In recent times Cisco IDS/IPS has fallen short on some of the offerings around today for intrusion detection and prevention, its signature based methodology though comprehensive lacks the intelligence seen by many other vendors products in the market today.

In a nutshell Cisco are attempting to modernise their IDS/IPS and appear to be adopting an approach simlilar to those used by other vendors by correlating global data to make inteligent decisions. Cisco have the following to say about about the new release:

“Correlation for intrusion prevention system (IPS) harnesses the power of Cisco Security Intelligence Operations, a powerful threat-defense ecosystem, to achieve unprecedented threat-protection efficacy. Cisco turns global threat data captured from a massive footprint of security devices into dynamic updates and actionable intelligence, such as “reputation” scores, and pushes that intelligence out to a business’s network security infrastructure for protective action. By incorporating Global Correlation, Cisco IPS 7.0 is up to two times as effective in stopping malicious attacks, in a shorter amount of time, than traditional signature-only IPS technologies.”

More information can be seen at http://newsroom.cisco.com

* BotNET Traffic Filter
* Transparent Firewalling for IPV6
* Shared SSL VPN Licensing across multiple ASAs

* Per Group Certificate Authentication for remote access VPN.
* Cisco Secure Netflow across all ASA models, as opposed to just the 5580s.
* A wizard to set up public access to a server or host on your network. I imagine this will set up all the required translations and access for you. Could be quite cool if implemented well.

Official release is here

Basically, it seems to be missing anomoly detection, Virtual Sensors, Custom signatures, Global correlation (new in 7.0) and the ability to re-enable retired signatures. It is capable of 75Mbps of throughput, approximately 50% of the 5505’s capacity. It has no dedicated management port unlike the AIP-SSMs.

If you look at your running config you will notice that your ISAKMP keys are stored in plain-text. In other words, unencrypted. This still stands after issuing the “service password-encryption” command.

Click more to find out how to encrypt those keys using AES!

So, what we start out with looks something like this:

crypto isakmp key myweakpassword address 1.1.1.1

What we ideally want to do is encrypt this password to prevent a potential leak of the config causing you problems, not to mention just so that you can follow best practice!

All we need to enter is the following two lines of config:

MyRouter(config)#key config-key password-encrypt thisismyencryptionpassword
MyRouter(config)#password encryption aes

Easy right? Ok lets verify this works by issuing the “sh run”:

crypto isakmp key 6 V]PMeY]cO[TQ[EWaQ\[D`XViUTA`LZMVR_[[SUQVgF address 1.1.1.1

Hope that helps!

How do you verify that the IOS image has not been corrupted between cisco.com and your device? Read on to find out!

All of the IOS downloads have an MD5 sum that identifies the original unaltered files. MD5 hashing is basically a way of taking an input, in this case the IOS, running it through a hashing algorithm and coming up with a string/Value. The important thing to note here is no matter who runs the IOS through the hashing algorithm, the output will always be the same. If even a slight change has been made to the file then the output will be different.

So, once your IOS is on the router you need to do the following:

router#verify /md5 disk0:c1700-advsecurityk9-mz.123-14.T7.bin

At this point the router will respond with the hash value of the file you have uploaded which can now be compared to the hash value from cisco.com. If these values do not match DO NOT RELOAD THE ROUTER!!! If you do the chances are you will end up with a paper weight until you can get out to site.
You should re-upload the IOS to ensure that it is correct and perform the above again. If you get a mismatched input then the chances are the IOS on your TFTP server is corrupt and you will need to re-download from Cisco.com.

Hope that helps you avoid those “uh oh” moments when a device doesnt return to service!

Thanks for reading.

Its at this point that I am going to point you towards our ebay Feed, which will bring up any Cisco related Auction Items that are in their last 4 hours. This way you will never miss another bargain!

Check it out HERE!

I tested the functionality last night by connecting into both of our Hosting site VPNs. It literally is as simple as configuring Cisco’s own VPN client.
Once configured you get a VPN section in the “settings” menu of the phone.
Multiple VPNs are possible too which was a concern when I first set out to configure it.

Anyway, I would post a config guide but it is very basic to set up. If you run into any issues leave a comment and we will see what can be done!

Cheers,

Step 1. Define the Object Group:

! Define network type object-groups to group IP hosts and networks object-group network Engineering
10.240.12.0 255.255.255.0
10.245.10.0 255255.255.0
object-group network Web-Servers
10.1.1.0 255.255.255.0
host 10.10.10.100
object-group network Mail-Servers
10.32.1.0 255.255.255.0
! Define a service type object group to group you protocols and ports
object-group service Web-ports
tcp www
tcp 8080
object-group service Mail-ports
tcp smtp
tcp pop3
tcp 587
tcp 143

Step 2. Use Object Groups in ACL Configurations:

ip access-list extended access-policy
10 permit object-group Web-ports object-group Engineering object-group Web-Servers
20 permit object-group Mail-ports object-group Engineering object-group Mail-Servers

(All Examples used here and other new features can be found here)