I N D E X Symbols # (pound sign), 178? (question mark), 174 A accessaccess lists. See ACLsdialup, sensor deployment, 724maps, VLANs, 729–730
794 exporting table, 273–274importing log files, 272–273Security Monitor administration, 645–648sensors, 107date, IEV filters, 243–244day parameterclo
795 dialup access, sensor deployment, 724digital subscriber lines (DSLs), 3Direction parameterSERVICE.FTP signature engine, 456SERVICE.IDENT signatur
796 special characters, 77Unicode, 78TTL manipulation, 79Even Severity Indicator options, Event Viewer preferences, 639–640Event Log Management, CSA
797 exclusive security stance, 40exit command, 174Expanded Details Dialog table, 254, 258–259expansion boundaries, Event Viewer, 633Exploit Signature
798 G Gap parameter, FLOOD.NET signature engine, 451Gigabit Ethernet, 101global configuration modes, CLI, 179global sensinginternal networks, 317–318
799 Host Detail report, CSA MC, 538host groups, 509configuring, 509–514Hosts menu option, 514active hosts, 515last poll time, 516protected hosts, 515
800 IDAPI (Intrusion Detection Application Program Interface), 121–122IDIOM (Intrusion Detection Interaction and Operations Messages), 123IDM (IDS D
801 IDS Alarm Source Report, 651IDS Alarm Source/Destination Pair Report, 650IDS Alarms by Day Report, 650IDS Alarms by Hour Report, 650IDS Alarms by
802 traffic capture, 203traffic flow, 204internal ports, 728multiple IDSM-2, 730–732assigning capture ports, 734–736committing VACLs to hardware, 733de
803 Ignore Broadcast zone, Quick Start Wizard, 681ignore DNS activity policy, CTR, 666ignore threat response activity policy, CTR, 666Immediate prope
786 agents, 28aggregation switches, 133Alarm Aggregation table, 258alarm status, 261–262content data buffer, 263–264Expanded Details Dialog table, 2
804 TLS protocol, 227–229TOC, 224tools bar, 225IDS MC, 585–586configuration tasks, 586–587content area, 588instructions box, 588object bar, 588object
805 IP blocking, 377–378ACLs, 386–387existing ACLs, 388–389external versus internal interfaces, 387 versus VA CLs, 388common terms, 378–379configu
806 IsInvalidDataPacket parameter, SERVICE.NTP signature engine, 463IsInvalidPacket parameter, SERVICE.SNMP signature engine, 467isl parameter, set
807 M MAC (Media Access Control), 132MacFlip parameter, ATOMIC.ARP signature engine, 442mailing lists, improving network security, 48mainApp process,
808 MinUDPLength parameter, ATOMIC.UDP signature engine, 448Miscellaneous signature engines, 437misuse detection, 65–66benefits, 66drawbacks, 66–67m
809 Network Administrator user role, CiscoWorks, 493, 574network interface card (NIC), 70Network Interface Control rule, CSA policies, 526Network Ope
810 NTP (Network Time Protocol), 302ntPassword 4.0, 21 O obfuscation techniques, 77hexadecimal values, 78special characters, 77Unicode, 78object bar
811 SERVICE.RPC signature engine, 464–465SERVICE.SMB signature engine, 467SERVICE.SNMP signature engine, 467SERVICE.SSH signature engine, 468SERVICE.
812 CTR, 665–666security, 9Policies parameter, Event Sets menu option, 506Policy Detail report, CSA MC, 538Policy Feature Card (PFC), 143, 198Policy
813 protected attributes, signature engine parameter, 438protected domains, CTR, 664, 690–691protected hosts, CTR, 664, 687–689protected systems, CTR
787 anonymous shares, 16Anonymous Users, privilege hierarchy, 36antispoofing mechanisms, IP blocking, 382–383any keyword, 149appliances, 162Cisco SAFE
814 recover command, 168, 556refresh cycle, IEV preferences, 268–269RegexString parameterSTATE.STRING signature engine, 470String signature engine,
815 UNIX, 525UNIX-specific, 526Windows, 525Windows-specific, 525–526rx parametermonitor session command, 140set rspan command, 144set span command, 1
816 deleting columns, 630–631deleting rows, 630–631display preferences, 636–640expanding columns, 634–635expansion boundary, 633freezing, 635–636movin
817TLS protocol, 227–229TOC, 224tools bar, 225IDS appliances, 162CLI, 173–183hardware considerations, 167–170IDS 4210, 162–163IDS 4215, 163–164IDS 423
818 traffic devices, 131hubs, 131–132network tap, 133RSPAN, 143–145SPAN, 135–142switches, 134–135VA CLs, 145–153troubleshooting, 557show events comman
819set security acl map command, 150, 208–210, 734set span command, 141–142set span switch command, 206set trunk command, parameters, 155, 212, 736set
820 SERVICE.IDENT signature engine, 461–462SERVICE.MSSQL signature engine, 462SERVICE.NTP signature engine, 462–464SERVICE.RPC signature engine, 464–4
821Cisco updates, 716–717configuring, 350–351customizing, 358, 736–737attack type, 360functionality verification, 360–361inspection criteria, 360networ
822 source vlan parameter, monitor session command, 139source_IP parameter, ip access-list command, 152source_wildcard parameter, ip access-list comma
823Sweep signature engines, 437, 473–474SWEEP.HOST.ICMP, 474SWEEP.HOST.TCP, 474–476SWEEP.MULTI, 476SWEEP.OTHER.TCP, 476–478SWEEP.PORT.TCP, 478–480SWEE
788 ASIC (application-specific integrated circuit), 143asym TCP reassembly mode, 326Atomic signature engines, 437, 441–442ATOMIC.ARP, 442–443ATOMIC.I
824 TcpInterest parameter, SWEEP.MULTI signature engine, 476Technical Assistance Center (TAC), 562, 674telecommuters, sensor deployment, 725–726teleph
825TrafficFlowTimeout parameter, OTHER signature engine, 453training, avoiding attacks, 64transaction messages, RDEP operations, 124Transaction Server
826 UUDP (User Datagram Protocol), 384udp | 17 parameter, set security acl ip command, 148UdpInterest parameter, SWEEP.MULTI signature engine, 476Unde
827VVA CLs (VLAN Access Control Lists), 145, 198, 207capture, IDSM support, 199committing to hardware, 733configuring with CatOS, 146–147assigning cap
828 VPN/Security Management Solution (VMS), 100, 281, 583VPNs (virtual private networks), 40–41endpoint defining with encryption, 41–42untrusted links
789 AVVID (Architecture for Voice, Video, and Integrated Display), 34, 50, 571architecture, 50clients, 51communication, 52intelligent network service
790 certificates, sensors, 296generating host certificate, 298trusted hosts, 296–298viewing server certificate, 299ChokeThreshold parameter, master s
791 command and control ports, 203IDSM-2, Catalyst 6500 configuration, 205–206IDSM-2 initialization, 202commandsaction, 729clear trunk, 735CLI modes,
792 Console transition, STATE.STRING.CISCOLOGIN signature engine, 472content addressable memory (CAM), 134content areaIDM, 226IDS MC interface, 588S
793 ctlTransSource application, software architecture, 120CTR (Cisco Threat Response), 85, 98, 661alarms, 692–693Alarm Filter pane, 695Alarm Filter
Commentaires sur ces manuels