Re: Cisco ASA UPdates

[Michael Grinnell <grinnell () AMERICAN EDU>]

On Mar 27, 2009, at 10:40 AM, Jeff Kell wrote:

> Daly, Douglas wrote:
> > I hope this is a simple request.  Does anyone know of or have a
> > script
> > that will download and install the IPS signatures from Cisco for the
> > ASA 5500 series running IDS/IPS? With the Conficker rumored to be
> > ready to spring to life next week, this would be an ideal time to be
> > sure the signatures are updated in a regular and timely fashion.
>
> There are several options...
>
> * Go to the IPS device manager (https: into your sensor... be sure
> you've enabled your IP to manage the sensor first).
> * Get IME from the Cisco site... Security Software... IDS/IPS... IPS
> Manager Express (I think it's called).  You can configure options from
> there.
>
>
> Once you can "get to it"... you can:
>
> * update manually (both IPS manager and IME can push an update from
> a PC
> or pull from scp/http/ftp source,
> * schedule auto-update (can pull from scp/http/ftp source, or pull
> from
> Cisco if the sensor has outside access)
>
> Jeff


SysAdmin Mag had a good article a while back: http://www.lhb-consulting.com/pages/apps/IPSUpdate_Tool_article.html
You may have to search the wayback machine to get the code samples
though.

Michael Grinnell
Information Security Engineer
The American University