Cisco signature update site down?

Similar Messages

• How often ARE those IPS virus signatures updated?

  I was looking at a "show version" on one of my current sensors and noticed that the last virus signature was over 7 months ago. Now, one of the big reasons I was told we had to pay for our 5.x licenses was these virus signatures. If that's true, and this is the additional value Trend Micro has brought to our sensors, should they get updated a little more frequently?
  (from my sensor)
  Cisco Intrusion Prevention System, Version 5.1(1p1)S235.0
  Host:
  Realm Keys key1.0
  Signature Definition:
  Signature Update S235.0 2006-06-22
  Virus Update V1.2 2005-11-24

  The Virus Signature from Trend was one reason for the licensing in 5.x, but was not the only reason and was not even the primary reason.
  Even as far back as version 2.x a Support Contract was required for downloading and installation of signature updates. But was not enforced by the software. We relied on the users keeping the support contracts up to date on their own. Many users downloaded and installed signature updates without paying for the support contract. And the vast majority did not realize that a support contract was needed to receive the signature updates.
  With the lack of support contract purchases it became difficult to continue fielding a team for writing IPS signature updates.
  So in version 5.x it was decided to begin enforcing the purchase of support contracts through the use of Signature Update Licenses as part of the Cisco Service for IPS Contracts. Thus ensuring funding for the signature team, and allowing the team to spread out world wide for 24 hour coverage.
  The additional cost of a Cisco Service for IPS contract when compared to standard SmartNET contracts for other Cisco products is for the specific funding of the Cisco signature team, and a small amount sent to Trend for assistance in signature creation. Only a small portion of the support contract is paid to Trend Micro for their support.
  The Virus signatures are part of the Cisco Incident Control System (Cisco ICS). With the purchase of ICS there is a faster deployment of signature for Virus/Worms. When a virus or worm reaches a critical level then TrendMicro can create their own Virus signatures and have Cisco ICS deploy those signature to the sensors as soon as they are written.
  Cisco then includes these Virus signatures in a later standard Cisco signature update.
  Now as for why there have not been any recent updates to the Virus Signatures is that there has not been a major out break in the past 6/7 months. The virus signatures are only created on an emergency basis when a virus or worm reaches a critical level. Cisco ICS was specifically designed for handling virus and worm outbreaks, and is referred to as Outbreak Prevention.
  If the virus/worm does not reach a critical level, then the emergency Virus signatures are not created.
  Instead the Cisco signature team will take care of them as part of the standard Cisco signatures that are included as part of the standard S updates.
  This doesn't mean that we are not receiving information from Trend. For Virus/Worms that do not reach that critical level, the Trend team will instead send information to Cisco for creation of standard Cisco signatures by the Cisco signature team. This way the Cisco team can create a mroe general signature designed to catch all attacks for a certain vulnerability that will catch that specific virus/worm as well as future virus/worms that may also attempt to exploit the same vulnerability. These signatures wind up as part of the standard S update. This method is used because the Cisco signature team has more in depth knowledge of the various engines in Cisco IPS and can often write signatures that the Trend engineers would not be able to.
  It is only when the Trend Micro engineers need to create an emergency update that they will create their V signatures for the specific virus/worm.
  Otherwise they share share the information with Cisco and the Cisco engineers creates the signature.

• How often does Cisco release signature updates?

  Hi, i would like to know how often does Cisco release updates for the Signature engine for the IPS appliances? I was not sure to make the auto update from Cisco.com to be every-day, every-hour or once a week?
  Also can you advise me of the recommended setting for Bypass feature for the interfaces?

  Since the auto-update checks go out the management interface it maybe better to have it set for every hour. That way you wont have delays in the critical updates. Assuming you are in inline traffic mode, setting the bypass to "auto" is the recommended setting for interfaces. That is also the default.
  Madhu

• Cisco 6500 IDSM Signature Updates

  Hi,
  One of my client has recently purchased Cisco IDSM-2 for their core router i.e. 7609, however the client has missed purchasing the SUSA licencing for signature updates.
  Can the client still configure the IDSM-2 without Signatue updates( in any mode) and what would be the limitations if he does not buys the SUSA in future too.
  Manmeet

  The only thing that can not be done without the SUSA license (IPS Subscription license) is to update the signature to the latest signature update file.
  You can still configure the IDSM2, the only thing that can't be performed is updating the signature to the latest.
  Hope that answers your question.

