danh sách chữ ký để phát hiện các cuộc tấn công có thể có hoặc các hoạt động đáng ngờ. Khi một cuộc tấn công được phát hiện, tùy thuộc vào như thế nào IDS đã được cấu hình, IDS sẽ đăng nhập một báo động đến máy chủ syslog hoặc một giám đốc Cisco Netranger, | Router Security Configuration Guide signature list in order to detect possible attacks or suspicious activity. When an attack is detected depending on how the IDS was configured the IDS will log an alarm to the syslog server or a Cisco Netranger Director drop the packet and or reset a TCP session. This section presents only a brief overview of the IDS facility for more details consult the Traffic Filtering and Firewalls section of the Cisco IOS Security Configuration Guide in the IOS documentation . . Configuring the IOS Intrusion Detection System Only those IOS releases marked Firewall IDS support the IDS features described in this section. Before attempting to configure the IDS features make sure that your router supports them by attempting to execute a simple IDS command. The first example below shows the response to an IDS command from a version of IOS with IDS support South and the second the response from an IOS without IDS support Central . South show ip audit all Event notification through syslog is enabled Event notification through Net Director is disabled South versus Central show ip audit all Invalid input detected at A marker. Central If your router does not support the Firewall IDS facility it may be possible for you to upgrade your router to a release that does. See Section for information on loading IOS upgrades and Section for information on IOS versions. Once you have determined that a particular router supports the IDS facilities follow the three steps outlined below to configure them. First initialize the IDS facility. Second initialize the Post Office the IDS logging facility. Third configure and apply the audit rules. After you ve configured everything it is good practice to confirm that the IDS facility is working. Step 1 - Initialization You must initialize the IDS facility before configuring it. facility is to set a parameter on one of the IDS signatures. recommends using the command below. South config t Enter .
