Educause Security Discussion mailing list archives
Re: Cisco ASA UPdates
From: Michael Grinnell <grinnell () AMERICAN EDU>
Date: Fri, 27 Mar 2009 10:51:52 -0400
On Mar 27, 2009, at 10:40 AM, Jeff Kell wrote:
Daly, Douglas wrote:I hope this is a simple request. Does anyone know of or have a script that will download and install the IPS signatures from Cisco for the ASA 5500 series running IDS/IPS? With the Conficker rumored to be ready to spring to life next week, this would be an ideal time to be sure the signatures are updated in a regular and timely fashion.There are several options... * Go to the IPS device manager (https: into your sensor... be sure you've enabled your IP to manage the sensor first). * Get IME from the Cisco site... Security Software... IDS/IPS... IPS Manager Express (I think it's called). You can configure options from there. Once you can "get to it"... you can: * update manually (both IPS manager and IME can push an update from a PC or pull from scp/http/ftp source, * schedule auto-update (can pull from scp/http/ftp source, or pull from Cisco if the sensor has outside access) Jeff
SysAdmin Mag had a good article a while back: http://www.lhb-consulting.com/pages/apps/IPSUpdate_Tool_article.html You may have to search the wayback machine to get the code samples though. Michael Grinnell Information Security Engineer The American University
Current thread:
- Cisco ASA UPdates Daly, Douglas (Mar 27)
- <Possible follow-ups>
- Re: Cisco ASA UPdates Jeff Kell (Mar 27)
- Re: Cisco ASA UPdates Michael Grinnell (Mar 27)