Shulou(Shulou.com)06/01 Report--

Note: the whole experiment can be completed by joining GNS3 and virtual machine.

Demo goals:

N understand and configure users with different privileges on Cisco IPS

N configure Cisco IPS to support NTP updates

Demo environment: as shown in figure 4.24 below.

Demo tools: Cisco IPS sensor, switch, a computer running IDM.

Demonstrate the steps:

Step 1: after starting Cisco's IDM, navigate to the user bar, and then click ADD to add users. As shown in figure 4.25 below, Cisco's IPS supports four different permissions of users, namely administrator, operator, viewer, and service. Their meanings are as follows:

ü Administrator: this user is in the administrator role of Cisco IPS, which has the highest authority to manage IPS. By default, the user name of the administrator in Cisco IPS is cisco; password and cisco. Of course, you can change the password according to the interface shown in figure 4.25 below.

ü Operator: it has less authority than the administrator, but this role can fully configure the application features of IPS, but not administrative features, such as adding users, changing other users' passwords, and so on.

ü Viewer: this role can only be viewed and cannot be configured.

ü Service: in fact, Cisco's IPS is an application developed under the linux environment, and the Service role is the user who operates the linux system, but Cisco strongly recommends that you do not use the Service role to adjust the linux system, so basically do not use this role.

Step 2: the time of the IPS system is very important, because IPS records sensitive behaviors on the network, so the time when these behaviors occur is of course very important, so configuring the clock for IPS is a necessary step, so there are two ways to configure the clock for IPS: one is to configure the current clock manually; the other is to use NTP to automatically obtain the clock from the time source. Let's begin to describe the implementation process of these two methods respectively.

One: configure the current clock manually. It can be configured directly from the command prompt or through IDM: using the command prompt, after entering IPS directly, configure as follows in privileged mode (# prompt):

Second: configure Cisco IPS to support NTP update and automatically obtain the current clock from the clock source. This is the most common clock configuration scheme in actual work. Through this scheme to update the clock automatically, there must be a clock source on the network. For example, the demonstration environment is to configure switch S1 in the network as a time source, which indicates that you need to configure the specific current time for switch S1 and affirm that it is a clock server. The specific configuration is as follows:

S1#clock set15:28:00 4 april 2013* configure the current clock on switch S1

S1 (config) # ntpmaster* affirms S1 as the clock server

S1 (config) # ntpsource vlan 1 * declares that the interface for clock update is the interface VLAN 1 interface, and note that you must configure the management address of 192.168.101.1 on this interface.

Now configure IPS to automatically get the clock from the NTP server through IDM. As shown in figure 4.28 below, fill in the Ntp server with the IP of the clock server, that is, the address 192.168.101.1 on the VLAN1 interface of the switch, and then click apply.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.