In this chapter, we abstruse how Cisco IOS can abutment advance apprehension application the IOS Firewall/IDS code. An IOS-IDS sensor advance and audits all cartage that flows through the router. The cardinal of signatures enabled, the blazon of signatures enabled, the abundance of cartage that flows through the router, and the router belvedere itself all access the achievement of IOS-based IDS.
The Firewall/IDS affection set of Cisco IOS is accurate by router platforms like the 1700, 2600, 3600, 3700, 7100, 7200, 7400, and 7500 Series routers. Cisco IOS currently supports 100 signatures in the latest IOS releases. Originally, Cisco IOS accurate 59 signatures. Signatures can be adapted by loading the latest IOS absolution on the router. Custom signatures are not supported. A Cisco IOS-IDS sensor responds to an advance application one or added of the configured actions, like sending an alarm, bottomward the behind packet, or resetting a TCP session. Cisco IOS-based IDS is configured application a six-step process:
Configuring the notification type
Configuring bounded and alien PostOffice parameters
Configuring adequate networks
Changing the admeasurement of the notification queue
Setting the absence signature action
Creating and applying analysis rules
Local and alien PostOffice ambit alone charge to be configured back the nr-director notification blazon is used. A Cisco IOS-IDS sensor can accelerate its anxiety notifications to a Syslog server, a Director, or an IDS sensor. The signatures can be disabled; host or networks can be afar from a signature to advance achievement of the IOS-IDS sensor and to abate the adventitious of apocryphal positives actuality triggered. A cardinal of show, clear, and alter commands are accessible to verify and analysis the Cisco IOS-IDS configuration.