• Signatur updates for Cisco IPS 4510

  Hi there.
  I one question to all cisco IDS/IPS professionals. If the management port only accept inbound traffic how can I then activate my Cisco 4510 IPS appliance to get automatically signature updates from cisco.com ? That one requires outbound traffic too. 
  Thanks.

  You Management0/0-port only supports "to-the-box" traffic which means that you can't use that port for an inline pair or a vlan-pair. But with the IP on that port configured, you can not only connect to your sensor, the sensor can also initiate connection to the rest of the network and so you can reach your update-destionations.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Verifying the Correct Signature Updates, Management Software, and Version

  I am working today at a Client Site where I installed several months ago a Cisco IPS 4240 Sensor. The Sensor is currently running Version 6.0(3)E1.
  I am not certain how to proceed with respect to signature updates on this box.
  Under signature definition, it lists the following:
  Signature Update S291.0 2007-06-18
  I have noticed on the Security Software Page for IPS that the latest Signature File is S336. Should I install this on the IPS? In order to perform this, will it take down the IPS unit?
  Also, there are several Management applications listed under the "Network IPS/IDS Management/Monitoring Software" heading, including: IME, IPC MC, and ICS. I am already using IDM as well as IEV respectively to Configure/ Monitor and then IEV to Alarm on certain Events. What are IME, IPC MC, and ICS and how are they different from IDM and IEV??

  IME = Intrusion Prevention Manager Express
  - IME is fairly new (released only a month or 2 ago) IME is a next generation of IEV. It does the event monitoring of IEV, but is also able to do configuration similar to IDM. So it is IEV and IDM in one tool. The configuration screens of IME will only work IPS 6.1, but the event monitoring screens will work with 5.1, 6.0, and 6.1.
  IPS MC = Intrusion Prevention System Management Center
  IPS MC was a part of VMS (VPN and Security Management System). IPS MC was configuration of a large number of sensors.
  IPS MC and VMS are both End Of Saled and were replaced with CSM
  CSM = Cisco Security Manager
  CSM is a multi-security device configuration management system. It is targeted at Enterprise customers with more than 5 sensors.
  ICS = Intrusion Containment System
  ICS was a product produced by Trend Micro Systems. Trend could create signatures for Viruses and Worms and then send an update to ICS and ICS would then create the signatures on the sensors. These signatures were known as the V signatures.
  ICS has been End of Saled
  So from your perspective you need not be concerned with IPS MC (VMS) or ICS.
  IME should be of interest to you as an upgrade from IEV (IME like IEV is available as part of your existing sensor support contracts and is not an additional charge).
  As you upgrade sensors to IPS v6.1 you might consider upgrading IEV to IME.
  CSM (and also MARS) would be of interest if you are going to manage more than 5 sensors. (IME and IEV are limited to 5 sensors).

