Lab 5.2.5 Configure IOS Firewall IDS



Similar documents
Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Lab Configure Intrusion Prevention on the PIX Security Appliance

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Lab Configure Cisco IOS Firewall CBAC

Lab Configuring the PIX Firewall as a DHCP Server

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Introduction of Intrusion Detection Systems

Lab Developing ACLs to Implement Firewall Rule Sets

Lab Configuring Access Policies and DMZ Settings

Skills Assessment Student Training Exam

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Security and Access Control Lists (ACLs)

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

Lab a Configure Remote Access Using Cisco Easy VPN

Lab Diagramming Intranet Traffic Flows

How To Understand And Understand Cisco Security Specialist (For A Non-Profit)

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router

FIREWALLS & CBAC. philip.heimer@hh.se

Lab 2.5.2a Configure SSH

Lab 5.5 Configuring Logging

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Lab Configure Remote Access Using Cisco Easy VPN

Firewall Stateful Inspection of ICMP

CISCO IOS NETWORK SECURITY (IINS)

Central America Workshop - Guatemala City Guatemala 30 January - 1 February 07. IPv6 Security

Lab Diagramming External Traffic Flows

Lab Exercise Configure the PIX Firewall and a Cisco Router

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

ACL Compliance Director FAQ

Troubleshooting Cisco Secure Intrusion Detection Systems

Virtual Fragmentation Reassembly

Lab Configure Basic AP Security through IOS CLI

Lab Configuring Access Policies and DMZ Settings

Lab 2 - Basic Router Configuration

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Securing Networks with PIX and ASA

Cisco Configuring Commonly Used IP ACLs

Lab Configure Syslog on AP

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

Troubleshooting for Yamaha router

Lab Load Balancing Across Multiple Paths

Lab Configure a PIX Firewall VPN

Lab Advanced Telnet Operations

Architecture Overview

CTS2134 Introduction to Networking. Module Network Security

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Lab Organizing CCENT Objectives by OSI Layer

Lab Configure Local AAA on Cisco Router

8 steps to protect your Cisco router

Lab Characterizing Network Applications

Lab Creating a Logical Network Diagram

Device Interface IP Address Subnet Mask Default Gateway

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Tk20 Network Infrastructure

TABLE OF CONTENTS NETWORK SECURITY 2...1

Packet Tracer - Connecting a Wired and Wireless LAN Topology

Lab Analyzing Network Traffic

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

WhatsUp Event Alarm v10.x Listener Console User Guide

Firewalls (IPTABLES)

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

Configuring Denial of Service Protection

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

LAB THREE STATIC ROUTING

Network provider filter lab

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Lab assignment #1 Firewall operation and Access Control Lists

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Network Security 1. Module 8 Configure Filtering on a Router

Cisco Change Management: Best Practices White Paper

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Integrating Juniper Netscreen (ScreenOS)

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Troubleshooting the Firewall Services Module

Firewall Stateful Inspection of ICMP

Applicazioni Telematiche

Firewall Firewall August, 2003

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

SERVICE LEVEL AGREEMENT

Configure Cisco IOS Firewall to use stateful packet inspection for IPv6. Configure Cisco IOS Firewall to use packet filtering for IPv6.

Implementing Cisco IOS Network Security v2.0 (IINS)

Lab Review of Basic Router Configuration with RIP. Objective. Background / Preparation. General Configuration Tips

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

Chapter 9 Firewalls and Intrusion Prevention Systems

Document Objective Audience

Network Instruments white paper

Lab: Basic Router Configuration

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

How to integrate Verax NMS & APM with Verax Service Desk

Lab 7: Firewalls Stateful Firewalls and Edge Router Filtering

Security threats and network. Software firewall. Hardware firewall. Firewalls

Testing Network Security Using OPNET

Lab Introductory Lab 1 - Getting Started and Building Start.txt

Transcription:

Lab 5.2.5 Configure IOS Firewall IDS Objective Scenario Topology: Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, the student will learn how to perform the following tasks: Initialize IOS Firewall IDS on the router Configure and apply audit rules Verify the IDS router configuration Test the IDS router configuration Set and test protected addresses The Intrusion Detection Systems provide a level of protection beyond the firewall by protecting the network from internal and external attacks and threats. Cisco IOS Firewall IDS technology enhances perimeter firewall protection by taking appropriate action on packets and flows that violate the security policy or represent malicious network activity based on almost 100 predefined IDS signatures. This figure illustrates the lab network environment. 1-5 Fundamentals of Network Security v 1.1 - Lab 5.2.5 Copyright 2003, Cisco Systems, Inc.

