Installing and Using Cisco Intrusion Prevention System Device Manager 6.0 - Index [Cisco IPS 4200 Series Sensors]

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z

Index

Numerics

4GE bypass interface card

configuration restrictions 3-11

described 3-10

802.1q encapsulation VLAN groups 3-13

A

accessing IPS software 13-2

access list misconfiguration C-25

ACLs

described 8-3

Post-Block 8-23

Pre-Block 8-23

Active Host Blocks pane

button functions 8-36, 12-4

configuring 8-38, 12-5

described 8-36, 12-3

field descriptions 8-36, 12-4

user roles 8-36, 12-3

active update bulletins subscribing to 13-16

AD 7-1, 7-2

caution 7-1, 7-2

configuration sequence 7-4

default configuration (example) 7-4

described 7-2

detect mode 7-3

disabling C-18

event actions 7-6, B-42

inactive mode 7-4

learning process 7-3

learn mode 7-3

limiting false positives 7-13

protocols 7-2

signatures 7-5, B-42

signatures (table) B-43

worm attacks 7-13

worms 7-2

zones 7-4

ad0 pane

default 7-10

described 7-10

tabs 7-10

AD component described 7-2

Add Active Host Block dialog box

button functions 8-37, 12-4

field descriptions 8-37, 12-4

Add Allowed Host dialog box

button functions 2-12

field definitions 2-12

user roles 2-11

Add Authorized Key dialog box

button functions 2-16

field definitions 2-16

user roles 2-15

Add Blocking Device dialog box

button functions 8-20

field descriptions 8-20

user roles 8-19

Add Cat 6K Blocking Device Interface dialog box

button functions 8-30

field descriptions 8-30

user roles 8-29

Add Configured OS Map dialog box

button functions 6-31

field descriptions 6-31

Add Destination Port dialog box

button functions 7-18, 7-20, 7-31, 7-33, 7-42, 7-45

field descriptions 7-18, 7-20, 7-31, 7-33, 7-42, 7-45

Add Device Login Profile dialog box

button functions 8-17

field descriptions 8-17

user roles 8-16

Add Event Action Filter dialog box

button functions 6-23

field descriptions 6-23

user roles 6-22

Add Event Action Override dialog box

button functions 6-15

field descriptions 6-15

Add Event Variable dialog box

button functions 6-35

field descriptions 6-35

user roles 6-34

Add External Product Interface dialog box

button functions 10-6

field descriptions 10-6

user roles 10-4

Add Histogram dialog box

button functions 7-19, 7-21, 7-23, 7-31, 7-34, 7-36, 7-43, 7-46, 7-48

field descriptions 7-19, 7-21, 7-23, 7-31, 7-34, 7-36, 7-43, 7-46, 7-48

adding

active host blocks 8-38, 12-5

AD policies 7-9

a host never to be blocked 8-11

event action filters 6-26

event action overrides 6-17

event action rules policies 6-12

event variables 6-35

external product interfaces 10-9

network blocks 8-40, 12-8

OS maps 6-32

signature definition policies 5-3

signatures 5-15

signature variables 5-63

TVRs 6-20

virtual sensors 4-6

Add Inline VLAN Pair dialog box

button functions 3-23

field descriptions 3-23

Add Interface Pair dialog box

button functions 3-20

field descriptions 3-20

Add IP Logging dialog box

button functions 12-30

field descriptions 12-30

Add Known Host Key dialog box

button functions 2-18

field definitions 2-18

user roles 2-18

Add Master Blocking Sensor dialog box

button functions 8-33

field descriptions 8-33

user roles 8-32

Add Network Block dialog box

button functions 8-40

field descriptions 8-40

Add Never Block Address dialog box

button functions 8-10

field descriptions 8-10

user roles 8-8

Add Policy dialog box

button functions 5-3, 6-12, 7-9

field descriptions 5-3, 6-12, 7-9

Add Posture ACL dialog box

button functions 10-7

field descriptions 10-7

Add Protocol Number dialog box

button functions 7-23, 7-35, 7-47

field descriptions 7-23, 7-35, 7-47

Add Rate Limit dialog box

button functions 8-14

field descriptions 8-14

Address Resolution Protocol

See ARP

Add Router Blocking Device Interface dialog box

button functions 8-26

field descriptions 8-26

user roles 8-25

Add Signature dialog box

button functions 5-8

field descriptions 5-8

user roles 5-6

Add Signature Variable dialog box

button functions 5-62

field descriptions 5-62

user roles 5-61

Add SNMP Trap Destination dialog box

button descriptions 9-5