• AIP-SSM-10 signature update failure

  Hopefully someone will be able to help me, I am unable to get the IPS signature autoupdate working on our ASA 5510. We have a valid support contract, our username does not incude and special characters and I am able to download the signature files from the website using our CCO.
  When trying to get them via Auto/cisco.com update though I get the following in the event logs every update attempt:
  evError: eventId=1319467413849005289  vendor=Cisco  severity=error 
    originator:  
      hostId: xxxx 
      appName: mainApp 
      appInstanceId: 354 
    time: Oct 26, 2011 11:40:01 UTC  offset=60  timeZone=GMT00:00 
    errorMessage: AutoUpdate exception: HTTP connection failed [1,111]  name=errSystemError 
  I have included a "show conf" and a "show stat host" below.
  <snip>
  xxxxxx# show conf
  ! Current configuration last modified Wed Oct 26 10:48:07 2011
  ! Version 7.0(6)
  ! Host:
  !     Realm Keys          key1.0
  ! Signature Definition:
  !     Signature Update    S604.0   2011-10-20
  service interface
  exit
  service authentication
  exit
  service event-action-rules rules0
  exit
  service host
  network-settings
  host-ip 10.x.x.x/24,10.x.x.x
  host-name xxxxxx
  telnet-option disabled
  access-list 10.x.x.x/32
  access-list 10.x.x.x/16
  access-list 10.x.x.x/32
  dns-primary-server enabled
  address 10.x.x.x
  exit
  dns-secondary-server disabled
  dns-tertiary-server disabled
  exit
  time-zone-settings
  offset 0
  standard-time-zone-name GMT00:00
  exit
  ntp-option enabled-ntp-unauthenticated
  ntp-server 10.x.x.x
  exit
  summertime-option recurring
  summertime-zone-name GMT00:00
  start-summertime
  week-of-month last
  exit
  end-summertime
  month october
  week-of-month last
  exit
  end-summertime
  month october
  week-of-month last
  exit
  exit
  auto-upgrade
  cisco-server enabled
  schedule-option periodic-schedule
  start-time 00:40:00
  interval 1
  exit
  user-name xxxxxxxxxxxxxxx
  cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
  exit
  exit
  exit
  service logger
  exit
  service network-access
  exit
  service notification
  exit
  service signature-definition sig0
  exit
  service ssh-known-hosts
  exit
  service trusted-certificates
  exit
  service web-server
  exit
  service anomaly-detection ad0
  exit
  service external-product-interface
  exit
  service health-monitor
  exit
  service global-correlation
  exit
  service aaa
  exit
  service analysis-engine
  virtual-sensor vs0
  physical-interface GigabitEthernet0/1
  exit
  exit
  <snip>
  xxxxxx# show stat host
  General Statistics
     Last Change To Host Config (UTC) = 27-Oct-2011 08:27:10
     Command Control Port Device = GigabitEthernet0/0
  Network Statistics
      = ge0_0     Link encap:Ethernet  HWaddr 00:12:D9:48:F7:44
      =           inet addr:10.x.x.x  Bcast:10.x.x.x.x  Mask:255.255.255.0
      =           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      =           RX packets:470106 errors:0 dropped:0 overruns:0 frame:0
      =           TX packets:139322 errors:0 dropped:0 overruns:0 carrier:0
      =           collisions:0 txqueuelen:1000
      =           RX bytes:40821181 (38.9 MiB)  TX bytes:102615325 (97.8 MiB)
      =           Base address:0xbc00 Memory:f8200000-f8220000
  NTP Statistics
      =      remote           refid      st t when poll reach   delay   offset  jitter
      = *time.xxxx.x 195.x.x.x   3 u  142 1024  377    1.825   -0.626   0.305
      =  LOCAL(0)        LOCAL(0)        15 l   59   64  377    0.000    0.000   0.001
      = ind assID status  conf reach auth condition  last_event cnt
      =   1 43092  b644   yes   yes  none  sys.peer   reachable  4
      =   2 43093  9044   yes   yes  none    reject   reachable  4
     status = Synchronized
  Memory Usage
     usedBytes = 664383488
     freeBytes = 368111616
     totalBytes = 1032495104
  Summertime Statistics
     start = 03:00:00 GMT00:00 Sun Mar 27 2011
     end = 01:00:00 GMT00:00 Sun Oct 30 2011
  CPU Statistics
     Usage over last 5 seconds = 51
     Usage over last minute = 44
     Usage over last 5 minutes = 50
  Memory Statistics
     Memory usage (bytes) = 664383488
     Memory free (bytes) = 368111616
  Auto Update Statistics
     lastDirectoryReadAttempt = 08:40:00 GMT00:00 Thu Oct 27 2011
      =   Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
      =   Error: AutoUpdate exception: HTTP connection failed [1,111]
     lastDownloadAttempt = N/A
     lastInstallAttempt = N/A
     nextAttempt = 09:28:00 GMT00:00 Thu Oct 27 2011
  Auxilliary Processors Installed
  <snip>
  Many thanks.

  Hi Bob,
  Thanks for the reply - it got me thinking about how it was actually getting the update.
  I needed to modify an ACL and add a PAT for the sensor management IP as I've tied down the hosts that can get out.
  It's now showing that it is attempting to reach the URL - currently there aren't any updates waiting though....
  Many thanks.

