Can you clarify what you mean by minimum components? For example, do
you mean the minimum number of processes running on a sensor, or the
minimum configuration actions, or something else? Are you referring to 3.x
sensors or the new 4.0 sensor?
Here is my best answer, absent other information:
For a 3.x sensor, at the minimum, the PIX needs to have a 3DES license and
configured to allow ssh connections on the outside interface or telnet
connections on the inside interface. The PIX should be running at least
version 6.0. Note: there is an engineering build of the process nr.managed
that can connect to a PIX with a DES license, but it requires a manual
configuration step. This build also fixes a bug that would otherwise
prevent a sensor from connecting via telnet to a 6.2.1 or later PIX. If using
SSH, it necessary to connect to the PIX from the sensor command line
one time before the sensor can connect. Also you will need to configure
the pix interface IP, username, password, and enable password using
the sensor management software. If the PIX RSA key or interface IP
is changed for any reason, then you need to delete the PIX entry from the
SSH known_hosts file and repeat the manual connection.
For a 4.0 sensor, at the minimum, the same PIX requirements apply.
On the sensor, the same requirements apply except that instead of a
manual connection you need to add the PIX interface IP as a trusted
host.
Finally, you must configure one or more signatures to shun the attacker
when they are fired. Of course the signature must be enabled as well.
This is done via the management software.