IOS IPS

You can enable IPS on your IOS routers. I seem to remember this being covered by the R&S blueprint, although it was on the outer fringes of what you should expect to know for R&S. This time around, there is probably a fair shot of seeing it on the Security lab.

• Basic Setup
• ip ips config location flash:/ips/
• ip ips name IPS
• ip ips notify log
• ip ips signature-category
• category all
• retired true
• category ios_ips basic
• retired flase
• interface Fa0/0
• ip ips IPS in
• You then need to download the signature definition file. Would you actually need to do this in the lab?
• Store the signing key from Cisco in routers NVRAM.
• Load signature definition file. If you dont have much of the signatures retired, this process could drain your router of memory.
• copy flash:/IOS-S347-CLI.pkg idconf
• Enable the necessary signatures.
• ip ips signature-definition
• signature 2000 0
• status
• retired false
• exit
• exit
• signature 2004 0
• status
• retired false
• exit
• You may need to change the target value rating
• ip ips event-action-rules
• target-value mission-critical target-address 183.1.46.0/24
• exit
• Validate with 'shop ip ips all'
• Show signatures with 'show ip ips signatures sigid 2000 subid 0'
• Show target value rating
• 'show ip ips event-action-rules target-value rating'

This covers just the basic setup. I will be looking IOS IPS in the configuration guide and posting more information later.