Cisco Network Security Troubleshooting Handbook

Cisco Network Security Troubleshooting Handbook

1 (1 rating by Goodreads)
By (author) 

List price: US$75.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Identify, analyze, and resolve current and potential network security problems * Learn diagnostic commands, common problems and resolutions, best practices, and case studies covering a wide array of Cisco network security troubleshooting scenarios and products * Refer to common problems and resolutions in each chapter to identify and solve chronic issues or expedite escalation of problems to the Cisco TAC/HTTS * Flip directly to the techniques you need by following the modular chapter organization * Isolate the components of a complex network problem in sequence * Master the troubleshooting techniques used by TAC/HTTS security support engineers to isolate problems and resolve them on all four security domains: IDS/IPS, AAA, VPNs, and firewalls With the myriad Cisco(R) security products available today, you need access to a comprehensive source of defensive troubleshooting strategies to protect your enterprise network. Cisco Network Security Troubleshooting Handbook can single-handedly help you analyze current and potential network security problems and identify viable solutions, detailing each step until you reach the best resolution. Through its modular design, the book allows you to move between chapters and sections to find just the information you need. Chapters open with an in-depth architectural look at numerous popular Cisco security products and their packet flows, while also discussing potential third-party compatibility issues. By following the presentation of troubleshooting techniques and tips, you can observe and analyze problems through the eyes of an experienced Cisco TAC or High-Touch Technical Support (HTTS) engineer or determine how to escalate your case to a TAC/HTTS engineer. Part I starts with a solid overview of troubleshooting tools and methodologies. In Part II, the author explains the features of Cisco ASA and Cisco PIX(R) version 7.0 security platforms, Firewall Services Module (FWSM), and Cisco IOS(R) firewalls. Part III covers troubleshooting IPsec Virtual Private Networks (IPsec VPN) on Cisco IOS routers, Cisco PIX firewalls with embedded VPN functionalities, and the Cisco 3000 Concentrator. Troubleshooting tools and techniques on the Authentication, Authorization, and Accounting (AAA) framework are discussed thoroughly on routers, Cisco PIX firewalls, and Cisco VPN 3000 concentrators in Part IV. Part IV also covers troubleshooting Cisco Secure ACS on Windows, the server-side component of the AAA framework. IDS/IPS troubleshooting on IDS/IPS appliances, IDSM-2 blade, and NM-CIDS blade on Cisco IOS routers are covered in Part V. In Part VI, the author examines the troubleshooting techniques for VPN/Security Management Solution (VMS) tools used for managing products from all four security domains in greater detail: IDS/IPS, AAA, VPNs, and firewalls. Cisco Network Security Troubleshooting Handbook prepares you to troubleshoot your network's security devices and presents step-by-step procedures for tackling issues that arise, so that you can protect your network. This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.show more

Product details

  • Paperback | 1152 pages
  • 188 x 228.6 x 58.4mm | 1,859.75g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587051893
  • 9781587051890
  • 1,835,284

Back cover copy

Identify, analyze, and resolve current and potential network security problems Learn diagnostic commands, common problems and resolutions, best practices, and case studies covering a wide array of Cisco network security troubleshooting scenarios and products Refer to common problems and resolutions in each chapter to identify and solve chronic issues or expedite escalation of problems to the Cisco TAC/HTTS Flip directly to the techniques you need by following the modular chapter organization Isolate the components of a complex network problem in sequence Master the troubleshooting techniques used by TAC/HTTS security support engineers to isolate problems and resolve them on all four security domains: IDS/IPS, AAA, VPNs, and firewalls With the myriad Cisco(R) security products available today, you need access to a comprehensive source of defensive troubleshooting strategies to protect your