5.4.1.2 Packet Tracer – Configure IOS Intrusion Prevention System (IPS) Using CLI Answers PDF

Title	5.4.1.2 Packet Tracer – Configure IOS Intrusion Prevention System (IPS) Using CLI Answers
Author	Amuel Wilson
Course	Network security
Institution	Algonquin College
Pages	6
File Size	275.9 KB
File Type	PDF
Total Downloads	60
Total Views	143

Preview

CLICK TO PREVIEW PDF

Summary

Packet Tracer – Configure IOS Intrusion Prevention System (IPS) Using CLI LAB...

Description

Packet Tracer – Configure IOS Intrusion Prevention System (IPS) Using the CLI Topology

Addressing Table

Objectives •Enabl eI OSI PS. •Confi gur el oggi ng. •Modi f yanI PSsi gnat ur e. •Ver i f yI PS.

Background / Scenario Yourt as ki st oenabl eI PSonR1t os cant r afficent er i ngt he192. 168. 1. 0net wor k . Thes er v erl abel edSy s l ogi sus edt ol ogI PSmes s ages .Youmus tc onfi gur et he r out ert oi dent i f yt hes y s l ogser v ert or ec ei v el oggi ngmes sages .Di s pl ay i ngt he c or r ectt i meanddat ei ns y sl ogmess agesi sv i t al whenusi ngsy sl ogt omoni t or t henet wor k.Sett hec l ockandconfi gur et het i mes t amps er vi cef orl oggi ngont he r out er s .Fi nal l y ,enabl eI PSt opr oduc eanal er tanddr opI CMPechor epl y pac k et si nl i ne. Thes er v erandPCshav ebeenpr econfi gur ed.Ther out er shav eal s obeen pr ec onfigur edwi t ht hef ol l owi ng: •Enabl epas s wor d:c i scoenpa55 •Consol epas s wor d:c i s coconpa55 •SSHus er nameandpass wor d:SSHadmi n/ci s coss hpa55 •OSPF101

Part 1: Enable IOS IPS Note:Wi t hi nPac k etTr ac er ,t her out er sal r eadyhav et hes i gnat ur efi l esi mpor t ed andi npl ace.Theyar et hedef aul txml fil esi nfl ash.Fort hi sr eason,i ti snot nec es sar yt oc onfi gur et hepubl i cc r ypt ok eyandcompl et eamanual i mpor toft he s i gnat ur efi l es . Step 1: Enable the Security Technology package. a.OnR1,i s suet heshow version c ommandt ov i ewt heTechnol ogyPack age l i censei nf or mat i on.

b.I ft heSec ur i t yTec hnol ogypack agehasnotbeenenabl ed,uset hef ol l owi ng c ommandt oenabl et hepac k age. R1(config)# license boot module c1900 technology-package securityk9 c .Ac ceptt heenduserl i c enseagr eement . d.Sav et her unni ngconfi gandr el oadt her out ert oenabl et hes ec ur i t yl i c ense. e.Ver i f yt hatt heSec ur i t yTechnol ogypack agehasbeenenabl edbyusi ng t heshow version command. Step 2: Verify network connectivity. a.Pi ngf r om PC-C t oPC-A.Thepi ngs houl dbes ucces s f ul . b.Pi ngf r om PC-A t oPC-C.Thepi ngshoul dbesucc es sf ul . Step 3: Create an IOS IPS configuration directory in flash. OnR1,c r eat eadi r ect or yi nflashus i ngt hemkdir c ommand.Namet he di r ec t or yipsdir. R1# mkdir ipsdir Create directory filename [ipsdir]? Created dir flash:ipsdir Step 4: Configure the IPS signature storage location. OnR1,configur et heI PSsi gnat ur es t or agel oc at i ont obet hedi r ect or yy ouj us t c r eat ed. R1(config)# ip ips config location flash:ipsdir Step 5: Create an IPS rule. OnR1,c r eat eanI PSr ul enameusi ngt heip ips name namec ommandi n gl obal confi gur at i onmode.Namet heI PSr ul eiosips. R1(config)# ip ips name iosips Step 6: Enable logging. I OSI PSs uppor t st heus eofs y sl ogt osendev entnot i fi cat i on.Sy sl ognot i ficat i on i senabl edbydef aul t .I fl oggi ngconsol ei senabl ed,I PSs y s l ogmess agesdi s pl ay . a.Enabl es y s l ogi fi ti snotenabl ed. R1(config)# ip ips notify log b.I fnec es sar y ,us et heclock set commandf r om pr i v i l egedEXECmodet o r es ett hec l ock . R1# clock set 10:20:00 10 january 2014 c .Ver i f yt hatt het i mest amps er v i c ef orl oggi ngi senabl edont her out erus i ng t heshow run command.Enabl et het i mest ampser v i cei fi ti snotenabl ed. R1(config)# service timestamps log datetime msec d.Sendl ogmess agest ot hes y sl ogs er v eratI Paddr ess192. 168. 1. 50. R1(config)# logging host 192.168.1.50 Step 7: Configure IOS IPS to use the signature categories.

