Terminal
Server Setup
The terminal server port configuration that the IDS sensor
console will connect to must be modified slightly from the default values. For
the purposes of the rest of this section, the terminal server is assumed to be a
Cisco 2511-RJ router used as a terminal server. For other terminal server
hardware, consult the proper documentation. To change the configuration of the
terminal server, Telnet to the terminal server (or, more preferably, if the
terminal server software supports SSH, use Secure Shell) and enter configuration
mode, as shown in Figure 5.13. To configure the terminal port for proper
operation with a version 3.0 or 3.1 sensor use the commands displayed in Figure
5.14:
If a terminal session does not receive a proper exit signal,
the terminal session may remain open. This leaves the terminal session open and
accessible without any authentication. Typically, this occurs when the physical
connection to the sensor is disrupted (such as a line drop or disconnect).
Another possible source for this problem may be when the application connected
to the terminal server is terminated prematurely and the connection is dropped.
In these cases, the next connection to the terminal server port will be provided
access directly to the IDS sensor console without requiring authentication. It
is imperative that any session with the terminal server be properly terminated
(exit the session and return to a login prompt before terminating the terminal
server session) in order to ensure the security of the IDS sensor. If a
connection is broken or dropped by accident, the user should reestablish the
connection and exit normally back to the login prompt and then exit the
application used to connect to the terminal server session.
Sections
Comments (0 posted)
Syndication