enterprise network. "Cisco Network Security Troubleshooting Handbook" can single-handedly help you analyze current and potential network security problems and identify viable solutions, detailing each step until you reach the best resolution. Through its modular design, the book allows you to move between chapters and sections to find just the information you need. Chapters open with an in-depth architectural look at numerous popular Cisco security products and their packet flows, while also discussing potential third-party compatibility issues. By following the presentation of troubleshooting techniques and tips, you can observe and analyze problems through the eyes of an experienced Cisco TAC or High-Touch Technical Support (HTTS) engineer or determine how to escalate your case to a TAC/HTTS engineer. Part I starts with a solid overview of troubleshooting tools and methodologies. In Part II, the author explains the features of Cisco ASA and Cisco PIX(R) version 7.0 security platforms, Firewall Services Module (FWSM), and Cisco IOS(R) firewalls. Part III covers troubleshooting IPsec Virtual Private Networks (IPsec VPN) on Cisco IOS routers, Cisco PIX firewalls with embedded VPN functionalities, and the Cisco 3000 Concentrator. Troubleshooting tools and techniques on the Authentication, Authorization, and Accounting (AAA) framework are discussed thoroughly on routers, Cisco PIX firewalls, and Cisco VPN 3000 concentrators in Part IV. Part IV also covers troubleshooting Cisco Secure ACS on Windows, the server-side component of the AAA framework. IDS/IPS troubleshooting on IDS/IPS appliances, IDSM-2 blade, and NM-CIDS blade on Cisco IOS routers are covered in Part V. In Part VI, the author examines the troubleshooting techniques for VPN/Security Management Solution (VMS) tools used for managing products from all four security domains in greater detail: IDS/IPS, AAA, VPNs, and firewalls. "Cisco Network Security Troubleshooting Handbook" prepares you to troubleshoot your network's security devices and presents step-by-step procedures for tackling issues that arise, so that you can protect your network. This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.show more

About Mynul Hoda

Mynul Hoda, CCIE(R) No. 9159 (Routing/Switching and Security), CISSP, is a lead engineer in HTTS for Cisco and is based in San Jose, California, where he has been working as a senior security/VPN support engineer since 2003. Before joining HTTS, he was a senior support engineer in the Cisco TAC. His areas of expertise include configuring and troubleshooting all forms of security/VPN technologies such as AAA, IPS, firewalls, and VPNs.show more

Table of contents

Part I Troubleshooting Tools and Methodology Chapter 1 Troubleshooting Methods Proactive Actions for Handling Network Failure Types of Failure Problem-Solving Model Step 1: Define the Problem Step 2: Gather the Facts Step 3: Consider Possible Problems Step 4: Create an Action Plan Step 5: Implement the Action Plan Step 6: Observe Results Step 7: Repeat if Necessary Step 8: Document the Changes Summary Chapter 2 Understanding Troubleshooting Tools Using Device Diagnostic Commands show Commands debug Commands Test Commands ping Command traceroute Command telnet Command nslookup Command Network Analyzers Trivial File Transfer Protocol (TFTP) Server FTP Server Syslog Server Audit and Attack Tools Core Dump Using TFTP Using FTP Using rcp Using a Flash Disk Additional Configuration "Exception Memory" Command debug sanity Command Testing the Core Dump Setup Part II Troubleshooting Cisco Secure Firewalls Chapter 3 Troubleshooting Cisco Secure PIX Firewalls Overview of PIX Firewall PIX Packet Processing File System Overview Access-List time-range Keyword Enable/Disable Outbound ACL nat-control Modular Policy Framework (MPF) Objective Transparent Firewall Diagnostic Commands and Tools show Commands show xlate [detail] show connection [detail] show local-host show service-policy show asp drop show cpu usage show traffic show blocks show output filters show tech-support Debug Commands debug icmp trace debug application_protocol debug pix process debug fixup tcp | udp capture Command Sniffer Capture Syslog Traceback/Crashinfo Other Tools Problem Areas Breakdown Licensing Issues Password Recovery Issue Software Upgrade and Downgrade Issues Standard Upgrade Procedure Upgrade using ROM Monitor Mode Downgrade Procedure