Correct procedure to update IOS IPS signatures on 2911 router

Similar Messages

• IOS IPS Signature Updates

  Hi,
  Is it possible to update signatures for IOS IPS or do we need to update the IOS to get more signatures?
  Thanks and rgds
  Rajesh

  hi,
  if you have cisco sdm, then it would be easy to update your IOS IPS signatures. You may need to upgrade IOS of the router only when the ips signature requires you to do it.

• Update my app. What is the correct procedure for updating an app/folio?

  I designed a folio in Indesign CS6 and created an app of the folio in adobe dps and succesfully uploaded it to the app store. Now I want to update my app. What is the correct procedure for updating an app/folio?

  no, just update your content and recreate the Single Edition App. Your certificate should still be valid so there is not need to recreate these.
  ... your App ID absolutely need to be the exact same one you used for the first version if you want to make sure this is an update.

• Correct procedure to update to Lollipop and perform hard reset

  Hi Community,
  I need to know the correct procedure to update the Sony Xperia Z2 from KitKat to Lollipop.
  These are the main questions:
  1) Update via OTA or from PC Companion when the firmware is noticed?
  2) When the hard reset (system repair) must be done? Before the update or after the update or both?
  3) How perform CORRECTLY, STEP BY STEP, the hard reset after Lollipop update?
  I and all Z2 users need this fondamental informations to prevent Lollipop bugs or malfunctions!
  We wait DETAILED answer from Sony!
  Cheers

  We are a user support forum not Sony employed - If you want to update then do so via any means you see fit then if you want to make sure it's a clean fresh install then try performing a system repair using PC Companion - This will factory reset your phone and erase all data so best to backup before you begin
  Switch off your phone and unplug from Pc (Hold volume up and power for around 10 seconds)
  Start PC Companion and select Support zone then Update my phone/tablet then in Blue Repair my phone/tablet and follow the on screen instructions - When prompted connect your phone still switched off holding volume down or back button - This should start the repair or reformat process
  If you are using Windows 8/8.1 or a 64bit operating system then adjust the settings for PC Companion and run in compatibility mode and chose Windows 7 or XP
  For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled.   Richard P. Feynman

• Is there a way to automate IOS IPS signature updates without CSM?

  I have a growing number of 891 routers running IOS IDS/IPS. My Cisco vendor has stated repeatedly that CSM is the only way to manage signature updates to multiple routers, but I'm finding CSM to be incredibly tedious and slow. It also wants to manage a lot more than just the IPS policies and signatures which causes other problems.
  I have about 160 routers deployed now and that will grow to at least 600. I have CSM 3.3.1. I'm told 4.x would make it easier becasue it can be configured to ignore more of the non-IPS bits of the router configs, but the upgrade is a big chunk of money that wouldn't be in the budget until at least 2012.
  Is anybody doing this with an expect script or EEM applets or something else? It seems to me that I could manually upload an update to one router and push the resulting XML files to all the other routers a lot easier and faster than I could "discover" a bunch of routers in CSM (and rediscover them every time we make a CLI change), add the routers to a group, apply updates to a sig policy, lather, rinse, repeat..., not to mention troubleshooting the weird errors and completely wron "warnings" that CSM spews.
                 Thanks in advance!

  From IOS version 15.1(1)T, you can configure the IOS IPS to auto update from cisco.com which would help I believe.
  Here is the configuration guide for your reference:
  http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1138659

• IOS IPS Signature-File

  Hi Guys,
  We have recently purchased a Cisco ISR 2921,  and on its docs it is writen that this product has a License for IOS IPS Signatrue File,  but on the product Flash Memory there is no  IOS IPS Sig-File.   and while i try to download the sig-file from Cisco, it fails.
  Can any one tell me where is an alternate way to download the sig-file ?

