The Cisco IOS Firewall IDS feature is supported on Cisco Router platforms. It is ideal for any network perimeter and especially locations in which along with a router, additional security check is required between network segments. As an imperative Security control, It also protects intranet and other semi secure zones like DMZ and Extranet.

The Cisco IOS Firewall IDS feature identifies 59 of the most common attacks using “signatures” to detect patterns of misuse in network traffic. The signatures represent severe breaches of security and the most common network attacks and information-gathering scans.

When Cisco IOS IDS is enabled, Cisco IOS Firewall is automatically enabled. Thus, IDS uses Cisco IOS Firewall default parameter values to inspect incoming sessions

Below diagram will help understand how to configure IDS feature set on Cisco IOS Router –

In global configuration Mode:

R1(config)# logging on
R1(config)# logging console
(enable logging on router console)
R1(config)# logging host
(The above command mention the syslog server address)
R1(config)# logging trap 7
(logging severity level)
R1(config)# ip audit name TEST attack action alarm
(set the alarm action against the matching signatures, and TEST is the name of audit specification)
Now implement the all above configurations on router inside interface.
R1(config)# interface FastEthernet 0/0
Router(config-if)# ip audit TEST in
(implementation on router inside interface)
To validate the configuration, we need to create a network attack using ICMP protocol (denial of service attack) from remote Server to R1 Router as below –
Ping -t -l 55000
Now you can verify the detail information about this ICMP DOS attack using any syslog server, here we can view the information about the ICMP DOS attack.



Related Posts

About The Author

Add Comment

Social Media Auto Publish Powered By :
Select your currency
USD United States (US) dollar