Upgrading PIX Firewall in a Failover Setup Connection Issues Across PIX Firewall Configuration Steps Troubleshooting Steps Transparent Firewall Issues Configuration Steps Troubleshooting Steps Virtual Firewall Security Context How the Virtual Firewall Works Limitations of Virtual Firewall Configuration Steps Troubleshooting Steps Quality of Service (QoS) Issues Policing Low Latency Queuing (LLQ) Troubleshooting Steps Performance Issues High CPU Utilization High Memory Utilization Large ACL Reverse DNS & IDENT Protocol Case Studies Active/Standby Model Active/Active Model Hardware and License Requirements System and User Failover Group Initialization, Configuration Synchronization/Command Replication Configuration Examples Asymmetrical Routing Support Troubleshooting Steps Common Problems and Resolutions Best Practices Protecting the PIX Firewall Itself Protecting Network Resources Chapter 4 Troubleshooting Firewall Services Module Overview of FWSM Firewall FWSM Architecture Control Plane (CP) Network Processors (NP) Packet Flows Diagnostic Commands and Tools Show Commands show Commands on the Switch show Commands on the FWSM Debug Commands Sniffer on the FWSM Syslog on the FWSM Sniffer Capture Analysis of Problem Areas Licensing Issues Hardware Issues Firewall Module Administration Issues Flash Setting the Boot Device (Route Processor) Maintenance Partition Password Recovery Procedure Upgrading a New Image Upgrading Software Images Connection Problems Configuration Steps Troubleshooting Steps AAA Issues Virtual and Transparent Firewall High CPU Issues Intermittent Packet Drops Issues Failover Issues Failover Operations Configuration Steps Troubleshooting Steps Case Studies Case Study 1: Multiple SVI for FWSM Why Change the Existing Model? Scenario One: DHCP Helper with FWSM 1.1(x) Scenario Two: Alternate Configuration Case Study 2: Understanding Access-List Memory Utilization The Compilation Process: Active and Backup Trees How Memory Is Allocated: Release 1.1(x) or 2.2(1) in Single Mode How memory is Allocated: Release 2.2(1) in Multiple Mode Trees and contexts: A Matter of Mapping FWSM Release 2.3: The ACL Partition Manager Examples of ACL Compilation Access-lists: Best Practices Common Problems and Resolutions Best Practices Chapter 5 Troubleshooting an IOS Firewall Overview of IOS Firewall (CBAC) Single Channel Protocol Inspection UDP and CBAC ICMP and CBAC Application Layer Protocol (TCP-based) and CBAC Multi-Channel Protocol Inspection NAT/PAT and CBAC Port Application Mapping (PAM) and CBAC Denial of Service (DoS) Detection And Prevention TCP Syn Flood and DoS Attack Launched by UDP Fragmentation Real-Time Alerts and Audit Trails Interaction of CBAC with IPsec Transparent Cisco IOS Firewall Diagnostic Commands and Tools show Commands debug commands Syslog Packet Capture (Sniffer Traces) Categories of Problem Areas Selection of Software for IOS Firewall Issues Unable to Connect (Inbound and Outbound) across CBAC Packet Failure to Reach the Router's Incoming Interface Misconfigured ACL Misconfigured NAT and Routing IP Inspection Applied In the Wrong Direction UDP Inspection Is Not Configured Return Traffic Might Not Be Coming Back to the Router ICMP Traffic Is Not Inspected There Is a Problem with Inspecting Single Channel Protocol Required Multi-Channel Protocol is Not Inspected IP URL Filtering Blocking The Connection Redundancy or Asymmetric Routing Problems Performance Issues Timeouts for TCP, UDP, and DNS Short Threshold Values for Half-open and New Connections HTTP Inspection Dilemma Switching Path Large ACL Reverse DNS and IDENT Protocols Running Older Code Intermittent Packet Drops IP URL Filtering Is Not Working Case Studies How auth-proxy Works Method of Authentication Supported Platform Configuration Steps Troubleshooting auth-proxy Common Problems and Resolutions Best Practices Basic Router Security Anti-spoofing Configuration Part III Troubleshooting Virtual Private Networks Chapter 6 Troubleshooting IPsec VPNs on IOS Routers Overview of IPsec Protocol Encryption and Decryption Symmetric Algorithms Asymmetric Algorithms Digital Signatures Security Protocols Authentication Header (AH) Encapsulating Security Header (ESP) Transport Mode Tunnel Mode Security Associations (SAs) SA and Key Management with IKE Protocol IKE Phase 1 Diagnostic Commands and Tools show Commands show Command for Phase I show Commands for Phase II show