  900 active signatures is quite much for a system that has no dedicated IPS-ressources.
  But you can controll which and how many signatures get enabled on your router:
  In the following example I first disable all signatures and enable the ones for web-servers. So just decide which signatures you need. But don't forget to monitor your router-ressources.
  gw#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  gw(config)#ip ips signature-category
  gw(config-ips-category)#?
  IPS signature category configuration commands:
    category  Category keyword
    exit      Exit from Category Mode
    no        Negate or set default values of a command
  gw(config-ips-category)#category ?
    adware/spyware                Adware/Spyware (more sub-categories)
    all                           All Categories
    attack                        Attack (more sub-categories)
    configurations                Configurations (more sub-categories)
    ddos                          DDoS (more sub-categories)
    dos                           DoS (more sub-categories)
    email                         Email (more sub-categories)
    instant_messaging             Instant Messaging (more sub-categories)
    ios_ips                       IOS IPS (more sub-categories)
    l2/l3/l4_protocol             L2/L3/L4 Protocol (more sub-categories)
    network_services              Network Services (more sub-categories)
    os                            OS (more sub-categories)
    other_services                Other Services (more sub-categories)
    p2p                           P2P (more sub-categories)
    reconnaissance                Reconnaissance (more sub-categories)
    releases                      Releases (more sub-categories)
    specially_licensed_signature  Specially Licensed Signature (more sub-categories)
    telepresence                  TelePresence (more sub-categories)
    uc_protection                 UC Protection (more sub-categories)
    viruses/worms/trojans         Viruses/Worms/Trojans (more sub-categories)
    web_server                    Web Server (more sub-categories)
  gw(config-ips-category)#category all
  gw(config-ips-category-action)#retire true
  gw(config-ips-category-action)#exit              
  gw(config-ips-category)#category web_server
  gw(config-ips-category-action)#?
  Category Options for configuration:
    alert-severity   Alarm Severity Rating
    enabled          Enable Category Signatures
    event-action     Action
    exit             Exit from Category Actions Mode
    fidelity-rating  Signature Fidelity Rating
    no               Negate or set default values of a command
    retired          Retire Category Signatures
  gw(config-ips-category-action)#retired false
  gw(config-ips-category-action)#exit
  gw(config-ips-category)#exit
  Do you want to accept these changes? [confirm]
  gw(config)#
  gw(config)#exit
  gw#sh ip ips configuration | s IPS Signature Status
  IPS Signature Status
      Total Active Signatures: 131
      Total Inactive Signatures: 4370
  gw#
  I didn't follow the thread and answered your first post to have less line-breaks in this post.

• IOS IPS Signature description

  I would like to "fine tune"  category ios_ips advanced  (or basic) on IOS IPS.
  Clearly ISR G2 is not able to support as many active/enabled signatures as we'd like to so it would be nice to choose ones we actualy need.
  Does anyone have table with signature descriptions so one can easily choose?
  I found web site totaly inpractical... sorry cisco guys...
  Please help !

  If you are using IME, there is a way to export a list of signatures. I have done this with the IPS 4255 and it might be the same for IOS IPS.
  Under Configuration, go to Policy -> Signatures -> All Signatures. There is a function to Export the list of signatures, in either HTML or CSV format.

• IOS IPS Signatures for password guessing?

  I recently experienced a password-guessing attack. The inside Windows server's security was pretty well useless in stopping the attack (block, yes; stop, no), because the user ID kept changing, and Windows account lockout ignores source addresses. In this case, it was FTP, and I found an IPS signature for that, but it got me to thinking:
  There don't seem to be password-guessing signatures for RDP, HTTP, HTTPS, or SSL. Granted it may not be practical for HTTPS and SSL, but what about the other two? Should we consider rolling our own?

  You can configure custom signatures for IOS IPS using Security Monitor which is part of VMS. Below is a doc on how to do this:
  http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f44.html#xtocid9
  Also try this link for Cisco Security Advisory
  http://www.cisco.com/en/US/products/products_security_advisory09186a008055dbdd.shtml

• Correct procedure to update Embedded Controller Programme - T43

  Dear Forum,
  Could somebody please describe the best way to safely update 'Embedded Controller Programme' in a T43?
  - The computer is a Thinkpad T43 1871 PM1 machine
  - BIOS Version is 1.29
  - Embedded Controller Version is 1.03
  - Apparently this is the correct current Embedded Controller Version http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-59439
  - Should I boot the machine into safe mode rather than regular startup?
  - Should I deactivate my firewall (PCTools), my anti-virus (Avast) and Malwarebytes from running at startup before I shut my machine down?
  - Are there any other specific programmes I need to shut down? (eg. IBM Access or any of the IBM updates?)
  - Does the controller update require internet access? Or should I also disconnect the computer from the web?
  Thank you!! :-)
  Harryredknapp