Ret i r et heall s i gnat ur ec at egor ywi t ht heretired true command( al l s i gnat ur eswi t hi nt hes i gnat ur er el eas e) .Unr et i r et heIOS_IPS Basic c at egor y wi t ht heretired false c ommand. R1(config)# ip ips signature-category R1(config-ips-category)# category all R1(config-ips-category-action)# retired true R1(config-ips-category-action)# exit R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# retired false R1(config-ips-category-action)# exit R1(config-ips-cateogry)# exit Do you want to accept these changes? [confirm] Step 8: Apply the IPS rule to an interface. Appl yt heI PSr ul et oani nt er f acewi t ht heip ips name di r ec t i onc ommandi n i nt er f ac econfi gur at i onmode.Appl yt her ul eout boundont heG0/ 1i nt er f ace ofR1.Af t ery ouenabl eI PS,s omel ogmes sageswi l l bes entt ot hec ons ol el i ne i ndi c at i ngt hatt heI PSengi nesar ebei ngi ni t i al i z ed. Note:Thedi r ect i onin meanst hatI PSi nspect sonl yt r afficgoi ngi nt ot he i nt er f ac e.Si mi l ar l y ,out meanst hatI PSi ns pect sonl yt r afficgoi ngoutoft he i nt er f ac e. R1(config)# interface g0/1 R1(config-if)# ip ips iosips out

Part 2: Modify the Signature Step 1: Change the event-action of a signature. Unr et i r et heechor eques ts i gnat ur e( s i gnat ur e2004,subs i gI D0) ,enabl ei t ,and c hanget hes i gnat ur eact i ont oal er tanddr op. R1(config)# ip ips signature-definition R1(config-sigdef)# signature 2004 0 R1(config-sigdef-sig)# status R1(config-sigdef-sig-status)# retired false R1(config-sigdef-sig-status)# enabled true R1(config-sigdef-sig-status)# exit R1(config-sigdef-sig)# engine R1(config-sigdef-sig-engine)# event-action produce-alert R1(config-sigdef-sig-engine)# event-action deny-packetinline R1(config-sigdef-sig-engine)# exit R1(config-sigdef-sig)# exit R1(config-sigdef)# exit Do you want to accept these changes? [confirm] Step 2: Use show commands to verify IPS.

Us et heshow ip ips all commandt ov i ewt heI PSconfi gur at i ons t at us s ummar y . Towhi c hi nt er f acesandi nwhi c hdi r ect i oni st hei osi psr ul eappl i ed? G0/1 outbound. Step 3: Verify that IPS is working properly. a.Fr om PC-C,at t emptt opi ngPC-A.Wer et hepi ngssucces s f ul ?Expl ai n. The pings should fail. This is because the IPS rule for event-action of an echo request was set to “denypacket-inline”. b.Fr om PC-A,at t emptt opi ngPC-C.Wer et hepi ngss uc ces s f ul ?Expl ai n. The ping should be successful. This is because the IPS rule does not cover echo reply. When PC-A pings PC-C, PC-C responds with an echo reply. Step 4: View the syslog messages. a.Cl i ckt heSyslog s er v er . b.Sel ec tt heServices t ab. c .I nt hel ef tnav i gat i onmenu,sel ectSYSLOG t ov i ewt hel ogfi l e. Step 5: Check results. Yourcompl et i onper cent ageshoul dbe100%.Cl i ckCheck Results t osee f eedbackandv er i ficat i onofwhi c hr equi r edcomponent shav ebeenc ompl et ed. Scripts for R1 clock set 10:20:00 10 january 2014 mkdir ipsdir config t license boot module c1900 technology-package securityk9 yes end reload config t ip ips config location flash:ipsdir ip ips name iosips ip ips notify log service timestamps log datetime msec logging host 192.168.1.50 ip ips signature-category category all retired true exit category ios_ips basic retired false exit interface g0/1 ip ips iosips out exit ip ips signature-definition signature 2004 0

status retired false enabled true exit engine event-action produce-alert event-action deny-packet-inline exit exit

a...