field descriptions 9-5

Add Target Value Rating dialog box

button functions 6-20

field descriptions 6-20

user roles 6-19

Add Trusted Host dialog box

button functions 2-24

field descriptions 2-24

user roles 2-23

Add User dialog box

button functions 2-39

field definitions 2-39

user roles 2-38

Add Virtual Sensor dialog box

button functions 4-5

described 4-6

field descriptions 4-5

Add VLAN Group dialog box

button functions 3-26

field descriptions 3-26

Administrators privileges A-26

AD policies

ad0 7-7

adding 7-9

cloning 7-9

default policy 7-7

deleting 7-9

user roles 7-8

AD signatures (table) 7-6

Advanced Alert Behavior Wizard

Alert Dynamic Response Fire All window

button functions 5-47

field descriptions 5-47

Alert Dynamic Response Fire Once window

button functions 5-48

field descriptions 5-48

Alert Dynamic Response Summary window

button functions 5-46

field descriptions 5-46

Alert Summarization window

button functions 5-46

field descriptions 5-46

Event Count and Interval window

button functions 5-45

field descriptions 5-45

Global Summarization window

button functions 5-48

field descriptions 5-48

advisory cryptographic products 1-1

AIC engine

AIC FTP B-7

AIC HTTP B-7

described B-7

features B-7

AIC engines described 5-67

AIC FTP engine parameters (table) B-8

AIC HTTP engine parameters (table) B-8

AIC policy configuring 5-73

AIC signatures (example) 5-74

AIM-IPS

initializing 1-33

setup command 1-33

system image installing 14-47

time sources 2-28, C-14

verifying installation C-68

AIP-SSM

bypass mode 3-29

initializing 1-21

installing system image 14-50

password recovery 2-8, C-11

recovering C-66

reimaging 14-50

resetting C-66

setup command 1-21

time sources 2-28, C-15

Alarm Channel described 6-5, A-24

alert frequency

aggregation 5-22

configuring 5-22

controlling 5-22

modes B-5

alert profile Home window 1-2

alert summary Home window 1-2

Allowed Hosts pane

button functions 2-12

configuring 2-12

described 2-11

field definitions 2-12

alternate TCP reset interface configuration restrictions 3-9

Analysis Engine

busy C-22

described 4-1

global variables 4-8

verify it is running C-19

virtual sensors 4-1

Analysis Engine busy IDM exits C-57

Analysis Engine is busy error messages C-22

Anomaly Detection

See AD

Anomaly Detection pane

button functions 7-53, 12-16

field descriptions 7-53, 12-16

user roles 7-53, 12-16

Anomaly Detections pane

button functions 7-8

described 7-7

field descriptions 7-8

user roles 7-8

appliances

application partition image 14-13

GRUB menu 2-5, C-8

initializing 1-6

password recovery 2-5, C-8

recovering software image 14-28

terminal servers

described 14-15

setting up 14-15

time sources 2-27, C-14

upgrading recovery partition 14-6

application partition described A-3

application partition image recovering 14-13

applications XML format A-2

applying software updates C-52

ARC

ACLs 8-23, A-12

authentication A-14

blocking

connection-based A-16

unconditional blocking A-16

blocking application 8-1

blocking not occurring for signature C-41

block response A-12

Catalyst 6000 series switch

VACL commands A-18

VACLs A-18

Catalyst switches

VACLs A-15

VLANs A-15

checking status 8-3, 8-4, 12-9

described A-2

design 8-2

device access issues C-38

enabling SSH C-41

features A-12

figure A-11

firewalls

AAA A-17

connection blocking A-17

NAT A-17

network blocking A-17

postblock ACL A-15

preblock ACL A-15

shun command A-17

TACACS+ A-17

formerly Network Access Controller 8-3

functions 8-1, A-11

inactive state C-37

interfaces A-13

maintaining states A-15

managed devices 8-7

master blocking sensors A-13

maximum blocks 8-2

misconfigured MBS C-42

nac.shun.txt file A-15

NAT addressing A-14

number of blocks A-14

postblock ACL A-15

preblock ACL A-15

prerequisites 8-5

rate limiting 8-3, 12-9

responsibilities A-11

single point of control A-14

SSH A-12

supported devices 8-5, A-14

Telnet A-12

troubleshooting C-35

VACLs A-12

verifying device interfaces C-40

verifying status C-36

ARP

Layer 2 signatures B-9

protocol B-9

ARP spoof tools

dsniff B-9

ettercap B-9

ARR

