Trying to restart IDS/CSPM

fhill · ‎03-13-2003

Hello all,

I am trying to resurrect my ids system after about a year of being dormant.

I know I need to upgrade my sensors 4230's - 2.5(1)S3 and CSPM 2.3i. Which do I do first? IS there any step-by-step instructions on TAC website? Right now when I try to configure my sensor version through CSPM i don't have 2.5(1)S3 as an option the highest is 2.5(1)S2. As a result when I try to do a save and update I get an error message "unable to realize parameter set - Invalid local postoffice organization name Unable to realize sensor's parameters."

Thanks,

Frank

vikrantarora · ‎03-14-2003

Download Signature Update 42 for CSPM 2.3.3i from :

http://www.cisco.com/cgi-bin/tablebuild.pl/cspm

To begin ids managment frm cspm, follow steps given at:

http://www.cisco.com/en/US/products/sw/secursw/ps2133/products_user_guide_chapter09186a00800d9c82.html#79694

First of all you need to assign ip address and communication parameters for IDS and then bootstrap it. Then do a sensor discovery using topology wizard in CSPM.

Hope this helps

marcabal · ‎03-14-2003

1) Upgrade your sensor to 3.0(1)S4 using IDSk9-sp-3.0-1-S4.bin.

2) Upgrade your sensor to 3.1(2)S23 using IDSk9-sp-3.1-2-S23.bin.

3) Upgrade your sensor to 3.1(3)S31 using IDSk9-sp-3.1-3-S31.bin.

4) Upgrade your sensor to 3.1(3)S42 using IDS-sig-3.1-3-S42.bin.

Now your sensor is running the latest version.

5) Uninstall the 2.3i CSPM, but be sure to keep a copy of the license file you have because you will need it in the new version.

(NOTE: If you want to save the configs you can export the cpm file and import into the new version. But if your config is old I would recommend just uninstalling and starting with a new config after the upgrade.)

6) Download and install the latest CSPM version 2.3.5i using your older license file.

7) Download and install the latest CSPM signature update S42 (note the sig update says it is for 2.3.3i but will also work with the newer 2.3.5i)

Now your CSPM is running the latest version.

8) Add the sensor to CSPM as if it is a new sensor.

9) Push an initial configuration from CSPM to get things started.

Now you can begin using your updated system

Here are some links for you:

Main download site(all of the remaining links can be reached from this page):

http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/

3.x Sensor Update page (for downloadin the multiple sensor updates):

http://www.cisco.com/cgi-bin/tablebuild.pl/ids3-app

CSPM upgrade page (for downloading the 2.3.5i version):

http://www.cisco.com/cgi-bin/tablebuild.pl/cspm-3des

CSPM Signature Update page (for downloading the CSPM sig update):

http://www.cisco.com/cgi-bin/tablebuild.pl/cspm

kwonza · ‎04-14-2003

I am also bringing up our IDS. We have CSPM 2.3.3i. I wasn't aware that Cisco was continuing to send out updates to 2.3. Thought this product was end of cycle?

marcabal · ‎04-14-2003

I am not sure if CSPM has been officially End Of Saled, but users are encouraged to transition to IDS Management Center and Security Monitor.

New functionality is no longer being added to CSPM.

But fixes for major issues are still being done as part of the Cisco standard software support contracts.

CSPM 2.3.3i was the last version with new functionality.

CSPM 2.3.5i does not have any functionality that was not in 2.3.3i.

CSPM 2.3.5i does have a few bug fixes that are security relevant.

From the 2.3.5i readme:

CSCdy07563 - Report Viewing has security hole - A CSPM administrator with "Report-View-Only" privilege can bypass the login check and login as a "Full Control" administrator.

CSCdy07556 - Security hole in Apache (for CSPM I train)

So you can continue running 2.3.3i (as many people still do), or you can

upgrade to 2.3.5i to get the latest security bug fixes.