  Hi Harry,
  There is no need to boot the machine in Safe Mode, and yes it would be good idea to deactivate your firewall and antivirus products for the time being while the controller program is being updated.
  When I run BIOS update, I don't turn off any Thinkvantage tools so in my experience they don't interfere with the update process, and as far as I know the controller program doesn't require internet access (if you're doing manual update from the setup saved on your thinkpad).
  Hope it helps.
  Maliha (I don't work for lenovo)
  ThinkPads:- T400[Win 7], T60[Win 7], IBM 240[Win XP]
  IdeaPad: U350
  Apple:- Macbook Air [Snow Leopard]
  Did someone help you today? Compliment them with a Kudos!
  Was your question answered today? Mark it as an Accepted Solution! 
    Lenovo Deutsche Community     Lenovo Comunidad en Español 
  Visit my YouTube Channel

• Rotation does not work correct after last update iOS 8

  EVerything on the screen rotates with the Ipad except the icons of all my one hundred apps. After opening any app its content rotates, but after closing the icon of the app still  has the wrong position. is this a bug And how I can fix it?

  Hybrid Son Of Oxayotl wrote:
  I may be a bit late, but I had the same problem. It seems to come from a faulty .desktop somewhere on your machine. Just try to remove parts of ~/.cache/docky/docky.desktop.???.cache (??? depends on your locale), until you find the right one.
  My problem was due to /usr/share/applications/brasero-nautilus.desktop including this line :
  NoDisplay=true;
  instead of the correct :
  NoDisplay=true
  (I had quite a lot of trouble to find that one !)
  You are not late, you are just in time, I tried to remove the semicolon after "true" before deleting one by one all the entries, and it worked right away! Thanks!

• IOS IPS auto-update

  Hi,
  I have a couple of questions I hope people could answer:
  1) What recommendations/options are available for downloading signature files to a HTTP/TFTP server prior to having the IOS IPS device pull them from the server?  Is their a way to automate the HTTP/TFTP server downloading the signatures? (Cron job or such)
  2) Does the signature file name change each time a new signature file is released? If it does, would I have to go back to the router to update the URL string that is configured in the ip ips auto-update section? I would hate to have to update 200 CPE devices each time a new signature file is released.
  Hoping someone could answer these or help point me in the right direction to find the answer out.
  regards M

  I found this link with answers my one question.
  Cisco IOS Intrusion Prevention System (IPS)
  Tuning, Deploying and Updating Cisco IOS IPS Signature Sets For Multiple-Device Deployments
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/white_paper_c11_549300.html

• IOS IPS Sig Updates

  It seems like whenever there is an IDS sensor/appliance update for defending against the latest virus/worm but there is no update for IOS IPS signatures.
  Case in point - on June 3 there was an IDS update for W32/Bobax.worm.o S174. The IOS IPS zip file as of today is S169 from May 25, What gives?
  Also, why isn't their any release notes for the IOS IPS zip files to document what was added? That way we can read it to judge if we need to download the zip file or not.

  There are a couple of extra steps in producing the IOS IPS signature update. The IOS IPS solution is a subset of the full appliance solution and is further constrained by memory limitations inherent in the routers that it runs in. Because of this, once the signature development team puts together an appliance update, that update has to be reviewed to make sure that the appliance signatures won't crash the IOS implementation. Any issues found during the review have to be addressed before the IOS update can be posted. This extra review step is the cause for the delay.
  Regarding the release notes. The signatures usable by the IOS solution are a subset of the appliance update. You can look at the appliance update release notes to see what *might* be available. I say might because of the subset issues....
  SC