calculating RR 6-3

described 6-3

ASR

calculating RR 6-3

described 6-3

Assign Actions dialog box

button functions 5-12

field descriptions 5-12

assigning actions signatures 5-19

asymmetric environment AD 7-1, 7-2

asymmetric traffic disabling AD C-18

Atomic ARP engine

described B-9

parameters (table) B-9

Atomic IP engine

described B-9

parameters (table) B-10

Atomic IPv6 engine

described B-10

ND protocol B-10

signatures B-10

signatures (table) B-11

Attack Relevance Rating

See ARR

Attack Relevancy Rating

See ARR

Attack Response Controller

described A-2

formerly known as Network Access Controller A-2

See ARC

Attack Severity Rating

See ASR

AuthenticationApp

authenticating users A-20

described A-3

login attempt limit A-19

method A-19

responsibilities A-19

secure communications A-20

sensor configuration A-19

Authorized Keys pane

button functions 2-15

configuring 2-16

described 2-14

field definitions 2-15

RSA authentication 2-14

RSA key generation tool 2-16

automatic updates

Cisco.com 11-1

servers

FTP 11-1

SCP 11-1

troubleshooting C-53

automatic upgrade (examples) 14-10

automatic upgrades information required 14-7

autonegotiation hardware bypass 3-11

Auto Update UNIX-style directory listings 11-2

Auto Update pane

button functions 11-2

configuring 11-3

described 11-1

field descriptions 11-2

user roles 11-2

auto-upgrade-option command 14-7

B

backing up

configuration C-2

current configuration C-4

BackOrifice

See BO

BackOrifice 2000

See BO2K

blocking

described 8-1

disabling 8-7

master blocking sensor 8-32

necessary information 8-3

prerequisites 8-5

supported devices 8-5

types 8-2

Blocking Devices pane

button functions 8-19

configuring 8-20

described 8-18

field descriptions 8-19

ssh host-key command 8-20

blocking not occurring for signature C-41

Blocking Properties pane

adding a host never to be blocked 8-11

button functions 8-8

configuring 8-10

described 8-7

field descriptions 8-8

BO

described B-45

Trojans B-45

BO2K

described B-45

Trojans B-45

bootloader

explaining 14-32

upgrading 14-32

bypass mode 3-28

AIP-SSM 3-29

described 3-28

Bypass pane

button functions 3-29

field descriptions 3-29

C

calculating RR

ARR 6-3

ASR 6-3

PD 6-3

SFR 6-2

TVR 6-3

WLR 6-3

cannot access sensor C-23

Cat 6K Blocking Device Interfaces pane

button functions 8-29

configuring 8-30

described 8-28

field descriptions 8-29

certificates

displaying 2-26

generating 2-26

Internet Explorer 1-47

changing Microsoft IIS to UNIX-style directory listings 11-2

changing the memory

Java Plug-in on Linux 1-42, C-56

Java Plug-in on Solaris 1-42, C-56

Java Plug-in on Windows 1-42, C-55

cidDump obtaining information C-90

CIDEE

defined A-31

example A-32

IPS extensions A-31

protocol A-31

supported IPS events A-32

Cisco.com

accessing software 13-2

account 13-10

Active Update Bulletins 13-16

cryptographic access 13-10

downloading software 13-1, 13-10

IPS software 13-1

software downloads 13-1

Cisco IOS rate limiting 8-3, 12-9

cisco-security-agents-mc-settings command 10-8

Cisco Security Center

described 13-17

URL 13-17

Cisco Services for IPS

service contract 1-50, 13-11

supported products 1-50, 13-11

clear events command 2-32, 2-37, C-16, C-89

clearing

events 2-37, C-89

statistics C-75

clear password command 2-7, 2-8, C-10, C-11

CLI described A-3, A-25

clock set command 2-36

Clone Policy dialog box

button functions 5-3, 6-12, 7-9

field descriptions 5-3, 6-12, 7-9

Clone Signature dialog box

button functions 5-8

field descriptions 5-8

user roles 5-6

cloning

AD policies 7-9

event action rules policies 6-12

signature definition policies 5-3

signatures 5-17

command and control interfaces

described 3-2

list 3-2

commands

auto-upgrade-option 14-7

cisco-security-agents-mc-settings 10-8

clear events 2-32, 2-37, C-16, C-89

clear password 2-7, 2-8, C-10, C-11

clock set 2-36

copy backup-config C-3

copy current-config C-3

copy license-key 13-14

debug module-boot C-66

downgrade 14-11

hw-module module 1 reset C-66

hw-module module slot_number password-reset 2-8, C-11

setup 1-3, 1-6, 1-14, 1-21, 1-28, 1-33, 2-1

