How to Generate, Approve, and Deploy IDS Sensor Configuration Files
The previous section, "Configuring Signatures and Alarms," covered how to select the proper values for the sensor settings and signature settings. The next step in using the IDS MC is to review and generate the configuration files that contain those settings. Once the configuration files for the IDS sensors have been generated, they need to be reviewed by the appropriate personnel and then deployed to the sensors. This section, covers how to review and generate the IDS sensor configuration files as well as how to approve and deploy the configuration files to the sensors.
Reviewing Configuration Files
Changes to file settings are placed in a pending status before they are committed to the IDS Database. The following steps can be used to review the pending changes and commit them to the database:
-
From the Management Center of IDS Sensors page in Figure 10.9, select Configuration | Pending. The Pending configurations page appears, as shown in Figure 10.29.
-
Check the box associated with the sensor whose configuration is to be saved in the IDS Database.
-
Click Save to save the configuration in the IDS Database or click Delete to delete it.
Generating Configuration Files
To generate a configuration file is to take a file of sensor configuration settings that is stored in the IDS Database and prepare it for deployment to the sensor itself. Generating a configuration file starts with the Management Center of IDS Sensors page, shown in Figure 10.9.
-
From the Management Center of IDS Sensors page shown in Figure 10.9, select Deployment | Generate.
-
The Generate page appears, as shown in Figure 10.30. To generate a configuration file for a specific sensor, select that sensor from the tree and click Generate. Once the configuration file has been generated, it is now ready for the approval process.
Approving Configuration Files
CiscoWorks2000 allows for a separation of duties among user roles. This makes it possible to assign the approval of configuration files and other actions to a specific account. By separating various functions among different accounts, CiscoWorks2000 allows for a "checks-and-balance" system whereby administrators are able to verify configurations for network equipment. This is especially important in IDS because an error in the configuration file for an IDS sensor may result in the sensor not identifying an attack.
-
From the Management Center of IDS Sensors page in Figure 10.9, select Deployment | Approve.
-
The Approve page appears, as shown in Figure 10.31. To approve the configuration generated, check the corresponding box and click the Approve button.
-
To view a selected IDS configuration file before approving it, check the corresponding box to the right of the configuration file name and click the View button.
-
To delete an IDS configuration without approving it, check the corresponding box to the right of the configuration file name and select the Delete button.
Deploying Configuration Files
To deploy a configuration file is to send an approved file of sensor configuration settings from the IDS Database to the sensor itself. Use the following steps to deploy a configuration file:
-
From the Management Center for IDS Sensors page, select Deployment | Deploy. Select Submit from the Table of Contents.
-
The Submit page appears, as shown in Figure 10.32. From the tree, check the box next to the sensor name where the configuration file is to be deployed.
-
The Select Configuration page appears. Select a sensor configuration by checking the corresponding box and click Next.
-
The Enter Job Properties page appears. Under Schedule Type, enter the name of the job from the Job Name field.
-
The job will deploy the configuration to the selected sensor. To start the job immediately, click the Immediate button. To schedule the job to execute at a later time, click the Scheduled radio button and select the desired options.
-
Click the Finish button.
-
The Submit page appears. To verify the scheduled job return to the Management Center for IDS Sensors page, as shown in Figure 10.9. Select Deployment | Deploy. From the Table of Contents, select Pending. The Pending jobs page appears, as shown in Figure 10.33. On this page, it is possible to edit a pending deployment or delete it by using the Edit and Delete buttons.