Commands for Interface Counters show Command for Verifying IPsec Configuration Commands for Tearing Down Tunnel debug Commands Analysis of Problem Areas Basic LAN-to-LAN Troubleshooting Successful LAN-to-LAN Tunnel Establishment Process Tunnel Establishment Fails at Phase I Tunnel Establishment Fails at Phase II Tunnel Is Established but Unable To Pass Traffic GRE over IPSec Configuration Steps Troubleshooting Steps Public Key Infrastructure (PKI) Troubleshooting Configuration Steps Troubleshooting Steps Remote Access Client VPN Connection Configuration Steps Troubleshooting Steps Case Studies DMVPN Architecture Multipoint GRE Tunnel Interface (mGRE Interface) Next Hop Resolution Protocol (NHRP) Configuration Steps Troubleshooting DMVPN NHRP Mapping Problem Crypto Socket Creation Problem Crypto VPN problem Passing Data Across an Established Tunnel Problem Common Problems and Resolutions NAT With IPsec Issues NAT in the Tunnel End Points NAT in the Middle Firewall and IPsec Issues Maximum Transmission Unit (MTU) Issues Split Tunneling Issues Best Practices Stateful Failover Stateless Failover Loss of Connection Detection Mechanism Stateless Failover Mechanism Options Chapter 7 Troubleshooting IPsec VPN on PIX Firewalls Overview of IPsec Protocol Diagnostic Commands and Tools show Commands debug Commands Categorization of Problem Areas LAN-to-LAN Troubleshooting Configuration Steps Troubleshooting Steps Remote Access VPN Troubleshooting Configuration Steps Troubleshooting Steps Case Studies Common Problems and Resolutions NAT with IPsec Issues NAT in the tunnel End Point NAT Device In the Middle of Tunnel End Points Firewall and IPsec Maximum Transmission Unit (MTU) Issues Split Tunneling Issues Best Practices Dead Peer Discovery (DPD) Reverse Route Injection (RRI) Stateful Failover For VPN Connections Chapter 8 Troubleshooting IPsec VPNs on VPN 3000 Series Concentrators Diagnostic Commands and Tools Debug Tool Monitoring Tool Administer Sessions Configuration Files LED Indicators Crash Dump File VPN Client Log Analysis of Problem Areas LAN-to-LAN Tunnel Issues Configuration Steps Troubleshooting Steps Remote Access VPN Connection Configuration Steps Troubleshooting Steps Digital Certificate Issues Digital Certificate on the VPN Client Digital Certificate on the VPN Concentrator Case Studies Clientless SSL VPN Configuration Steps for Basic SSL VPN Connection Troubleshooting Steps for Basic SSL VPN Connection Configuration Steps for Web Server Access Troubleshooting Steps For Web Server Access Configuration Steps for CIFS Access Troubleshooting Steps for CIFS Access Thin Client Configuration Steps for Port Forwarding Java Applet Debugging Troubleshooting Steps for Port Forwarding Configuration Steps for MAPI Proxy Troubleshooting Steps for MAPI Proxy Configuration Steps for E-mail Proxy Troubleshooting Steps for E-mail Proxy Thick Client (SSL VPN Client) Configuration Steps for SSL VPN Client Troubleshooting Steps for SSL VPN Client (SVC) Common Problems and Resolutions Best Practices Redundancy Using VRRP Redundancy and Load Sharing Using Clustering Redundancy Using IPsec Backup Servers Part IV Troubleshooting Network Access Control Chapter 9 Troubleshooting AAA on IOS Routers Overview of Authentication, Authorization, and Accounting (AAA) AAA Architecture AAA Communication Protocols TACACS+ RADIUS Difference between RADIUS and TACACS+ Diagnostic Commands and Tools show Commands debug Commands Analysis of Problem Areas Router Management Troubleshooting Login Authentication Configuration Steps Troubleshooting Steps Enable Password Authentication Exec Authorization Command Authorization Accounting Dialup Networking Troubleshooting Authentication and Authorization for Dialup Networking Accounting for Dialup Networking X-Auth Troubleshooting for IPsec Auth-proxy Troubleshooting Case Studies Router Configuration LAC Configuration RADIUS Server Configuration LAC RADIUS Configuration LNS RADIUS Configuration Troubleshooting Steps LAC Router Troubleshooting LNS Router Troubleshooting Common Problems and Resolutions Best Practices Chapter 10 Troubleshooting AAA on PIX Firewalls and FWSM Overview of Authentication, Authorization, and Accounting (AAA) Authentication Authorization Authorization for an Administrative Session Authorization for VPN Connection (X-Auth) Accounting Diagnostic Commands and Tools show commands debug Commands Syslog Other Useful