show events C-86

show inventory C-68

show module 1 details C-65

show settings 2-10, C-12

show statistics C-75

show statistics virtual-sensor C-22, C-75

show tech-support C-69

show version C-72

upgrade 14-3, 14-6

Compare Knowledge Bases dialog box

button functions 7-57, 12-20

field descriptions 7-57, 12-20

user roles 7-56, 12-19

comparing KBs 7-58, 12-20

configuration files

backing up C-2

merging C-2

configuration restrictions

alternate TCP reset interface 3-9

inline interface pairs 3-9

inline VLAN pairs 3-9

interfaces 3-8

physical interfaces 3-8

VLAN groups 3-9

Configure Summertime dialog box

button functions 2-30

field definitions 2-30

configuring

active host blocks 8-38, 12-5

AIC policy parameters 5-73

allowed hosts 2-12

application policy 5-74

authorized keys 2-16

automatic upgrades 14-9

blocking devices 8-20

blocking properties 8-10

Cat 6K blocking device interfaces 8-30

CSA MC IPS interfaces 10-3

device login profiles 8-17

event action filters 6-26

events 6-41

event variables 6-35

external zone 7-48

general settings 6-38

illegal zone 7-36

interface pairs 3-20

interfaces 3-8, 3-18

internal zone 7-24

IP fragment reassembly signatures 5-78

IP logging 12-30

known host keys 2-19

learning accept mode 7-14

maintenance partition

IDSM-2 (Catalyst software) 14-38

IDSM-2 (Cisco IOS software) 14-42

master blocking sensor 8-34

network blocks 8-40, 12-8

NTP servers 2-33

operation settings 7-11

OS maps 6-32

rate limiting 8-14, 12-11

rate limiting devices 8-20

router blocking device interfaces 8-26

sensor to use NTP 2-35

SNMP 9-3

SNMP traps 9-6

TCP fragment reassembly parameters 5-85

time 2-31

traffic flow notifications 3-31

trusted hosts 2-24

TVRs 6-20

upgrades 14-4

users 2-40

VLAN groups 3-27

VLAN pairs 3-23

configuring bypass mode user roles 3-29

configuring inline VLAN pairs user roles 3-22

configuring interface pairs user roles 3-19

configuring interfaces sequence 3-8

configuring OS maps user roles 6-31

configuring SNMP user roles 9-4

configuring traffic flow notifications user roles 3-30

configuring VLAN groups user roles 3-25

control transactions

characteristics A-7

request types A-7

cookies IDM 1-46

copy backup-config command C-3

copy current-config command C-3

copy license-key command 13-14

correcting time on the sensor 2-32, C-16

creating

custom signatures

not using signature engines 5-30

Service HTTP 5-58

String TCP 5-56

using signature engines 5-29

MEG signatures 5-25

Post-Block VACLs 8-28

Pre-Block VACLs 8-28

service account C-5

cryptographic access to Cisco.com 13-10

cryptographic products IDM 1-1

CSA MC

configuring IPS interfaces 10-3

host posture events 10-1, 10-3

quarantined IP address events 10-1

supporting IPS interfaces 10-3

CtlTransSource

described A-2, A-10

figure A-10

current configuration backing up C-2

current KBs setting 7-59, 12-22

custom signatures

described 5-5

MEG signature 5-25

Custom Signature Wizard

Alert Behavior window

button functions 5-45

Alert Response window

button functions 5-44

field descriptions 5-44

Atomic IP Engine Parameters window

button functions 5-33

field descriptions 5-33

described 5-28

ICMP Traffic Type window

button functions 5-41

field descriptions 5-41

Inspect Data window

button functions 5-44

field descriptions 5-44

MSRPC Engine Parameters window

button functions 5-36

field descriptions 5-36

no signature engine sequence 5-30

Protocol Type window

button functions 5-32

field descriptions 5-32

Service HTTP Engine Parameters window

button functions 5-35

field descriptions 5-35

Service RPC Engine Parameters window

button functions 5-36

field descriptions 5-36

Service Type window

button functions 5-43

field descriptions 5-43

signature engine sequence 5-29

Signature Identification window

button functions 5-33

field descriptions 5-33

State Engine Parameters window

button functions 5-37

field descriptions 5-37

String ICMP Engine Parameters window

button functions 5-38

field descriptions 5-38

String TCP Engine Parameters window

button functions 5-39

field descriptions 5-39

String UDP Engine Parameters window

button functions 5-40

