作者：Jeanne Jackson
出版日期：2004
出版社：Cisco Press
页数：864
文件格式：PDF

Course Introduction
Overview
This chapter includes the following topics:



Table of Contents
COURSE INTRODUCTION 1-1
Overview 1-1
Course Objectives 1-2
Lab Topology Overview 1-8
SECURITY FUNDAMENTALS 2-1
Overview 2-1
Objectives 2-2
Need for Network Security 2-3
Network Security Policy 2-10
The Security Wheel 2-13
Network Attack Taxonomy 2-18
Management Protocols and Functions 2-47
Summary 2-54
INTRUSION DETECTION OVERVIEW 3-1
Overview 3-1
Objectives 3-2
Intrusion Detection Terminology 3-3
Intrusion Detection Technologies 3-14
Host-Based Intrusion Protection 3-18
Network-Based Intrusion Detection Systems 3-20
Intrusion Detection Evasive Techniques 3-23
Summary 3-28
CISCO INTRUSION PROTECTION OVERVIEW 4-1
Overview 4-1
Objectives 4-2
Intrusion Protection 4-3
Network Sensor Platforms 4-7
HIPS Platforms 4-13
Security Management 4-19
Cisco Threat Response 4-25
Cisco IDS Communication Overview 4-32
Deploying Cisco IDS 4-36
Summary 4-41
CAPTURING NETWORK TRAFFIC FOR INTRUSION DETECTION SYSTEMS 5-1
Overview 5-1
Objectives 5-2
Traffic Capture Overview 5-3
Configuring SPAN for Catalyst 2900XL, 3500XL, 2950, and 3550 Traffic
Capture 5-14
Configuring SPAN for Catalyst 4000, 4500, and 6500 Traffic Capture 5-18
Configuring RSPAN for Catalyst 4000 and 6500 Traffic Capture 5-22
Configuring VACLs for Catalyst 6500 Traffic Capture 5-32
Using the mls ip ids Command for Catalyst 6500 Traffic Capture 5-45
Advanced Catalyst 6500 Traffic Capturing 5-51
Summary 5-59
CISCO INTRUSION DETECTION SYSTEM ARCHITECTURE 6-1
Overview 6-1
Objectives 6-2
Cisco IDS Software Architecture 6-3
User Accounts and Roles 6-11
Summary 6-14
SENSOR APPLIANCE INSTALLATION 7-1
Overview 7-1
Objectives 7-2
Sensor Appliances 7-3
Sensor Installation 7-14
Sensor Initialization 7-23
Summary 7-29
Lab Exercise—Sensor Appliance Initialization Lab 7-1
INTRUSION DETECTION SYSTEM MODULE CONFIGURATION 8-1
Overview 8-1
Objectives 8-2
Introduction 8-3
Ports and Traffic 8-9
Initialization 8-12
Verifying IDSM2 Status 8-15
Summary 8-17
CISCO IDS COMMAND LINE 9-1
Overview 9-1
Objectives 9-2
Command Line Modes 9-3
Initial Configuration Tasks 9-22
Preventive Maintenance and Troubleshooting 9-34
CISCO INTRUSION DETECTION SYSTEM DEVICE MANAGER AND EVENT
VIEWER 10-1
Overview 10-1
Objectives 10-3
IDS Device Manager Overview 10-4
IDS Event Viewer Overview 10-9
IDS Event Viewer Installation 10-11
IDS Event Viewer Views 10-15
Network Security Database 10-27
IDS Event Viewer Filters 10-32
IDS Event Viewer Database Administration 10-41
IDS Event Viewer Configuration 10-44
Summary 10-48
Lab Exercise—Cisco IDS Event Viewer Lab 10-1
ENTERPRISE INTRUSION DETECTION SYSTEM MANAGEMENT 11-1
Overview 11-1
Objectives 11-2
Introduction 11-3
Windows Installation 11-5
Solaris Installation 11-13
Architecture 11-19
Getting Started 11-23
IDS MC Workflow 11-29
Summary 11-35
Lab Exercise—Enterprise Intrusion Detection System Management Lab 11-1
SENSOR CONFIGURATION 12-1
Overview 12-1
Objectives 12-2
Sensors and Sensor Groups 12-3
Communications 12-14
Logging 12-17
Summary 12-22
Lab Exercise—Sensor Configuration Lab 12-1
CISCO INTRUSION DETECTION SYSTEM ALARMS AND SIGNATURES 13-1
Overview 13-1
Objectives 13-3
Cisco IDS Signatures 13-4
Cisco IDS Alarms 13-11
Cisco IDS Signature Engines 13-13
Atomic Signature Engines 13-29
Flood Signature Engines 13-37
Service Signature Engines 13-41
State Signature Engines 13-56
String Signature Engines 13-61
Sweep Signature Engines 13-63
Miscellaneous Signature Engines 13-72
Signature Engine Selection 13-76
Summary 13-83
SENSING CONFIGURATION 14-1
Overview 14-1
Objectives 14-2
Global Sensing Configuration 14-3
Signature Configuration 14-6
Signature Filtering 14-18
Signature Tuning 14-26
Custom Signatures 14-30
Summary 14-39
Lab Exercise—Sensing Configuration Lab 14-1
BLOCKING CONFIGURATION 15-1
Overview 15-1
Objectives 15-2
Introduction 15-3
ACL Considerations 15-13
Blocking Sensor Configuration 15-17
Master Blocking Sensor Configuration 15-29
Summary 15-34
Lab Exercise—Blocking Configuration Lab 15-1
ENTERPRISE INTRUSION DETECTION SYSTEM MONITORING AND
REPORTING 16-1
Overview 16-1
Objectives 16-3
Introduction 16-4
Installation 16-6
Getting Started 16-14
Security Monitor Configuration 16-20
Security Monitor Event Viewer 16-42
Administration and Reporting 16-56
Summary 16-71
Lab Exercise—Enterprise IDS Monitoring and Reporting Lab 16-1
CISCO INTRUSION DETECTION SYSTEM MAINTENANCE 17-1
Overview 17-1
Objectives 17-2
Software Updates 17-3
Sensor Maintenance 17-6
Summary 17-18
Lab Exercise—Cisco IDS System Maintenance Lab 17-1