• May Release: New partner support, Infrastructure updates, Site templates and bug fixes

  Link: http://www.businesscatalyst.com/_blog/BC_Blog/post/May-release-New-partner-support-Infrast ructure-updates-Site-templates-and_bug-fixes/
  We are announcing a new Business Catalyst release, scheduled to go live on Thursday, May 3rd. With this release, we are continuing our investments in system performance and stability by increasing our web servers capacity, enabling HTTP acceleration to provide faster site loading times, and improving the site creation speed by using pre-generated sites.
  On the product side, we have completely revamped our partner support workflow taking advantage of the Adobe support infrastructure and tools, enhanced the site templates workflow for partners, and included lots of bug fixes and improvements. Read through the following sections to get detailed information about this release:
  Partner support
  Infrastructure updates
  Features and enhancements
  Issues fixed by this release
  What's next
  You can jump to the corresponding section by clicking the above links.
  Partner support
  Updated Help & Support partner experience
  Following Adobe ID support, we have upgraded BC  support tools (cases, chat, documentation) with standard Adobe tools. As a partner, you can now benefit from the same support tools as the rest of Adobe Creative Suite, and can track your support cases with Adobe BC, Dreamweaver, Muse or Photoshop in a single place.
  Partners with more than 100 paid sites will get 2nd level chat support, which includes a higher priority, by default. If you have more than 100 paid sites, but spread across different Partner Portals, please ask support to enable 2nd level chat for you.
  Support experience for your Small Business owner clients can now be owned by partners (see below).
  Custom Help & Support URL for your clients
  As a partner, you are probably already offering various additional services to your clients besides building & maintaining their BC site. Support, tailored specifically to your client needs, is usually one of these value-added services. We are now enabling you to take your Support service to the next level. In  Partner Portal Settings, you have the option to set a custom URL for what will open when your client clicks on Help & Support inside Admin Console:
  If you have multiple partner accounts, for different verticals, you can specify a Support URL for each of these.
  The default Support experience provided by BC for your clients will be updated in a few releases to be similar to the partner support experience. This includes BC-branded support cases and documentation. If you'd like to keep a white-label experience for your customers, please set your own Help & Support URL in Partner Portal.
  For more details please read the Improved support workflow and new forums announcement on our blog.
  Infrastructure updates
  Between our April release and the following infrastructure updates have been enabled
  Limited trial sites for free partners – starting with our May release, the number of trial sites a Free Partner can have will be limited to 100. Once the limit is reached, Free Partners that need to create a new trial site have the options to upgrade to a higher partner plan, upgrade some of the trial sites to paid or delete unused/expired trials.
  Automatic trial expiry extension - with this release, trial site expiry date will be automatically extended with 30 days every time an admin user logs in  the system through the admin interface or through FTP.
  Installed additional hardware - we have installed additional web servers on all our data centers, that translate into an increase of the existing capacity with over 70%.
  Updated DNS infrastructure - we have improved the DNS resolution for email delivery so that we can increase the rate at which we're sending the system operational emails
  HTTP acceleration – all sites static assets are served from a new cache engine (images, CSS and JavaScript files, together with improved headers that should allow the browser to cache them better for a browsing session). This update has been turned on along with our April release, and has made all the BC sites load faster on first and on subsequent loads.   
  Accelerated site/partner creation – we've changed the way new sites are created for faster speed, pre-creating them and reusing pre-created sites when needed, and have also improved the creation process for new partners, minimizing the impact of new CCM customers on the existing datacenters.
  Adobe ID for partners - in order to support an integrating experience between the various Adobe tools a partner may use (Dreamweaver, Muse, Support forums) we have added Adobe ID support for Business Catalyst partner accounts. Starting April 19, partners are asked to merge their current Business Catalyst account with their Adobe ID accounts. For more details about the transition process and FAQ please read the Introducing Adobe ID blog post.