field descriptions

	Installing and Using Cisco Intrusion Prevention System Device Manager 6.0
	Index
Installing and Using Cisco Intrusion Prevention System Device Manager 6.0 Preface Getting Started Setting Up the Sensor Configuring Interfaces Configuring Virtual Sensors Policies--Signature Definitions Policies--Event Action Rules Policies--Anomaly Detection Configuring Attack Response Controller for Blocking and Rate Limiting Configuring SNMP Configuring External Product Interfaces Maintaining the Sensor Monitoring the Sensor Obtaining Software Upgrading, Downgrading, and Installing System Images System Architecture Signature Engines Troubleshooting Glossary Index	Download this chapter Index Download the complete book Click Here for Whole-Book PDF (PDF - 9 MB) Table Of Contents Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z Index Numerics 4GE bypass interface card configuration restrictions 3-11 described 3-10 802.1q encapsulation VLAN groups 3-13 A accessing IPS software 13-2 access list misconfiguration C-25 ACLs described 8-3 Post-Block 8-23 Pre-Block 8-23 Active Host Blocks pane button functions 8-36, 12-4 configuring 8-38, 12-5 described 8-36, 12-3 field descriptions 8-36, 12-4 user roles 8-36, 12-3 active update bulletins subscribing to 13-16 AD 7-1, 7-2 caution 7-1, 7-2 configuration sequence 7-4 default configuration (example) 7-4 described 7-2 detect mode 7-3 disabling C-18 event actions 7-6, B-42 inactive mode 7-4 learning process 7-3 learn mode 7-3 limiting false positives 7-13 protocols 7-2 signatures 7-5, B-42 signatures (table) B-43 worm attacks 7-13 worms 7-2 zones 7-4 ad0 pane default 7-10 described 7-10 tabs 7-10 AD component described 7-2 Add Active Host Block dialog box button functions 8-37, 12-4 field descriptions 8-37, 12-4 Add Allowed Host dialog box button functions 2-12 field definitions 2-12 user roles 2-11 Add Authorized Key dialog box button functions 2-16 field definitions 2-16 user roles 2-15 Add Blocking Device dialog box button functions 8-20 field descriptions 8-20 user roles 8-19 Add Cat 6K Blocking Device Interface dialog box button functions 8-30 field descriptions 8-30 user roles 8-29 Add Configured OS Map dialog box button functions 6-31 field descriptions 6-31 Add Destination Port dialog box button functions 7-18, 7-20, 7-31, 7-33, 7-42, 7-45 field descriptions 7-18, 7-20, 7-31, 7-33, 7-42, 7-45 Add Device Login Profile dialog box button functions 8-17 field descriptions 8-17 user roles 8-16 Add Event Action Filter dialog box button functions 6-23 field descriptions 6-23 user roles 6-22 Add Event Action Override dialog box button functions 6-15 field descriptions 6-15 Add Event Variable dialog box button functions 6-35 field descriptions 6-35 user roles 6-34 Add External Product Interface dialog box button functions 10-6 field descriptions 10-6 user roles 10-4 Add Histogram dialog box button functions 7-19, 7-21, 7-23, 7-31, 7-34, 7-36, 7-43, 7-46, 7-48 field descriptions 7-19, 7-21, 7-23, 7-31, 7-34, 7-36, 7-43, 7-46, 7-48 adding active host blocks 8-38, 12-5 AD policies 7-9 a host never to be blocked 8-11 event action filters 6-26 event action overrides 6-17 event action rules policies 6-12 event variables 6-35 external product interfaces 10-9 network blocks 8-40, 12-8 OS maps 6-32 signature definition policies 5-3 signatures 5-15 signature variables 5-63 TVRs 6-20 virtual sensors 4-6 Add Inline VLAN Pair dialog box button functions 3-23 field descriptions 3-23 Add Interface Pair dialog box button functions 3-20 field descriptions 3-20 Add IP Logging dialog box button functions 12-30 field descriptions 12-30 Add Known Host Key dialog box button functions 2-18 field definitions 2-18 user roles 2-18 Add Master Blocking Sensor dialog box button functions 8-33 field descriptions 8-33 user roles 8-32 Add Network Block dialog box button functions 8-40 field descriptions 8-40 Add Never Block Address dialog box button functions 8-10 field descriptions 8-10 user roles 8-8 Add Policy dialog box button functions 5-3, 6-12, 7-9 field descriptions 5-3, 6-12, 7-9 Add Posture ACL dialog box button functions 10-7 field descriptions 10-7 Add Protocol Number dialog box button