Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS Management port

If you have an IPS sensor on the public part of your network (Perimeter) is it okay to have the Mgmt port plugged into the internal network?  i.e. can the Mgmt interface be used to facilitate an attack if the device was comprimised?

And does this answer apply to routers and ASA's also?

Thanks!

4 REPLIES
Gold

Re: IPS Management port

The management interface of any managed device should be on your management network. The sniffing (promiscious mode) or in-line interfaces should be relitively immune to attack (compared to a normal host interface, or even the management interface of the IPS sensor).

I worry more about the management interface of the sensors than the in-line interfaces. Cisco has been slow to adapt external authentication, password aging/enforcement etc.

- Bob

Cisco Employee

Re: IPS Management port

As an update to Bob's reply, RADIUS support for authentication was added in IPS release 7.0(4)E4.

There is also ehancements to defining password sizes, required number of special characters (digits, upper/lowercase, other) along with historical passwords remembered.

Scott

Gold

Re: IPS Management port

Does anyone know if Cisco has made IPv6 addressability of the management interface a committed feature yet?

I heard it was committed for support in some future version of CSM, but last I heard not the sensor software.

I have lots of IPv6 preperation to do this year, knowing these things would make my planning a little smoother.

- Bob

New Member

Re: IPS Management port

Bob,

There is a Bug ID (feature request) to add IPv6 management interface addresssing ability to the IPS sensors. The bug ID is: CSCsa60286

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCth75245

You should be able to follow this link, save the bug, and get updates if there are any changes (no updates for awhile now).

Regards,

JB

434
Views
0
Helpful
4
Replies