Tools Problem Areas Analysis Firewall Management with AAA Troubleshooting Login Authentication Issues Enable Authentication Command Authorization Troubleshooting Steps Accounting Cut-Through Proxy Authentication Authentication for Cut-Through Proxy Troubleshooting Cut-Through Proxy Authentication Authorization for Cut-Through Proxy Accounting for Cut-Through Proxy Extended Authentication (X-Auth) Issues for Remote Access VPN Connection Configuration Steps Troubleshooting Techniques Case Studies Case Study 1: AAA Exemption Case Study 2: Virtual Telnet Configuring Virtual Telnet Troubleshooting Virtual Telnet Case Study 3: Virtual HTTP Common Problems and Resolutions Best Practices Chapter 11 Troubleshooting AAA on the Switches Overview of AAA Switch Management Identity-Based Network Services (IBNSs) IEEE 802.1x Framework Extensible Authentication Protocol (EAP) RADIUS IN 802.1x What Is Authenticated Machine Authentication Authorization Accounting Extension of IEEE 802.1x Standard by Cisco IBNS Initiative Diagnostic Commands and Tools Switch Management Identity-Based Network Services (IBNSs) Categorization of Problem Areas Switch Management Troubleshooting Login Authentication Enable Password Authentication Authorization Accounting Identity-Based Network Services (IBNSs) Configuration Steps Authorization Troubleshooting Steps Case Studies Configuring Automatic Client Enrollment on AD and Installing a Machine Certificate on a Windows Client Generating and Installing the CA Root Certificate on the ACS Server Generating and Installing an ACS Server Certificate on the ACS Server Common Problems and Resolutions Best Practices For Switch Management For Identity-Based Network Services (IBNSs) Chapter 12 Troubleshooting AAA on VPN 3000 Series Concentrator AAA Implementation on the Concentrator VPN Concentrator Management Tunnel Group and User Authentication Diagnostic Commands and Tools Analysis of Problem Areas VPN Concentrator Management Troubleshooting Configuration Steps Group/User Authentication (X-Auth) Troubleshooting Both Group and User Authentication Are Performed Locally on the VPN 3000 Concentrator Group Authentication Is Done Locally and No User Authentication Is Done Group Authentication Is Done Locally on VPN 3000 Concentrator and User Authentication Is Done with RADIUS Server Group Authentication Is Done with a RADIUS Server and User Authentication Is Done Locally Both Group and User Authentications Are Performed with the RADIUS Server User Is Locked to a Specific Group Dynamic Filters on the VPN 3000 Concentrator Configuration of Dynamic Filters on CiscoSecure ACS Troubleshooting Steps Case Studies VPN 3000 Concentrator Configuration Group Configuration on the VPN 3000 Concentrator Defining the CS ACS RADIUS Server on VPN 3000 Concentrator CS ACS Windows Configuration AAA Client Definition for VPN 3000 Concentrator Configuring the Unknown User Policy for Windows NT/2000 Domain Authentication Testing the NT/RADIUS Password Expiration Feature Common Problems and Resolutions Best Practices Chapter 13 Troubleshooting Cisco Secure ACS on Windows Overview of CS ACS CS ACS Architecture The Life of an AAA Packet in CS ACS Diagnostic Commands and Tools Reports and Activity (Real-time Troubleshooting) Radtest and Tactest Package.cab File Categorization of Problem Areas Installation and Upgrade Issues CS ACS on Windows Platform CS ACS with Active Directory Integration Configuration Steps Troubleshooting Steps CS ACS with Novell NDS Integration Configuration Steps Troubleshooting Steps CS ACS with ACE Server (Secure ID [SDI]) Integration Installation and Configuration Steps Troubleshooting Steps Replication Issues Configuration Troubleshooting Steps Network Access Restrictions (NARs) Issues Configuration Steps Troubleshooting Steps Downloadable ACL Issues Downloading ACL per User Basis Using Filter-id Using Cisco AV-Pair Using Shared Profile Components Troubleshooting Steps Case Studies Back Up and Restore the CS ACS Database Creating a Dump Text File User/NAS Import Options Import User Information Import NAS Information Compact User Database Export User and Group Information Common Problems and Resolutions Best Practices Part V Troubleshooting Intrusion Prevention Systems Chapter 14 Troubleshooting Cisco Intrusion Prevention System Overview of IPS Sensor Software IPS Deployment Architecture IPS Software Building Blocks MainApp AnalysisEngine CLI