functions 7-23, 7-35, 7-47 field descriptions 7-23, 7-35, 7-47 Add Rate Limit dialog box button functions 8-14 field descriptions 8-14 Address Resolution Protocol See ARP Add Router Blocking Device Interface dialog box button functions 8-26 field descriptions 8-26 user roles 8-25 Add Signature dialog box button functions 5-8 field descriptions 5-8 user roles 5-6 Add Signature Variable dialog box button functions 5-62 field descriptions 5-62 user roles 5-61 Add SNMP Trap Destination dialog box button descriptions 9-5 field descriptions 9-5 Add Target Value Rating dialog box button functions 6-20 field descriptions 6-20 user roles 6-19 Add Trusted Host dialog box button functions 2-24 field descriptions 2-24 user roles 2-23 Add User dialog box button functions 2-39 field definitions 2-39 user roles 2-38 Add Virtual Sensor dialog box button functions 4-5 described 4-6 field descriptions 4-5 Add VLAN Group dialog box button functions 3-26 field descriptions 3-26 Administrators privileges A-26 AD policies ad0 7-7 adding 7-9 cloning 7-9 default policy 7-7 deleting 7-9 user roles 7-8 AD signatures (table) 7-6 Advanced Alert Behavior Wizard Alert Dynamic Response Fire All window button functions 5-47 field descriptions 5-47 Alert Dynamic Response Fire Once window button functions 5-48 field descriptions 5-48 Alert Dynamic Response Summary window button functions 5-46 field descriptions 5-46 Alert Summarization window button functions 5-46 field descriptions 5-46 Event Count and Interval window button functions 5-45 field descriptions 5-45 Global Summarization window button functions 5-48 field descriptions 5-48 advisory cryptographic products 1-1 AIC engine AIC FTP B-7 AIC HTTP B-7 described B-7 features B-7 AIC engines described 5-67 AIC FTP engine parameters (table) B-8 AIC HTTP engine parameters (table) B-8 AIC policy configuring 5-73 AIC signatures (example) 5-74 AIM-IPS initializing 1-33 setup command 1-33 system image installing 14-47 time sources 2-28, C-14 verifying installation C-68 AIP-SSM bypass mode 3-29 initializing 1-21 installing system image 14-50 password recovery 2-8, C-11 recovering C-66 reimaging 14-50 resetting C-66 setup command 1-21 time sources 2-28, C-15 Alarm Channel described 6-5, A-24 alert frequency aggregation 5-22 configuring 5-22 controlling 5-22 modes B-5 alert profile Home window 1-2 alert summary Home window 1-2 Allowed Hosts pane button functions 2-12 configuring 2-12 described 2-11 field definitions 2-12 alternate TCP reset interface configuration restrictions 3-9 Analysis Engine busy C-22 described 4-1 global variables 4-8 verify it is running C-19 virtual sensors 4-1 Analysis Engine busy IDM exits C-57 Analysis Engine is busy error messages C-22 Anomaly Detection See AD Anomaly Detection pane button functions 7-53, 12-16 field descriptions 7-53, 12-16 user roles 7-53, 12-16 Anomaly Detections pane button functions 7-8 described 7-7 field descriptions 7-8 user roles 7-8 appliances application partition image 14-13 GRUB menu 2-5, C-8 initializing 1-6 password recovery 2-5, C-8 recovering software image 14-28 terminal servers described 14-15 setting up 14-15 time sources 2-27, C-14 upgrading recovery partition 14-6 application partition described A-3 application partition image recovering 14-13 applications XML format A-2 applying software updates C-52 ARC ACLs 8-23, A-12 authentication A-14 blocking connection-based A-16 unconditional blocking A-16 blocking application 8-1 blocking not occurring for signature C-41 block response A-12 Catalyst 6000 series switch VACL commands A-18 VACLs A-18 Catalyst switches VACLs A-15 VLANs A-15 checking status 8-3, 8-4, 12-9 described A-2 design 8-2 device access issues C-38 enabling SSH C-41 features A-12 figure A-11 firewalls AAA A-17 connection blocking A-17 NAT A-17 network blocking A-17 postblock ACL A-15 preblock ACL A-15 shun command A-17 TACACS+ A-17 formerly Network Access Controller 8-3 functions 8-1, A-11 inactive state C-37 interfaces A-13 maintaining states A-15 managed devices 8-7 master blocking sensors A-13 maximum blocks 8-2 misconfigured MBS C-42 nac.shun.txt file A-15 NAT addressing A-14 number of blocks A-14 postblock ACL A-15 preblock