  Updated Terms of Use - Along with several other changes in our processes in the past few months, we also revamped our Terms of Use and the signature process by requesting every admin user to sign a TOU. We have completed the rollout for partners, and we might be pushing an updated partner Terms of Use version within the following weeks. For more details and questions about this change, read the New Terms of Use for Business Catalyst blog post.
  Features and enhancements
  Site templates
  To support the increasing number of partners building, sharing or reusing  templates to create  new sites, we're extending our site templates support from our partner portal with a new template type and improved  management support. The update is going to enable partners to mark sites as templates and   choose between making them available in Online Business Builder and keeping them private in their partner portal. A template site will not expire and has the same limits as any other trial site.
  Based on your partner level, you can create private or public templates using the Site Details screen or the Tools>My Site Template section from your Partner Portal. Standard partners can only create private templates, while Free Partners can only view site templates that have been transferred to their accounts by other partners.
  The number of templates a partner will have will be limited and will vary based on partner level: free partners can store up to 5 templates in their partner portal, standard partners have up to 100 site templates while Premium Partners might have up to 200 templates. Paid sites marked as templates are not counted against these limits.
  Business Catalyst Partner fixes
  While we are really focused on making the Business Catalyst integration into Creative Cloud a smashing success, we are slowly resuming our efforts to deliver fixes that have been requested by our partners. This release includes the following partner fixes:
  Improved product custom fields - we have increased the maximum number of characters for product custom fields to 1024 (previous limit was 256); this gives partners and customers additional space to use when working with products
  Improved Secure Zone subscribers list - we have added the customer email address in the Secure Zone Subscribers list to enable partners better filter and manage customers
  Better experience when exporting data - to prevent customer confusion when exporting data from Mac computers, we have removed the export to excel option and exporting in CSV format by default.
  Social plugins integration updates
  Starting with our May release, we are updating the social plugins support to require users to get the plugin code from the third party provider and saving into his Business Catalyst website. The module tags and configuration will remain unchanged, but will render an empty tag until the partner or site owner will  update the module template to include the corresponding module code snippet from the third party platform provider.
  For more information about how you can enable the Social Plugins on a Business Catalyst websites, read the Social Media: Integrating Facebook and Twitter knowledge base article.
  Other changes
  Updated weekly emails - Starting with our May release, the information in the site weekly emails has been filtered based on the site's plan. For example, webBasics site reports will no longer include the sales report.
  Localization - we improved and increased the coverage of the admin interface translations into German, French and Japanese
  Site Settings -> Ignored IP addresses has been relocated under Reports -> Visitors -> More.
  BC-Dreamweaver integration performance improvements
  Development Dashboard has been removed, as it didn't provide a clear useful, ongoing benefit. The information present in the development dashboard has been integrated into our new Help & Support section.
  Payment gateway settings - for more privacy and data protection, we have updated the Payment Gateway configuration screens to obfuscate the sensitive login information. Fields that have been obfuscated are now requiring confirmation.
  Report abuse badge on trial sites - for compliance reasons, a "Report Abuse" link has been added to the front-end of all trial sites of free partners that don't have any paid sites. When they click the Report Abuse link, site visitors are redirected to a form submission page on businesscatalyst.com site.
  Issues fixed by May release
  Issues 3051303, 3168786 - Workflow notifications - Fixed a problem preventing workflow notifications emails from being sent.(see get satisfaction forum discussion)
  Issue 3164074 - Fixed a bug causing the lightbox gallery created from Muse to be displayed behind page elements
  Issue 3162810 - Fixed a bug in rendering engine to prevent  content placed between body and head tags being incorrectly moved inside the body tag
  Issue 3166610 - Fixed a broken link to Partner Portal in Internet Explorer
  Issue 3175003 - Fixed an issue that caused an incorrect price display for the Year One-Off Setup Fee when upgrading a site from Admin using CB
  Issue 2567278 - Fixed a bug causing site replication to ignore product attributes
