Connecting to Your Network Sensor Appliance
Once the sensor is installed and powered on, you must gain
management access to the sensor. This section describes the methods you can use
to connect to your sensor, as well as the default user account you’ll use for
initial configuration. Three access methods can be used to initially connect to
and manage your network sensors. The three access methods include the
following:
-
Console access using a RS-232 cable
-
Telnet to the default initial IP addresses
-
Directly with a keyboard and a monitor
|
Note |
When an IDS 4200 is first plugged into a power source, it
powers on momentarily, and then powers off. The Network Interface Controller
link lights remain lit as long as a valid link exists. You must press the power
switch to boot the system into
operation. |
When a connection is made, you must then log into the sensor using
the preconfigured user account.
Console Access
You can connect to the sensors via their console port. You
can use the dual serial communication cable (PN 72-1847-01), included with the
sensor, to attach a computer to the console port of the sensor. Once the cable
is connected, you can then launch a terminal emulation application, such as
Hyperterminal. Table 25-1 lists the terminal settings that must be
used for console access.
Table 25-1: Terminal Settings
|
Terminal Parameters |
Terminal Settings |
|
Bits Per Second |
9,600 |
|
Data Bits |
8 |
|
Parity |
None |
|
Stop Bits |
1 |
|
Flow Control |
Hardware or RTS/CTS |
|
Note |
Cisco recommends using the dual serial communication cable
(PN 72-1847-01, included in the accessory kit) rather than a keyboard and
monitor because some keyboards and monitors are incompatible with the
sensors. |
Accessing the Sensor via Telnet
The network sensor appliances come preconfigured with a
default IP address of 10.1.9.201. You can use this address to telnet directly to
the network sensor, as long as your computer or network has a route-to-host
address of 10.1.9.201. If the sensor is installed at a remote location, you
probably won’t be able to use this option until the default IP address is
changed to an address that’s routable on your network.
Direct Access with a Keyboard and Monitor
All the 4200 series sensors have both a keyboard and a
monitor port located on the back panel. Because the sensor is running the
Solaris operating system (OS), you can simply add a keyboard and a monitor, and
then begin working on the sensor. Of course, this requires that you also have
physical access to the sensor. Some monitors and keyboards are incompatible with
the sensors. Cisco provides a list of supported keyboards and monitors in its
installation notes. The Cisco Intrusion Detection System
Sensor Installation and Safety Note has a section devoted to supported
monitors and keyboards.
User
Accounts
Two user accounts are created on the sensors. These two user
accounts are used to access the OS and the IDS software located on the sensors.
The pre-configured default user accounts are root and netrangr. The root account is typically used for OS functions and tasks,
while the netrangr user account is used to administer the
CIDS software installed on the host. Table 25-2 shows the common commands used to manage
the sensors and the corresponding user account, which must be used to issue the
command successfully. Because the sensors run the Solaris OS, these commands are
case-sensitive.
Table 25-2: Solaris and CIDS User Accounts and
Commands
|
Command |
Description |
Log in As |
|
idsstart |
Starts the sensor. |
netrangr |
|
idsstop |
Stops the sensor. |
netrangr |
|
idsconns |
Displays the state of the current communications'
connection. |
netrangr |
|
idsvers |
Displays software version information. |
netrangr |
|
idsstatus |
Displays status of Cisco IDS daemons/services. |
netrangr |
|
ping |
Verifies IP connectivity. |
netrangr |
|
snoop -d <sensing interface name> |
Displays traffic seen by the monitoring interface. |
root |
|
verifySensor |
Displays detailed information about the system. |
root |
|
shutdown -y -i 0 |
Shuts down the sensor. |
root |
|
traceroute |
Traces network traffic to a destination. |
root |
The root Account
The root account is a Solaris OS user account. This account
is used to log in to and perform system-level functions on the sensor. You must
be logged in with this account to run the sysconfig-sensor script, which is
discussed in more detail in the section “Sensor Bootstrap.” The root user must
also be used to perform system-level functions on the Solaris OS. Common Solaris
commands, such as snoop, can be used when logged in as root. The password used
for the root account is attack. The first time you use this account, you’re
prompted to change the password. Changing the default password for this account
is highly recommended.
|
Note |
The snoop command is a common Unix command that configures
the OS to display all the network traffic received on a particular network
interface. You can use the snoop command to verify the NIC is configured and is
receiving network traffic. |
The netrangr Account
The netrangr account is used for
administering the IDS system on the sensor. The password for this account is
attack. The first time you use this account, you’re prompted to change the
password. Changing the default password for this account is highly
recommended.
904 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