ACL A-15 prerequisites 8-5 rate limiting 8-3, 12-9 responsibilities A-11 single point of control A-14 SSH A-12 supported devices 8-5, A-14 Telnet A-12 troubleshooting C-35 VACLs A-12 verifying device interfaces C-40 verifying status C-36 ARP Layer 2 signatures B-9 protocol B-9 ARP spoof tools dsniff B-9 ettercap B-9 ARR calculating RR 6-3 described 6-3 ASR calculating RR 6-3 described 6-3 Assign Actions dialog box button functions 5-12 field descriptions 5-12 assigning actions signatures 5-19 asymmetric environment AD 7-1, 7-2 asymmetric traffic disabling AD C-18 Atomic ARP engine described B-9 parameters (table) B-9 Atomic IP engine described B-9 parameters (table) B-10 Atomic IPv6 engine described B-10 ND protocol B-10 signatures B-10 signatures (table) B-11 Attack Relevance Rating See ARR Attack Relevancy Rating See ARR Attack Response Controller described A-2 formerly known as Network Access Controller A-2 See ARC Attack Severity Rating See ASR AuthenticationApp authenticating users A-20 described A-3 login attempt limit A-19 method A-19 responsibilities A-19 secure communications A-20 sensor configuration A-19 Authorized Keys pane button functions 2-15 configuring 2-16 described 2-14 field definitions 2-15 RSA authentication 2-14 RSA key generation tool 2-16 automatic updates Cisco.com 11-1 servers FTP 11-1 SCP 11-1 troubleshooting C-53 automatic upgrade (examples) 14-10 automatic upgrades information required 14-7 autonegotiation hardware bypass 3-11 Auto Update UNIX-style directory listings 11-2 Auto Update pane button functions 11-2 configuring 11-3 described 11-1 field descriptions 11-2 user roles 11-2 auto-upgrade-option command 14-7 B backing up configuration C-2 current configuration C-4 BackOrifice See BO BackOrifice 2000 See BO2K blocking described 8-1 disabling 8-7 master blocking sensor 8-32 necessary information 8-3 prerequisites 8-5 supported devices 8-5 types 8-2 Blocking Devices pane button functions 8-19 configuring 8-20 described 8-18 field descriptions 8-19 ssh host-key command 8-20 blocking not occurring for signature C-41 Blocking Properties pane adding a host never to be blocked 8-11 button functions 8-8 configuring 8-10 described 8-7 field descriptions 8-8 BO described B-45 Trojans B-45 BO2K described B-45 Trojans B-45 bootloader explaining 14-32 upgrading 14-32 bypass mode 3-28 AIP-SSM 3-29 described 3-28 Bypass pane button functions 3-29 field descriptions 3-29 C calculating RR ARR 6-3 ASR 6-3 PD 6-3 SFR 6-2 TVR 6-3 WLR 6-3 cannot access sensor C-23 Cat 6K Blocking Device Interfaces pane button functions 8-29 configuring 8-30 described 8-28 field descriptions 8-29 certificates displaying 2-26 generating 2-26 Internet Explorer 1-47 changing Microsoft IIS to UNIX-style directory listings 11-2 changing the memory Java Plug-in on Linux 1-42, C-56 Java Plug-in on Solaris 1-42, C-56 Java Plug-in on Windows 1-42, C-55 cidDump obtaining information C-90 CIDEE defined A-31 example A-32 IPS extensions A-31 protocol A-31 supported IPS events A-32 Cisco.com accessing software 13-2 account 13-10 Active Update Bulletins 13-16 cryptographic access 13-10 downloading software 13-1, 13-10 IPS software 13-1 software downloads 13-1 Cisco IOS rate limiting 8-3, 12-9 cisco-security-agents-mc-settings command 10-8 Cisco Security Center described 13-17 URL 13-17 Cisco Services for IPS service contract 1-50, 13-11 supported products 1-50, 13-11 clear events command 2-32, 2-37, C-16, C-89 clearing events 2-37, C-89 statistics C-75 clear password command 2-7, 2-8, C-10, C-11 CLI described A-3, A-25 clock set command 2-36 Clone Policy dialog box button functions 5-3, 6-12, 7-9 field descriptions 5-3, 6-12, 7-9 Clone Signature dialog box button functions 5-8 field descriptions 5-8 user roles 5-6 cloning AD policies 7-9 event action rules policies 6-12 signature definition policies 5-3 signatures 5-17 command and control interfaces described 3-2 list 3-2 commands auto-upgrade-option 14-7 cisco-security-agents-mc-settings 10-8 clear events 2-32, 2-37, C-16, C-89 clear password 2-7, 2-8, C-10, C-11 clock set 2-36 copy backup-config C-3 copy current-config C-3 copy license-key 13-14 debug module-boot C-66 downgrade 