Communication Protocols Modes of Sensor Operation Inline Mode Inline Bypass Mode Promiscuous Mode Combined Modes Hardware and Interfaces Supported Diagnostic Commands and Tools show Commands show version show configuration show events show statistics service show interfaces show tech-support cidDump Script tcpdump command iplog packet Command Classification of Problem Areas Initial Setup Issues User Management Issues Creation and Modification of User Profiles Creating the Service Account Software Installation and Upgrade Issues Obtaining Sensor Software IPS Software Image Naming Conventions Installing or Re-imaging the IPS Appliances System Image Disaster Recovery Plan Upgrading Major/Minor Software or Service Pack/Signature Update Upgrading to IPS 5.0 Licensing Issues How Do I Know if I have A Valid License? How to Procure The License Key From Cisco.com Licensing the Sensor Communication Issues Basic Connectivity Issues Connectivity Issues Between IPS Sensor and IPS MC or IDM Connectivity Issues Between IPS Sensor and Security Monitor Issues with Receiving Events on Monitoring Device SensorApp Is Not Running Physical Connectivity, SPAN, or VACL Port Issues Unable to See Alerts Blocking Issues Types of Blocking ACL or VACL Consideration on the Managed Devices Supported Managed Devices and Versions Proper Planning for Blocking Master Blocking Sensor (MBS) Configuration Steps for Blocking Configuring Steps for the Master Blocking Sensor (MBS) Troubleshooting Steps for Blocking TCP Reset Issues Inline IPS Issues Configuration Steps Troubleshooting Steps Case Studies Capturing IPS Traffic with a Hub Capturing IPS Traffic with SPAN SPAN Terminology SPAN Traffic Types SPAN on Catalyst 2900/3500XL SPAN on Catalyst 2950, 3550 and 3750 SPAN on Catalyst 4000/6000 with Cat OS SPAN on Catalyst 4000/6000 with Native IOS Capturing IPS Traffic with Remote SPAN (RSPAN) Hardware Requirements Configuration Steps Capturing IPS Traffic with VACL Capturing IPS Traffic with RSPAN and VACL Capturing IPS Traffic with MLS IP IDS Common Problems and Their Resolution Best Practices Preventive Maintenance Creation of Service Account Back up a Good Configuration Recommendation on Connecting Sensor to the Network Recommendation on Connecting the Sniffing Interface ppof the Sensor to the Network Rating IPS Sensor Recommendation on Connecting Command and Control Interface Recommendation on Settings of Signature on Sensor Recommendation on Inline-Mode Deployment Chapter 15 Troubleshooting IDSM-2 Blade on Switch Overview of IDSM-2 Blade on the Switch Software and Hardware Requirements Slot Assignment on the Switch Front Panel Indicator Lights and How to Use Them Installing the IDSM-2 Blade on the Switch Removing the IDSM-2 Blade from the Switch Ports Supported on IDSM-2 Blade Diagnostic Commands and Tools show Commands in Both Modes show Commands in CatOS show Commands in Native IOS Common Problems and Resolutions Hardware Issues IDSM-2 Hardware Issues on Native IOS IDSM-2 HW Issue on CatOS Communication Issues with IDSM-2 Command and Control Port Configuration Steps Troubleshooting Steps Failing to Get Traffic from the Switch with Promiscuous Mode Configuration Steps Troubleshooting Steps Issues with Inline Mode Not Generating Events Issues TCP Reset Issues Case Study How to Re-image the IDSM-2 with System Image How to Upgrade the Maintenance Partition How to Upgrade the Signature/Service Packs/Minor/Major Software Upgrade How to Upgrade the IDSM-2 Blade from IDSM 4.x to 5.x Common Problems and Resolutions Best Practices Chapter 16 Troubleshooting Cisco IDS Network Module (NM-CIDS) Overview of NM-CIDS on the Router Software and Hardware Requirements Front Panel Indicator Lights and How to Use Them Slot Assignment on the Router Installing NM-CIDS Blade on the Router Removing NM-CIDS Blade from the Router Ports Supported on NM-CIDS Diagnostic Commands and Tools Common Problems and Resolutions Hardware Issues NM-CIDS Console Access Issues Assigning IP Address to the IDS-Sensor Interface on the Router Connecting to NM-CIDS Disconnecting from NM-CIDS Troubleshooting Console Access Issues Communication Issues with NM-CIDS Command and Control Port Issues with Not Receiving Traffic from the Router Using the Sniffing Port Configuration Steps Troubleshooting Steps Managing NM-CIDS from an IOS Router Software Installation and Upgrade Issues Case Studies CEF Forwarding Path IPS