Configuring Remote Access

Configuring Remote Access

All IDS sensors can have their serial consoles available through a terminal server. With IDS software v4.0 and later, this connection is easy (it's described earlier in this chapter). IDS sensors running IDS software 3.0 or 3.1 require a slight modification to the serial port setup on the terminal server in order for remote access to the serial port to operate properly. The following list identifies the necessary configuration in order to access version 3.0 and 3.1 sensors remotely.

  • Terminal Server Setup

  • BIOS setup for the IDS-4210 Sensor

  • BIOS setup for the IDS-4220 and DIS-4230 Sensors

Terminal Server Setup

The terminal server port configuration that the IDS sensor console will connect to must be modified slightly from the default values. For the purposes of the rest of this section, the terminal server is assumed to be a Cisco 2511-RJ router used as a terminal server. For other terminal server hardware, consult the proper documentation. To change the configuration of the terminal server, Telnet to the terminal server (or, more preferably, if the terminal server software supports SSH, use Secure Shell) and enter configuration mode, as shown in Figure 5.13. To configure the terminal port for proper operation with a version 3.0 or 3.1 sensor use the commands displayed in Figure 5.14:

Start Figure
termsrv#config t
termsrv(config)# line 
termsrv(config-line)# no exec
termsrv(config-line)# login
termsrv(config-line)# transport input all
termsrv(config-line)# stopbits 1
termsrv(config-line)# flowcontrol hardware
termsrv(config-line)# exit
termsrv(config)# exit
termsrv# wr mem
End Figure

Figure 5.14: The Terminal Server Line Configuration

If a terminal session does not receive a proper exit signal, the terminal session may remain open. This leaves the terminal session open and accessible without any authentication. Typically, this occurs when the physical connection to the sensor is disrupted (such as a line drop or disconnect). Another possible source for this problem may be when the application connected to the terminal server is terminated prematurely and the connection is dropped. In these cases, the next connection to the terminal server port will be provided access directly to the IDS sensor console without requiring authentication. It is imperative that any session with the terminal server be properly terminated (exit the session and return to a login prompt before terminating the terminal server session) in order to ensure the security of the IDS sensor. If a connection is broken or dropped by accident, the user should reestablish the connection and exit normally back to the login prompt and then exit the application used to connect to the terminal server session.

BIOS Modifications for IDS 4210/4220/4230 Sensors

In addition to the configuration of the terminal server, some older sensor models require modifications to their system BIOS in order to redirect their consoles over to the serial port. This section covers the modifications necessary in order for the older IDS 4210, 4220, and 4230 sensors to redirect their consoles. Newer sensors do not require this modification as they direct their consoles to the serial ports by default.

The IDS-4210 Sensor

The IDS 4210 sensor is a 1U rack mount appliance that can be connected to with a keyboard, mouse, and monitor or through the serial port located at the back of the device. The 4210 BIOS can redirect the entire console of the device to the serial through the following modifications. In order to make the following changes, a keyboard and monitor must be connected to the 4210 sensor, as the console redirection has not been configured yet. To redirect the console, use the following steps:

  1. Boot or reboot the sensor.

  2. During POST, press F2 when prompted to enter BIOS setup.

  3. Click Serial Features on the System Management menu.

  4. Enable Serial Console Redirection and change settings to match the following:

    Serial Port: COM1 3F8 IRQ4
    Baud Rate: 9600

  5. Press Esc to return to the System Management menu.

  6. Click Exit Saving Changes.

  7. When asked to confirm the changes, press Y and then Enter.

The Sensor will automatically reboot and redirect the console to the serial port.

The BIOS Setup for the IDS-4220 and IDS-4230 Sensors

Connecting to the serial console of an IDS sensor is useful should a problem arise in the IDS sensor software that prevents access to the sensor either through the IDM or Secure Shell. A serial connection through either a terminal server or directly through a serial cable connection provides direct access to the IDS sensor console without the requirement of a keyboard or monitor. To redirect the consoles of the IDS-4220 and 4230 sensors to the serial port, the following BIOS changes are required. As with the 4210, these changes need to be performed locally on the sensor using a keyboard and monitor since redirection has not yet been configured.

  1. Boot or reboot the sensor.

  2. During POST, press F2 when prompted to enter BIOS setup.

  3. Select Console Redirection on the Server menu.

  4. Change the COM Port Address from Disabled to 3F8.

  5. Make sure all other settings match the following:

    • IRQ# 4

    • Baud Rate: 9600

    • Console Type: PC ANSI

    • Flow Control: CTS/RTS + CD

  6. Press Esc to return to the Server menu.

  7. Click Exit Saving Changes on the Exit menu.

  8. When asked to confirm the changes, press Y and then Enter