is needed during the lab exercise.

Command Description

ip audit attack Specifies the default actions for attack signatures. ip audit info Specifies the default actions for info signatures. ip audit name Creates audit rules for info and attack signature types. ip audit notify Specifies the methods of event notification.

ip audit po Specifies the local Post Office parameters used when sending event notifications.

ip audit po max-events Specifies the maximum number of event notifications that are placed in the router event cue.

ip audit signature Attaches a policy to a signature.

(3)

Step 1 Initialize the IDS on the Router

Complete the following lab steps to initialize IDS on the router.

a. Use the ip audit notify command to specify the method of event notification. RouterP(config)# ip audit notify log

1. What are the other methods of notification?

_____________________________________________________________________________ b. Use the ip audit po command to specify the local Post Office when sending event

notifications.

RouterP(config)# ip audit po local

c. Use the ip audit po max-events command to specify the maximum number of event notifications that are placed in the router event cue.

RouterP(config)# ip audit po max-events 100 2. What is the maximum amount of events that can be set?

_____________________________________________________________________________ d. Use the command logging console info to see the syslog messages on the router

console.

RouterP(config)# logging console info e. Configure logging to a Syslog server.

RouterP(config)# logging 10.0.P.12 RouterP(config)# logging on

f. Set the protected network.

Router(config)# ip audit protected 10.0.P.20 to 10.0.P.254 g. Save the configuration and reload.

RouterP# write memory RouterP# reload

Step 2 Create and Apply Audit Rules

Complete the following lab steps to configure and apply audit rules on the router. a. Globally disable signature 2004.

RouterP(config)# ip audit signature 2004 disable

b. Use the ip audit info {action [alarm] [drop] [reset]} command to specify the default actions for info signatures.

RouterP(config)# ip audit info action alarm

c. Use the ip audit attack {action [alarm] [drop] [reset]} command to specify the default actions for attack signatures.

(4)

d. Use the ip audit name audit name command to create audit rules for attack and info signatures, where audit-name is a user-defined name for an audit rule.

RouterP(config)# ip audit name AUDIT.1 info RouterP(config)# ip audit name AUDIT.1 attack e. Use the same name when assigning attack and info type signatures.

f. Apply the previously created rule to the outside interface using the in direction: RouterP(config)# interface fa 0/1

RouterP(config)# ip audit AUDIT.1 in 3. What other direction can an audit rule be applied?

_____________________________________________________________________________

Step 3 Verify the IDS Router's Configuration

a. Display the IDS configuration:

RouterP# show ip audit configuration

b. Verify the parameters configured as well as several default settings. c. Display the IDS interface configuration:

RouterP# show ip audit interface

4. What are the parameters configured and the default settings?

_____________________________________________________________________________ _____________________________________________________________________________ d. Display the IDS interface statistics:

RouterP# show ip audit statistics

Step 4 Test the IDS router configuration

a. Telnet to the peer pod router and complete the following steps: RouterP# ping

Protocol [IP] <enter>

Target IP address: 10.0.P.2 Repeat count [5]: 20

Datagram size [100]: 2000

Timeout in seconds [2]: <enter> Extended commands [n]: <enter> Sweep range of size [n]: <enter>

The router will now send multiple packets to the peer router causing them to be discarded and causing audit rules to generate events in the statistics log.

5. What signature number is displayed in the console message?

(5)

b. Complete the next ping test: RouterP# ping

Protocol [IP] <enter>

Target IP address: 10.0.P.2 Repeat count [5]: 20

Datagram size [100]: 1021

Timeout in seconds [2]: <enter> Extended commands [n]: <enter> Sweep range of size [n]: <enter>

6. What signature number is displayed in the console message?

_____________________________________________________________________________ c. End the Telnet session with the peer router.

d. Check to see the generated events by using the show ip audit statistics command: RouterP# sh ip audit statistics

7. What signatures show up in the log?

_____________________________________________________________________________

Step 5 Setting and Testing Protected Addresses

a. Configure protected addresses by combining audit rules and access control lists (ACLs). RouterP(config)# ip audit name AUDIT.1 attack list 90

RouterP(config)# access-list 90 deny host 172.30.Q.2 RouterP(config)# access-list 90 permit any

Note: The ACL in the preceding example is not denying traffic from 172.30.Q.2 host. This would be as expected if the ACL were applied to an interface. Instead, the hosts on that network are not filtered through the audit process because they are trusted hosts. On the other hand, all other hosts, as defined by permit any, are processed by the audit rule.

b. Telnet to the peer pod router and complete the following steps: RouterP# ping

Protocol [IP] <enter>

Target IP address: 10.0.P.2 Repeat count [5]: 20

Datagram size [100]: 2000

Timeout in seconds [2]: <enter> Extended commands [n]: <enter> Sweep range of size [n]: <enter> 8. Where the packets successful?

References

Download now ( PDF - 5 Page - 248.17 KB )

Related documents

Atoll 3.1.2 Automatic Cell Planning Module

Creating the optimisation setup Defining optimisation parameters Running the optimisation process Viewing optimisation results Analysing optimisation results.. Combined

GAO. TECHNOLOGY TRANSFER Administration of the Bayh-Dole Act by Research Universities. Report to Congressional Committees

The universities we visited accounted for over 28 percent of the direct science and engineering research funding awarded to universities in fiscal year 1995 and received 57.1 percent

The role of religion and political regime for human capital and economic development

Monotheism (From a Sociopolitical and Economic Perspective). Luther and Suleyman. Quarterly Journal of Economics, November, Vol. Trade, institutions and religious tolerance:

Click chemistry of β-Cyclodextrin and its guests : design, synthesis, and application of polymersomes and photo-active metal complexes

In this thesis, I aimed to describe the preparation of new inorganic luminescent compounds functionalised with permethylated #-cyclodextrin (#CD) or its guests that are water

All About Oracle Auditing A White Paper February 2013

AUDIT CREATE PUBLIC DATABASE LINK; AUDIT GRANT ANY OBJECT PRIVILEGE; AUDIT ALTER USER;. AUDIT CREATE SESSION; AUDIT GRANT ANY PRIVILEGE; AUDIT

Evaluation of Commercial Cultivars of Cut Gerbera (Gerbera jamesonii Bolus Ex Hooker F.) under Polyhouse in Shevaroy Condition of Eastern Ghats

In the present study, genotypic correlation between number of flowers per plant per year was positively correlated with plant height (0.145), number of leaves (0.241), number of

Researching WAN Technologies - ILM

Part 2: Investigate a Dedicated Leased Line Service Provider in Your Area In Part 2, you will research a local service provider that will provide a T1 dedicated leased line to

Gordon Ramsay Teaches Cooking Masterclass (WORKBOOK).pdf

Gordon mentions that leftover salmon carcass is great for stock, so try making a fish stock using this recipe.. Share photos with your classmates, as well as any individual