Insertion Points Network Address Translation (NAT) Encryption Access List Check IP Multicast, UDP Flooding, IP Broadcast Generic Routing Encapsulation (GRE) Tunnels Address Resolution Protocol (ARP) Packets Packets Dropped by the IOS Forwarding the Packets to the IDS at a Rate Higher Than the Internal Interface Can Handle Common Problems and Resolutions Re-imaging the NM-CIDS Application Partition Performing the Re-image of Application Partition Troubleshooting Steps Configuring Time on the NM-CIDS Default Behavior for Time Setting on NM-CIDS Using Network Time Protocol (NTP) Server Best Practices Chapter 17 Troubleshooting CiscoWorks Common Services Overview of CiscoWorks Common Services Communication Architecture User Management on CiscoWorks Common Services Diagnostic Commands and Tools How to Collect mdcsupport on a Windows Platform Categorization and Explanation of MDCSupport-Created Log Files Categorization of Problem Areas Licensing Issues Registration for CiscoWorks Common Services Installing/Upgrading the License Key for CiscoWorks Common Services Registration for the Management Center for Cisco Security Agents (CSA MC) Installing the License Key for the Management Center for ppCisco Security Agents (CSA MC) Common Licensing Issues and Work-Arounds Installation Issues Installation Steps Troubleshooting Installation Problems User Management Issues Database Management Issues CiscoWorks Common Services Backup CiscoWorks Common Services Restore Case Studies Common Problems and Resolutions Best Practices Chapter 18 Troubleshooting IDM and IDS/IPS Management Console (IDS/IPS MC) Overview of IDM and IDS/IPS Management Console (IDS/IPS MC) IDS/IPS MC and Security Monitor Processes Communication Architecture Diagnostic Commands and Tools Audit Reports MDCSupport File How to Collect MDCSupport on a Windows Platform What to Look for and What Is Important in the MDCSupport File Enable Additional Debugging on IDS/IPS MC Analysis of Problem Areas Important Procedures and Techniques Verifying Allowed Hosts on the Sensor Adding Allowed Hosts on the Sensor Verifying the SSH and SSL Connection Between IDS/IPS MC and ppa Sensor Resolving SSH and SSL Connection Problems Between IDS/IPS MC and ppa Sensor Verifying If the Sensor Processes Are Running Verifying That the Service Pack or Signature Level Sensor Is Running Verifying the Service Pack or Signature Level on IDS/IPS MC Verifying That the IDS/IPS MC (Apache) Certificate Is Valid Regenerating IDS/IPS MC (Apache) Certificate Resolving Issues with the IDS/IPS Sensor Being Unable to Get ppthe Certificate Changing the VMS Server IP Address Manually Updating the Signature Level on the Sensor Unable to Access the Sensor Using IDM IDS/IPS MC Installation and Upgrade Issues IDS/IPS MC Licensing Issues Corrupted License Determining If a License Is Expired Importing Sensor Issues with IDS/IPS MC Configuration Steps Troubleshooting Steps Signature or Service Pack Upgrade Issues with IDS/IPS MC Upgrade Procedure Troubleshooting Steps Configuration Deployment Issues with IDS/IPS MC Configuration Steps Troubleshooting Steps Database Maintenance (Pruning) Issues Case Study Launch the Attack and Blocking Troubleshooting Steps Common Problems and Resolutions Best Practices Chapter 19 Troubleshooting Firewall MC Overview of Firewall MC Firewall MC Processes Communication Architecture Diagnostic Commands and Tools Collecting the Debug Information (Diagnostics) Using GUI Using CLI What Does the CiscoWorks MDCSupport Utility Generate? Other Useful Log Files Not Collected by mdcsupport Analysis of Problem Areas Installation Issues Installation Verifications Installation Troubleshooting Initialization Issues Browser Issues Authentication Issues Firewall MC Authenticated by the Firewall During Configuration ppImport and Deployment Firewall MC Authenticated by the Auto Update Server During ppConfiguration Deployment Firewalls Authenticated by the Auto Update Server During Configuration or ppImage Pulling Activity and Job Management Issues Unlocking of an Activity Stopping a Job from Being Deployed Device Import Issues Configuration Generation and Deployment Issues Firewall MC is Unable To Push the Configuration to the AUS Getting "Incomplete Auto Update Server contact info." Message when ppPushing The Configuration to AUS Memory Issues with Firewall Services Module (FWSM) during ppDeployment Database Management Issues Backing