《网络安全与防护配套教学课件教学资源实训指导4.2-2基于思科路由器的ios入侵检测功能配置cli》由会员分享,可在线阅读,更多相关《网络安全与防护配套教学课件教学资源实训指导4.2-2基于思科路由器的ios入侵检测功能配置cli(36页珍藏版)》请在金锄头文库上搜索。
1、计算机网络安全技术与实施,学习情境4:实训任务4.2 基于思科路由器的IOS入侵检测功能配置,国家高等职业教育 网络技术专业教学资源库,内容介绍,任务场景,1,任务相关工具软件介绍,2,任务设计、规划,3,任务实施及方法技巧,4,任务检查与评价,5,任务总结,6,任务场景,任务相关工具软件介绍,利用命令行对CISCO路由器IOS配置入侵检测与防御功能,任务设计、规划,任务实施及方法技巧,思科12.3(路由器)的第一个版本在2003开始发布,并且不断的在更新一些新的版本,增加了上百个特性,其中之一便是Intrusion Prevention System虽然从12.0(5)T开始IOS已经支持I
2、DS了,但是当时只支持59个signatures,并且可扩展性也很差。只能算个摆设而已。在 12.3(11)T支持118个signatures。,任务实施及方法技巧,思科IOS IDS/IPS配置: 签名定义文件SDF:Signature Definition File SDF定义了它包含的每个签名,当签名被IOS IPS装载以后,IPS立即开始扫描新的签名。默认情况下,IOS里面是不包含任何签名的。下面有三种类型的签名供IOS IPS使用: attack-drop.sdf 83个签名,少于128MB内存的路由器使用。 128MB.sdf 300个签名,128或更多的路由器使用。 256MB.
3、sdf 500个签名,256或以上的路由器使用。 以上签名都可以用于12.4以后的所有思科接入路由器。如果Flash被清空的话,sdf文件也会被清空。 注意:12.4T-9以后的IOS,不再使用128MB.sdf 而是使用.pkg的文件。,任务实施及方法技巧,思科IOS IDS/IPS配置: IPS配置:pkg版本12.4T-9 创建IPS-Signature文件夹 mkdir ips 开启IOS IPS特性 ip ips name iosips acl 配置Signature存储位置存在第一步建立的文件夹里面 ip ips config location ips 配置警告信息通知 ip ip
4、s notify log 配置Signature策略 ,对于Signature,必须一开始关闭所有的Signature,然后按照下面的方法开启某些需要的Signature,否则路由器会因内存溢出而崩溃! ip ips signature-category category all retired true,任务实施及方法技巧,思科IOS IDS/IPS配置: IPS配置:pkg版本12.4T-9 开启某一项Signature检测 比如:ios_ips category ios_ips basic retired false exit confirm change y! 在接口上启用IPS in
5、terface e0/0 ip ips iosips in|out exit 加载pkg Signature文件 copy tftp:/199.1.1.1/IOS-S310-CLI.pkg idconf 注意:这里一定要加关键字idconf,任务实施及方法技巧,基于CLI配置思科路由器IOS的IPS功能,Cisco IOS IPS,Cisco IOS IPS enables administrators to manage intrusion prevention on routers that use Cisco IOS Release 12.3(8)T4 or later. Cisco I
6、OS IPS monitors and prevents intrusions by comparing traffic against signatures of known threats and blocking the traffic when a threat is detected. Several steps are necessary to use the Cisco IOS CLI to work with IOS IPS 5.x format signatures. Cisco IOS version 12.4(10) or earlier used IPS 4.x for
7、mat signatures and some IPS commands have changed.,Download the IOS IPS files:下载IOS的IPS文件 Create an IOS IPS configuration directory in flash:在FLASH中建立IPS目录 Configure an IOS IPS crypto key:配置验证特征文件的密钥 Enable IOS IPS (consists of several substeps):开启IPS功能 Load the IOS IPS signature package to the rout
8、er:加载特征文件到路由器中,Steps to implement Cisco IOS IPS,1. Download the IOS IPS files.,Download the IOS IPS signature file and public crypto key. IOS-Sxxx-CLI.pkg - This is the latest signature package. realm-cisco.pub.key.txt - This is the public crypto key used by IOS IPS. The specific IPS files to downlo
9、ad vary depending on the current release. Only registered customers can download the package files and key.,2. Create an IOS IPS directory in Flash,Create a directory in flash to store the signature files and configurations. Use the mkdir directory-name privileged EXEC command to create the director
10、y. Use the rename current-name new-name command to change the name of the directory. To verify the contents of flash, enter the dir flash: privileged EXEC command.,R1# mkdir ips Create directory filename ips? Created dir flash:ips R1# R1# dir flash: Directory of flash:/ 5 -rw- 51054864 Jan 10 2009 1
11、5:46:14 -08:00 c2800nm-advipservicesk9-mz.124-20.T1.bin 6 drw- 0 Jan 15 2009 11:36:36 -08:00 ips 64016384 bytes total (12693504 bytes free) R1#,3. Configure an IOS IPS crypto key,Configure the crypto key to verify the digital signature for the master signature file (sigdef-default.xml). The file is
12、signed by a Cisco to guarantee its authenticity and integrity. To configure the IOS IPS crypto key, open the text file, copy the contents of the file, and paste it in the global configuration prompt. The text file issues the various commands to generate the RSA key.,Highlight and copy the text in th
13、e public key file. Paste the copied text at the global config prompt.,3. Configure an IOS IPS crypto key,R1# conf t R1(config)#,Issue the show run command to verify that the key was copied.,3. Configure an IOS IPS crypto key,R1# show run crypto key pubkey-chain rsa named-key realm-cisco.pub signatur
14、e key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
15、 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE 2F56D826 89
16、18EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 F3020301 0001 ,3. Configure an IOS IPS crypto key,At the time of signature compilation, an error message is generated if the public crypto key is invalid. If the key is configured incorrectly, the key must be removed and then reconfigured using the no crypto key pubkey-chain rsa and the no named-key realm-cisco.pub signature commands.,4a. Enable IOS IPS,Identify the IPS rule name and specify the location