  Issue 2947989 - CRM passwords are now case sensitive
  Issue 2723731 - Removed CSS files from the head section of the Layouts files, when downloaded and opened in Dreamweaver, via the BC extension
  Business Catalyst new admin interface updates
  Added "Save and Add New" button in Web App Item Add & Edit screens (see get satisfaction forum discussion)
  Updated Quick Actions menus to add more actions (see get satisfaction forum discussion)
  Fixed an issue causing Recent items menu to display deleted items (see get satisfaction forum discussion)
  Fixed a display issue on File Manager making top buttons unreachable (see get satisfaction forum discussion)
  Fixed the scrollbars in Email Marketing>Campaign>Stats>Bounced Emails reports (see get satisfaction forum discussion)
  Fixed an issue causing Recent items menu to brake after selecting the current page from the Recent Items menu (see get satisfaction forum discussion)
  Replaced the Success notification displayed when selecting Users or Permissions tabs from User Roles with an Warning
  Change the action label displayed in User Roles list from View to Edit to match the list pattern from Admin Users
  Fixed a missing file JavaScript error occurring when trying to open image manager from product details-> Attributes -> options
  Moved System Emails section from Site Setting to Site Manager (see get satisfaction forum discussion)
  Updated Domain Management interfaces to close the modal window and refresh the domain list after successfully adding a domain
  Fixed an issue preventing the Hyperlink Manager to function properly (see get satisfaction forum discussion)
  Updated the confirmation message received after copying a page to match the new workflow and button names
  Fixed an issue causing the current screen or section to not be highlighted in the menu
  Updated styling on the new dashboard, user management and email accounts interfaces
  Updated  dashboard reports filters and chart display; made the chart and the filter use the site time zone
  Fixed an issue preventing users from inviting new admin users or create new email accounts on Internet Explorer 8
  Fixed an issue preventing users from deleting Email Accounts or Admin Users in Internet Explorer 8
  Fixed some issues preventing password recovery email from being sent
  Removed the alert message displayed when the user or email account limit has been reached
  Added localization for the simplified dashboard
  Fixed display issues for site limits, domains and user list in the simplified dashboard
  Added Custom reports for webBasics plan
  Fixed a bug generating a "500:Collection error" on the simplified dashboard when user did not had View users permission
  Added TOU checkbox in the email account setup screen
  Updated Site Preview link in the dashboard to load the default domain
  Fixed an issue in the new File Manager forcing a user to press Undo twice in order to see the change take effect if the code that was previously formatted contained any <"tag" with more than 2 lines
  Fixed an issue causing the File Manager editor toolbar to incorrectly render if page URL path is longer than certain value; starting with this release, the site URL is trimmed
  Fixed an issue causing the invite users to be displayed as [object Object] in dashboard and admin user list
  Fixed a bug in the new admin causing the interface to become unresponsive when using the browser Back button
  Fixed an issue in the new File Manager causing "Save Draft" button to publish the default page template instead of creating a draft version
  Fixed a broken invite link issue in the Email Account invite email
  Updated loading indicators in File Manager and Email Accounts screens
  What's next
  The first item on the what's next list might not be news for many of you, but it's definitely one of the most important milestones this year. The Creative Cloud launch is just around the corner, and Business Catalyst is playing an important role in that, as the publishing platform for Adobe® Muse and Dreamweaver. This launch will capture all our attention within the next weeks as we want it to be our best ever. 
  We'll start our next development cycle on May 15th, while the next Business Catalyst release is going to be pushed live in mid June. That being said, the following items are already on our launch plan for the next release and a few more will join the list. Please expect an update on our 2012 plans around mid May.
  HTTP throttling – all page load and API calls to BC will be protected against attacks, this might trigger problems for API heavy sites. We are looking into enabling this update along with our June release, and will help make sure that a reasonable number of requests will be accepted from the same computer per minute.
  Automatic site deletion - Starting with the June release, we are going to start automatically delete expired trial sites and canceled sites. Customers will be notified twice before we are going to proceed with deleting the sites.
  Thank you,
  Cristinel Anastasoaie
  Adobe Business Catalyst Product Manager

