IDSM-2
The IDSM-2 Module is a Cisco IDS blade for the Cisco 6500 switch.
Once you install the module into the switch the module uses following logical ports :
Port 1 | Used for TCP Resets (In Promiscuous Mode) |
Port 2 | Command and Control |
Port 7 | Sensing Port |
Port 8 | Sensing Port |
Below details the steps required for configuring your switch / module for an inline setup. This includes obtaining the module number for the cisco ids running the setup wizard and then assigning the required ports for on the switch for ids sensing within an inline configuration. The clear trunk commands are required as by default the switch assigns the ports as trunk ports to every vlan.
switch > (enable) show module
switch > (enable) session [module]
isdm-2# setup
switch > (enable) set vlan 50 5/7
switch > (enable) set vlan 51 5/8
switch > (enable) clear trunk 5/7 1-49, 51-4094
switch > (enable) clear trunk 5/7 1-50, 51-4094
NM-CIDS
The NM-CIDS is the IDS module for Cisco Routers.The config below allows you to assign an ip address to the sensor which will only we accessible via a route or via a reverse telnet from the router itself. This a security measure to ensure that your IDS modules IP address isn’t fully accessible.
router (config) # interface loopback 0
router (config-if) # ip address 1.1.1.1 255.255.255.255
router (config-if) # exit
router (config) # interface ids-sensor 1/0
router (config-if) # ip unnumbered lo 0
router (config-if) # exit
router (config) # ip cef
Under each interface use the following command to initiate the packet monitoring
router (config-if) # ids-service-module monitor
Access the NM-CIDS Console
router # service-module ids-sensor x/y session
or
router # telnet [router ip] [port number – port number = (32 * port number) + 2001]
An exampe in our case for the the telnet option would be using the syntax “telnet 1.1.1.1 2033“
Maintenance Commands
router # service-module ids-sensor x/y …
reload
reset
session
shutdown
status
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial