Extensive planning and preparation are required before deploying sensors on your Internetwork. Until some auditing and planning are done, you can’t even be sure which sensors are needed. This chapter discussed the planning and auditing that can be accomplished to determine where sensors should be deployed throughout the internetwork.
This chapter reviewed the common deployment strategies that have worked in previous IDS deployments and the factors that assist with the deployment strategy, such as
Network entry points
Network size and complexity
The amount and type of traffic to be monitored
This chapter described in detail the methods that can be used to configure the sensors once they’ve been deployed. The built-in script sysconfig-sensor can be used to configure the sensor for network connectivity. In addition, this application is used to enable the IDS Device Manager.
Once the sensors are bootstrapped, the IDS Device Manager can be used to configure the operations of each sensor, fine-tuning the IDS system. The IDS Device Manager presents the configuration in a common and intuitive web interface to ease the configuration burden. The configuration and management of the sensor through the Device Manager is broken into four configuration and management areas, which are as follows:
Device
Configuration
Monitoring
Administration
Each area is then broken down into Sub-Areas, which contain Table of Content (TOC) items. Each TOC item has a configuration or report pane that’s used to configure the sensor or to display the report.
1.? |
Which of the following is a disadvantage to placing a single sensor in front of a filtering device?
|
|
2.? |
What is the name of the script used to bootstrap a sensor?
|
|
3.? |
You must be logged in to the sensor as root to perform which of the following commands?
|
|
4.? |
IP Blocking response is configured on which of the following?
|
|
5.? |
To manually configure IP blocking on the sensor, you must define which of the following?
|
|
6.? |
What is the default IP address configured on the sensors?
|
|
7.? |
Which of the following methods can’t be used to connect to a sensor for bootstrapping?
|
|
Answers
1.? |
A. If the sensor is placed in front of the filtering device, it will be unable to detect interior attacks |
2.? |
B. sysconfig-sensor |
3.? |
C. VerifySensor |
4.? |
A. The sensor |
5.? |
D. The router’s interface |
6.? |
C. 10.1.9.201 |
7.? |
B. CSPM PostOffice connection |