  In reference to this change in the Custom Reports... Better experience when exporting data - to prevent customer confusion when exporting data from Mac computers, we have removed the export to excel option and exporting in CSV format by default.
  What is the customer confusion we are trying to stop here? I've got even more confused customers at the moment because all of a sudden they can't find the export to excel option but know it exists if they log in on a PC?
  Mark

• Is there a way to automate IOS IPS signature updates without CSM?

  I have a growing number of 891 routers running IOS IDS/IPS. My Cisco vendor has stated repeatedly that CSM is the only way to manage signature updates to multiple routers, but I'm finding CSM to be incredibly tedious and slow. It also wants to manage a lot more than just the IPS policies and signatures which causes other problems.
  I have about 160 routers deployed now and that will grow to at least 600. I have CSM 3.3.1. I'm told 4.x would make it easier becasue it can be configured to ignore more of the non-IPS bits of the router configs, but the upgrade is a big chunk of money that wouldn't be in the budget until at least 2012.
  Is anybody doing this with an expect script or EEM applets or something else? It seems to me that I could manually upload an update to one router and push the resulting XML files to all the other routers a lot easier and faster than I could "discover" a bunch of routers in CSM (and rediscover them every time we make a CLI change), add the routers to a group, apply updates to a sig policy, lather, rinse, repeat..., not to mention troubleshooting the weird errors and completely wron "warnings" that CSM spews.
                 Thanks in advance!

  From IOS version 15.1(1)T, you can configure the IOS IPS to auto update from cisco.com which would help I believe.
  Here is the configuration guide for your reference:
  http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1138659

• IDSM Signature Updates

  Hi,
  Sudenly after Upgrade our IDSM-2 in the Realeses Tab the signature are not been updated but the IDS it self is up to date.
  Generaly the IDS is update but I can't see the last aplied signatures on IPS>sig>releases...
  Who has the solution?
  Regards,
  Sent from Cisco Technical Support iPad App

  Hello.
  Sudenly after Upgrade our IDSM-2 in the Realeses Tab the signature are not been updated but the IDS it self is up to date. Generaly the IDS is update but I can't see the last aplied signatures on IPS>sig>releases...
  Are you encountering this behavior in IDM (the sensor's built-in GUI) or in IME (IPS Manager Express)?
  I recently encountered a customer who ran into this behavior with IDM and the issue was due to the signature update(s) not actually completing 100% due to a defect being encountered.
  I also recently encountered a customer who ran into this with IME and the issue was eventually resolved via an uninstall and re-install of the IME application software.

• The selected signed file could not be authenticated. The file might have been tampered with or an error might have occured during download. Please verify the MD5 hash value against the Cisco Systems web site

  I am trying to load any 9.0.3 firmware on my UCM 5.0.4.2000-1 server. Every newer firmware I load throws the following error. I have verified the MD5 is correct and also downloaded the file several times with the same result. I can load the same firmware file on another UCM server and it loads fine. Any ideas?
  Thanks in advance!
  Error Message:
  The selected signed file could not be authenticated. The file might have been  tampered with or an error might have occured during download. Please verify the  MD5 hash value against the Cisco Systems web site:  9b:b6:31:09:18:15:e7:c0:97:9f:e6:fe:9a:19:94:99
  Firmware File: cmterm-7970_7971-sccp.9-0-3.cop.sgn
  UCM version: 5.0.4.2000-1

  Thanks for your reply. We have a lab environment where I maintain  UCM 5.0, 5.1, 6.0, 6.1, 7.0, 7.1 and 8.0 servers each running the latest released firmware for our QA testing team. I have downloaded and installed the latest device packages but find that if I try to install any firmware newer then 8.3.1 on either 5.0.4 or 6.0 i start getting MD5 hash authentication errors. It looks like 9.0.3 firmware should work on UCM 5.0 and 6.0 so I am lost as to why I can't seem to update any firmware for any model phone if it is newer then version 8.3.1 on either 5.0 or 6.0. while 5.1 and 6.1 work without issues. Maybe it is just a bug. I mostly wanted to see if anyone else has experienced this or if it is just me.

