Cisco IDS sensors have inherant 'access control lists' (if you will) that can control who can and cannot attempt to remotely manage them. My question is, with configured access parameters, is there any IDS alarm that will trigger an event (to which, notification in the form of logging to the event console, sending an email, etc.) that notifies the sensor administrator that someone is attempting to access the sensor?
I would find it beneficial to know if any internal employees are "knocking on the door" of the sensor's command and control interface. If there is going to be access control, there should also be some sort of accounting. I'd like to be able to view both a LOG of attempted (failed) accesses to my sensors and/or have an event triggered.
Re: Alarm(s) for attempted access to the sensor(s)?
There is no exact feature like that, mostly because the packetd deamon is usually associated with the sniffing interface. In this situation there is no ip address to access it on. Usually the command and control interface is out of band and in it's own protected vlan. You can restrict as you say with tcp wrappers on the box itself however unless you designate the sniffing interface for the cmd and control interface you will not get alarms.
If you want to know which ip is accessing your sensor then I suggest you create an access-list on the vlan interface restrict to known ip addreses and log the denies.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :