Filter
Top Products
3-2
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 3 Initializing the Sensor
Understanding Initialization
Understanding Initialization
After you install the sensor on your network, you must use the setup command to initialize it so that you
can communicate with it over the network. You cannot use the IDM or the IME to configure the sensor
until you initialize the sensor using the setup command.
With the setup command, you configure basic sensor settings, including the hostname, IP interfaces,
access control lists, global correlation servers, and time settings. You can continue using advanced setup
in the CLI to enable Telnet, configure the web server, and assign and enable virtual sensors and
interfaces, or you can use the Startup Wizard in the IDM or the IME. After you configure the sensor with
the setup command, you can change the network settings in the IDM or the IME.
Note You must be administrator to use the setup command.
Participating in the SensorBase Network
The Cisco IPS contains a security capability, Cisco Global Correlation, which uses the immense security
intelligence that we have amassed over the years. At regular intervals, the Cisco IPS receives threat
updates from the Cisco SensorBase Network, which contain detailed information about known threats
on the Internet, including serial attackers, Botnet harvesters, Malware outbreaks, and dark nets. The IPS
uses this information to filter out the worst attackers before they have a chance to attack critical assets.
It then incorporates the global threat data in to its system to detect and prevent malicious activity even
earlier.
If you agree to participate in the SensorBase Network, Cisco will collect aggregated statistics about
traffic sent to your IPS. This includes summary data on the Cisco IPS network traffic properties and how
this traffic was handled by the Cisco appliances. We do not collect the data content of traffic or other
confidential business or personal information. All data is aggregated and sent by secure HTTP to the
Cisco SensorBase Network servers in periodic intervals. All data shared with Cisco will be anonymous
and treated as strictly confidential.
Table 3-1 shows how we use the data.
Table 3-1 Cisco Network Participation Data Use
Participation Level Type of Data Purpose
Partial Protocol attributes
(TCP maximum segment size and
options string, for example)
Tracks potential threats and helps us to
understand threat exposure.
Attack type
(signature fired and risk rating, for
example)
Used to understand current attacks and
attack severity.
Connecting IP address and port Identifies attack source.
Summary IPS performance
(CPU utilization, memory usage,
inline vs. promiscuous, for
example)
Tracks product efficacy.
Full Victim IP address and port Detects threat behavioral patterns.