up and Restoring Databases Scheduling Checkpoint Events for the Database Compacting a Database for Performance Improvement Disaster Recovery Plan Common Problems and Resolutions Best Practices Chapter 20 Troubleshooting Router MC Overview of Router MC Router MC Processes Communication Architecture Features Introduced on Different Versions of Router MC Diagnostic Commands and Tools Setting the Logging Level Collecting the Debug Information (Diagnostics) Using a Graphic User Interface Using a Command Line Interface Collecting the Router MC Database Using the Log Files Reports Analysis of Problem Areas Installation and Upgrade Issues Initialization Issues Browser Issues Authentication Issues Authentication Issues with the Router MC Authentication Issues with the Managed Device Using SSH Activity and Job Management Issues Device Import Issues Configuration Generation and Deployment Issues Database Management Issues Backing up and Restoring Database Troubleshooting Router MC Backup/Restore Operations Case Study Understanding User Permissions CiscoWorks Server Roles and Router MC Permissions ACS Roles and Router MC Permissions Setting up Router MC to Work with ACS Step 1: Define the Router MC Server in ACS Step 2: Define the Login Module in CiscoWorks as TACACS+ Step 3: Synchronize CiscoWorks Common Services with the ppACS Server Configuration Step 4: Define Usernames, Device Groups, And User Groups in ACS Best Practices Chapter 21 Troubleshooting Cisco Security Agent Management Console (CSA MC) and CSA Agent Overview of CSA MC and Agent Management Model for CSAgent CSA MC Directory Structure Communication Architecture How Cisco Security Agents Protect Against Attacks Diagnostic Commands and Tools CSA MC Log Windows System Information Server Selftest Information CSA MC Log Directory CSA Agent Log CSA Agent Log Directory Turning on Debug Mode Details Log-csainfo.log file Logs for Blue Screen Rtrformat Utility Additional Logs Controlled by the Sysvars.cf file Categorization of Problem Areas Installation and Upgrade Issues New Installation Issues with CSA MC New Installation Issues with CSAgent Upgrade Issues with CSA MC CSAgent Update Issues Licensing Issues How to Procure the License How to Import the License Determining the Number of Desktop/Server Licenses That Are in Use Troubleshooting Licensing Issues CSA MC Launching Issues CSA MC Not Launching CSA MC Is Launching, but Slowly CSAgent Communication, Registration, and ppPolling Issues with CSA MC Application Issues with CSAgent How to Create Exceptions How to Disable Individual CSAgent Shims Disabling csauser.dll Creating Buffer Overflow Exclusions Troubleshooting Steps Report Generation Issues Profiler Issues Database Maintenance Issues Disaster Recovery Plan (DRP) for CSA MC Purging Events from the Database Compacting the Database Checking and Repairing the CSA MC MSDE Database Common Problems and Resolutions Best Practices Recommendation on Installation Test Mode Disaster Recovery for CSA Chapter 22 Troubleshooting IEV and Security Monitors Overview of IEV and Security Monitor Communication Architecture How Does It Work? RDEP/SDEE Collector Management XML Parsing Alert Inserter IDS/IPS MC and Security Monitor Processes User Management for Security Monitor Diagnostic Commands and Tools Categorization of Problem Areas Installation Issues Issues with Launching DNS Issues Issues with Enabling SSL Getting Internal Server Error While Opening Security Monitor Security Monitor Takes a Long Time to Launch Page Cannot Be Found Error While Trying to Launch Security Monitor IDS/IPS MC Launches But Security Monitor Does Not Security Monitor Behaves Strangely Licensing Issues Device Management Issues Importing IDS Sensors from IDS/IPS MC Adding Other Devices IEV and Security Monitor Connect with Sensor Notification Issues Event Viewer Issues Launching the Event Viewer Using the Event Viewer Generating Events for Test Troubleshooting Steps Report Generation Issues Report Generation Fails Report Fails to Complete Database Maintenance Issues Proactive Measures Immediately After Installing the Security Monitor Reactive Measures During Run Time Case Study Configuration Steps Troubleshoot E-mail Notification Common Problems and Resolutions Best Practicesshow more

Rating details

1 ratings
1 out of 5 stars
5 0% (0)
4 0% (0)
3 0% (0)
2 0% (0)
1 100% (1)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X