Introduction

Sensor initialization is the first step in deploying a Cisco IDS sensor. Cisco also refers to this as bootstrapping the sensor. Once you have decided where the sensor will be placed on your network (in front of, or behind, your firewall) and racked the sensor, you will need to perform a few configuration steps. In this chapter, we show you how to identify the sensors and the interfaces on each. You will also learn different methods of connecting to the sensor during the initialization process.

There are only a handful of commands that can be used with the command-line interface but they do everything you need to get the system up and online. We will explain each of those commands and what they are used for. One of the most important commands we'll explore is sysconfig-sensor. It provides you with a menu that allows you to configure the sensor name, IP address, network mask, default route, some basic access controls, and the communications infrastructure of the sensor. You will also learn about the two user accounts on the Cisco IDS root and netrangr what they are, and why you want to log in as one or the other.

Once the initialization process is complete and you have become familiar with the accounts and commands they perform, we will take you through the process of how to recover the sensor using a recovery partition CD-ROM. You may even need to know how to recover passwords. Thus, we'll discuss how to get...