• Signature Updates for AIP-SSM 10

  Hi all how can i obtain Signature Updates for AIP-SSM 10 where i am having 60 day trial license with me

  Here is the main file download page for the IPS sensors.
  Find the section for the version you are running and click on the Latest Signature Updates link to take to you to the download page for signature updates.
  You can then download which ever signature update you want.
  NOTE1: Each Signature Updates contains all signatures from previous Sig levels. So you only need to download the latest one.
  NOTE2: Each signature update has a specific E (Engine) level requirement. You can execute "show ver" on your sensor to determine if it is at an E1 or E2 level. If it is at E1 and you want the latest sigs that require E2 then you will first need to install the E2 upgrade.
  On that main download page look for the "Latest Upgrades" link for your version, and look for the IPS-engine-E2-req-X.X-X.pkg file where the X.X-X matches your sensor version.
  If there is not an X.X-X matching your sensor version, then you may need to upgrade the software version for your sensor as well.
  NOTE3: Many of these links will also require an account on cisco.com. And for some of these files that account may also need to be verified for being from a country where the USA's export restrictions allow downloads for encryption. (Most countries qualify but you do have to go through that qualification step). It has been over 10 years that I have had do this so I am not sure of the latest procedures for getting an account or validating it for encrpytion downloads.

• Eclipse Update Site Maintenance Tonight

  The Eclipse update site will be down briefly this evening for scheduled maintenance. The failover / load balancing unit in front of the servers are getting rules adjusted so we no longer redirect update site requests from http to https (i.e. http://dev2devclub.bea.com/updates/wlevs-tools/2.0/site.xml to https://dev2devclub.bea.com/updates/wlevs-tools/2.0/site.xml).
  It has scheduled 6p to 8p Pacific for this work, but we expect to be done by 6p. The rules will be adjusted right around 6p and then we'll do the necessary testing to ensure that routes through the unit are working as expected.
  Reference:
  http://forums.bea.com/bea/message.jspa?messageID=300005288&tstart=0

  The Eclipse update site will be down briefly this evening for scheduled maintenance. The failover / load balancing unit in front of the servers are getting rules adjusted so we no longer redirect update site requests from http to https (i.e. http://dev2devclub.bea.com/updates/wlevs-tools/2.0/site.xml to https://dev2devclub.bea.com/updates/wlevs-tools/2.0/site.xml).
  It has scheduled 6p to 8p Pacific for this work, but we expect to be done by 6p. The rules will be adjusted right around 6p and then we'll do the necessary testing to ensure that routes through the unit are working as expected.
  Reference:
  http://forums.bea.com/bea/message.jspa?messageID=300005288&tstart=0

• New Signature updates will they overwirite old Tuned signatures

  Good day,
  I will be updating my sensors from s328 to S356. Question, will my previous Tuned rules/actions be overwritten by the new signature defaults ??
  Thanks,

  I'd give this a qualified "maybe". There is a case where the signature team might have disabled or retired a signature. That disable/retired action could pull the signature from your active list. It will still appear tuned, but it will also be disabled and/or retired. Other parameters that the sig team changes will be overridden by your tunings.
  The issue with the enable/retire settings is that they are default enabled and not retired.... When you tune a signature, the instance file (/usr/cids/idsRoot/etc/config/signatureDefinition/instances/sig?.xml) records the changes to the default settings (default.xml). Since the signature is enabled and not retired when you tune it(typically), you typically don't change that default. Now the signature team changes the default value, then there is nothing in the sig?.xml file to override the "new default" and the signature is disabled and or retired.
  A workaround for this is that you can explicitly tune the signature to be enabled and not retired. This tuning will be stored in the instance file and override any changes to the default values.
  The exception to the default value override is the signature team's use of "obsoletes"...they have the ultimate trump to replace one signature with another (but thats a topic in itself).
  The customer's equivalent counter-trump is that they can clone the Cisco signature into a custom signature. The signature updates can't mess with them.
  Scott C.

• EOL for mars 20 signature updates?

  The EOL/EOS document for the MARS 20 does not mention when signature updates will end. 
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/end_of_life_notice_c51-470242.html
  The EOL notice for the newer devices lists the date as June 2, 2014
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/eol_c51-636888.html
  Does the MARS 20 use the same file, and will updates continue to be available until June 2, 2014?  If not, what is the date when this will end?
  Thanks
  H

  FYI: I opened a tac case on this and got the following response
  "new MARS20 signature files will be available for automatic download from that URL until June 2 2014, assuming the MARS has a valid support contract and that contract is associated to the CCO account used by MARS box to log in to that URL."