14-11 hw-module module 1 reset C-66 hw-module module slot_number password-reset 2-8, C-11 setup 1-3, 1-6, 1-14, 1-21, 1-28, 1-33, 2-1 show events C-86 show inventory C-68 show module 1 details C-65 show settings 2-10, C-12 show statistics C-75 show statistics virtual-sensor C-22, C-75 show tech-support C-69 show version C-72 upgrade 14-3, 14-6 Compare Knowledge Bases dialog box button functions 7-57, 12-20 field descriptions 7-57, 12-20 user roles 7-56, 12-19 comparing KBs 7-58, 12-20 configuration files backing up C-2 merging C-2 configuration restrictions alternate TCP reset interface 3-9 inline interface pairs 3-9 inline VLAN pairs 3-9 interfaces 3-8 physical interfaces 3-8 VLAN groups 3-9 Configure Summertime dialog box button functions 2-30 field definitions 2-30 configuring active host blocks 8-38, 12-5 AIC policy parameters 5-73 allowed hosts 2-12 application policy 5-74 authorized keys 2-16 automatic upgrades 14-9 blocking devices 8-20 blocking properties 8-10 Cat 6K blocking device interfaces 8-30 CSA MC IPS interfaces 10-3 device login profiles 8-17 event action filters 6-26 events 6-41 event variables 6-35 external zone 7-48 general settings 6-38 illegal zone 7-36 interface pairs 3-20 interfaces 3-8, 3-18 internal zone 7-24 IP fragment reassembly signatures 5-78 IP logging 12-30 known host keys 2-19 learning accept mode 7-14 maintenance partition IDSM-2 (Catalyst software) 14-38 IDSM-2 (Cisco IOS software) 14-42 master blocking sensor 8-34 network blocks 8-40, 12-8 NTP servers 2-33 operation settings 7-11 OS maps 6-32 rate limiting 8-14, 12-11 rate limiting devices 8-20 router blocking device interfaces 8-26 sensor to use NTP 2-35 SNMP 9-3 SNMP traps 9-6 TCP fragment reassembly parameters 5-85 time 2-31 traffic flow notifications 3-31 trusted hosts 2-24 TVRs 6-20 upgrades 14-4 users 2-40 VLAN groups 3-27 VLAN pairs 3-23 configuring bypass mode user roles 3-29 configuring inline VLAN pairs user roles 3-22 configuring interface pairs user roles 3-19 configuring interfaces sequence 3-8 configuring OS maps user roles 6-31 configuring SNMP user roles 9-4 configuring traffic flow notifications user roles 3-30 configuring VLAN groups user roles 3-25 control transactions characteristics A-7 request types A-7 cookies IDM 1-46 copy backup-config command C-3 copy current-config command C-3 copy license-key command 13-14 correcting time on the sensor 2-32, C-16 creating custom signatures not using signature engines 5-30 Service HTTP 5-58 String TCP 5-56 using signature engines 5-29 MEG signatures 5-25 Post-Block VACLs 8-28 Pre-Block VACLs 8-28 service account C-5 cryptographic access to Cisco.com 13-10 cryptographic products IDM 1-1 CSA MC configuring IPS interfaces 10-3 host posture events 10-1, 10-3 quarantined IP address events 10-1 supporting IPS interfaces 10-3 CtlTransSource described A-2, A-10 figure A-10 current configuration backing up C-2 current KBs setting 7-59, 12-22 custom signatures described 5-5 MEG signature 5-25 Custom Signature Wizard Alert Behavior window button functions 5-45 Alert Response window button functions 5-44 field descriptions 5-44 Atomic IP Engine Parameters window button functions 5-33 field descriptions 5-33 described 5-28 ICMP Traffic Type window button functions 5-41 field descriptions 5-41 Inspect Data window button functions 5-44 field descriptions 5-44 MSRPC Engine Parameters window button functions 5-36 field descriptions 5-36 no signature engine sequence 5-30 Protocol Type window button functions 5-32 field descriptions 5-32 Service HTTP Engine Parameters window button functions 5-35 field descriptions 5-35 Service RPC Engine Parameters window button functions 5-36 field descriptions 5-36 Service Type window button functions 5-43 field descriptions 5-43 signature engine sequence 5-29 Signature Identification window button functions 5-33 field descriptions 5-33 State Engine Parameters window button functions 5-37 field descriptions 5-37 String ICMP Engine Parameters window button functions 5-38 field descriptions 5-38 String TCP Engine Parameters window button functions 5-39 field descriptions 5-39 String UDP Engine Parameters window button functions 5-40 field descriptions