• IOS IPS SIG Updates via IDSMDC

  When using IDSMSC to push out updates for Sensors and IOS IPS devices, the signature update process pushes the updates to the sensors during the udate process. However the IOS IPS devices pulls their signature definitions from the server itself.
  So my question is, do you need to "Generate" and "Deploy" to all IOS IPS devices to insure the devices are updated with the latest signature definitions after the update?
  SHM

  There are a couple of extra steps in producing the IOS IPS signature update. The IOS IPS solution is a subset of the full appliance solution and is further constrained by memory limitations inherent in the routers that it runs in. Because of this, once the signature development team puts together an appliance update, that update has to be reviewed to make sure that the appliance signatures won't crash the IOS implementation. Any issues found during the review have to be addressed before the IOS update can be posted. This extra review step is the cause for the delay.
  Regarding the release notes. The signatures usable by the IOS solution are a subset of the appliance update. You can look at the appliance update release notes to see what *might* be available. I say might because of the subset issues....
  SC

• IOS IPS Important Notice - UPDATED

  IOS IPS customers running version 12.4T, 15.0M, or 15.1M - a critical software defect has been identified which may cause your router to reload and be stuck in a boot loop if IOS IPS signature version S639 or later is installed on the device. Recovery of impacted devices is possible only via a serial console connection through the device's ROMMON mode. For customers who are using IOS IPS signatures S638 or earlier, there is no issue. Customers wishing to upgrade the IOS IPS signature version to S639 or later must first be running a fixed version of IOS on the device prior to upgrading the IPS signatures.  Fixed versions of IOS include: 15.2(4)M, 15.1(3)T4, 15.2(3)T1, 15.1(4)M5, 12.4(24)T8 and later. Please refer to defect CSCtz27137 for additional details and steps to recover impacted devices.
  If you have upgraded your version of IOS to 15.2(4)M, 15.1(3)T4, 15.2(3)T1, 15.1(4)M5, 12.4(24)T8 or later you can obtain the most recent signature updates by  contacting the Cisco TAC

  What is the most recent version of IOS IPS sig file that TAC can supply?
  I'm running IOS 15.2(4)M1 and, per your suggestion above to contact TAC for the most recent signature update, I requested a later version of IPS sig than S636.
  I was simply referred back to the standard download page and IPS sig file S636.

• 2651XM IPS Signature Update?

  Hello,
  I have a 2651XM 256MB/32MB running 12.4(25) and I would like to update the IPS signature file.  I see that the last update for 256MB.sdf was from Aug 2008.  The latest IPS I found is IPS-sig-S518-req-E4.pkg from
  http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Intrusion+Prevention+System+%28IPS%29+Signature+Updates&mdfid=277801011&treeName=Security&mdfLevel=Model&url=null&modelName=Cisco+2651XM+Multiservice+Router&isPlatform=N&treeMdfId=268438162&modifmdfid=278279418&imname=Cisco+IDS+Access+Router+Network+Module&hybrid=Y&imst=Y
  I've tried the command
  ip ips sdf location flash:\\IPS-sig-S518-req-E4.pkg
  ip ips sdf location flash:IPS-sig-S518-req-E4.pkg
  but when I apply IPS to an interface and run 'show ip ips all' no signatures load and I get a message 'invalid token'.
  I also tried seeing if the latest SDM will help but nothing.
  My question is, what is it that I am doing wrong or missing?  Is my router too old to be able to get the latest signature files?
  Any advice or guidance to the right direction is much appreciated.
  Thanks

  You have a version of IOS that includes the older version of the IOS IPS feature (referred to as v4).  This release only supports signature updates using the SDF formatted files.  These files are no longer updated.
  The signature update file you found (ending in .pkg) is the signature update package supported by Cisco's IPS appliances and is not compatible with the IOS IPS feature set.
  The current IOS IPS feature (referred to as v5) also makes use of .pkg files.  You will need to upgrade the IOS of your 2651 to a release in the T train such as 12.4(24)T2 to obtain the latest IOS IPS feature release.
  You can find out more about the IOS IPS feature set here:
  http://www.cisco.com/go/iosips
    For starting with IOS IPS v5:
  http://www.cisco.com/en/US/products/ps6634/products_tech_note09186a008097db66.shtml
  Scott