Preparation Begin with the standard lab topology and verify the standard router configuration on the pod routers. Test the connectivity between the pod routers. Access the perimeter router console port using the terminal emulator on the Windows 2000 server. If desired, save the router configuration to a text file for later analysis. Refer back to the Student Lab Orientation if more help is needed. Tools and resources or equipment In order to complete the lab, the standard lab topology is required: Two pod routers Two student PCs with HyperTerminal installed One SuperServer Additional materials One backbone switch and one backbone router Two console cables Further information about the objectives covered in this lab can be found at the following websites: http://www.cisco.com/en/us/products/sw/iosswrel/ps1831/products_configuration_guide_chapter091 86a00800d9819.html http://www.cisco.com/en/us/products/sw/iosswrel/ps1831/products_command_reference_chapter09 186a00800d9808.html Command list In this lab exercise, the following commands will be used. Refer to this list if assistance or help is needed during the lab exercise. Command ip audit attack ip audit info ip audit name ip audit notify ip audit po ip audit po max-events ip audit signature logging console info Description Specifies the default actions for attack signatures. Specifies the default actions for info signatures. Creates audit rules for info and attack signature types. Specifies the methods of event notification. Specifies the local Post Office parameters used when sending event notifications. Specifies the maximum number of event notifications that are placed in the router event cue. Attaches a policy to a signature. Sets the option of seeing the syslog messages on the router console. 2-5 Fundamentals of Network Security v 1.1 - Lab 5.2.5 Copyright 2003, Cisco Systems, Inc.

Step 1 Initialize the IDS on the Router Complete the following lab steps to initialize IDS on the router. a. Use the ip audit notify command to specify the method of event notification. RouterP(config)# ip audit notify log 1. What are the other methods of notification? b. Use the ip audit po command to specify the local Post Office when sending event notifications. RouterP(config)# ip audit po local c. Use the ip audit po max-events command to specify the maximum number of event notifications that are placed in the router event cue. RouterP(config)# ip audit po max-events 100 2. What is the maximum amount of events that can be set? d. Use the command logging console info to see the syslog messages on the router console. RouterP(config)# logging console info e. Configure logging to a Syslog server. RouterP(config)# logging 10.0.P.12 RouterP(config)# logging on f. Set the protected network. Router(config)# ip audit protected 10.0.P.20 to 10.0.P.254 g. Save the configuration and reload. RouterP# write memory RouterP# reload Step 2 Create and Apply Audit Rules Complete the following lab steps to configure and apply audit rules on the router. a. Globally disable signature 2004. RouterP(config)# ip audit signature 2004 disable b. Use the ip audit info {action [alarm] [drop] [reset]} command to specify the default actions for info signatures. RouterP(config)# ip audit info action alarm c. Use the ip audit attack {action [alarm] [drop] [reset]} command to specify the default actions for attack signatures. RouterP(config)# ip audit attack action alarm 3-5 Fundamentals of Network Security v 1.1 - Lab 5.2.5 Copyright 2003, Cisco Systems, Inc.

d. Use the ip audit name audit name command to create audit rules for attack and info signatures, where audit-name is a user-defined name for an audit rule. RouterP(config)# ip audit name AUDIT.1 info RouterP(config)# ip audit name AUDIT.1 attack e. Use the same name when assigning attack and info type signatures. f. Apply the previously created rule to the outside interface using the in direction: RouterP(config)# interface fa 0/1 RouterP(config)# ip audit AUDIT.1 in 3. What other direction can an audit rule be applied? Step 3 Verify the IDS Router's Configuration a. Display the IDS configuration: RouterP# show ip audit configuration b. Verify the parameters configured as well as several default settings. c. Display the IDS interface configuration: RouterP# show ip audit interface 4. What are the parameters configured and the default settings? d. Display the IDS interface statistics: RouterP# show ip audit statistics Step 4 Test the IDS router configuration a. Telnet to the peer pod router and complete the following steps: Datagram size [100]: 2000 The router will now send multiple packets to the peer router causing them to be discarded and causing audit rules to generate events in the statistics log. 5. What signature number is displayed in the console message? 4-5 Fundamentals of Network Security v 1.1 - Lab 5.2.5 Copyright 2003, Cisco Systems, Inc.

b. Complete the next ping test: Datagram size [100]: 1021 6. What signature number is displayed in the console message? c. End the Telnet session with the peer router. d. Check to see the generated events by using the show ip audit statistics command: RouterP# sh ip audit statistics 7. What signatures show up in the log? Step 5 Setting and Testing Protected Addresses a. Configure protected addresses by combining audit rules and access control lists (ACLs). RouterP(config)# ip audit name AUDIT.1 attack list 90 RouterP(config)# access-list 90 deny host 172.30.Q.2 RouterP(config)# access-list 90 permit any Note: The ACL in the preceding example is not denying traffic from 172.30.Q.2 host. This would be as expected if the ACL were applied to an interface. Instead, the hosts on that network are not filtered through the audit process because they are trusted hosts. On the other hand, all other hosts, as defined by permit any, are processed by the audit rule. b. Telnet to the peer pod router and complete the following steps: Datagram size [100]: 2000 8. Where the packets successful? 5-5 Fundamentals of Network Security v 1.1 - Lab 5.2.5 Copyright 2003, Cisco Systems, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information