IPS: Intrusion Detection systems
Results 1 to 6 of 6

Thread: IPS: Intrusion Detection systems

  1. #1
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171

    IPS: Intrusion Detection systems

    02/16/05

    Intrusion prevention systems provide an active line of defense

    By William Jackson
    GCN Staff

    SAN FRANCISCO—Squeezed for time and manpower, IT administrators are moving beyond intrusion detection systems, implementing tools to automatically block intrusions.

    http://www.gcn.com/vol1_no1/daily-updates/35069-1.html
    Intrusion prevention systems provide an active line of defense






    I think this is the right forum.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Intrusion Prevention Systems are pretty sweet. I have Cisco's IPS implemented on my home network. I've had little problems with it as far as false positives. You just have to remember to update their signature files (no autoupdate at this point). You can also create your own signatures. I've put in a couple of my own signatures just for testing it out.

    The main problems I've had with it, is the obvious fail closed. I've had problems with the IPS triggering an event and it drops esmtp traffic. I disabled that in my policy because it was generating a lot of alerts.

    Another thing is that when I tried to scan from my network out onto the internet (nmap, nessus, etc.) it would drop the traffic. It is designed to do this... so I just set it to alert me for outbound instead of drop.

    I rarely see anything on the inbound side. I have ACLs put first and then the IPS rules.
    The only alerts/drops I've seen are worms that try to attack web servers.

    If I disable my inbound ACLs or move the ACL placement, the alarm bells start ringing!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Junior Member
    Join Date
    Feb 2005
    Posts
    6
    phishphreek80,

    Im intreasted to know which one, is it in the Cisco IPS 4200 Series?

  4. #4
    Senior Member Kite's Avatar
    Join Date
    Jan 2005
    Location
    Underground Bunker, somewhere in Antarctica
    Posts
    109
    im wondering if we have one of those.
    I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
    -The Monarch.

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Originally posted here by Stephen12
    phishphreek80,

    Im intreasted to know which one, is it in the Cisco IPS 4200 Series?
    I'm actually using a Cisco 831 broadband router with the IP/FW/3DES Feature set.

    I had to upgrade the flash memeory becaues the latest SDM (security device manager) and IOS won't fit into flash without the upgrade.

    You can manage the IPS through a HTTPS session which is launched from within the SDM.

    I can't afford the big boys on my home network.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Junior Member
    Join Date
    Feb 2005
    Posts
    6
    Is it only cofigerable from the web interface or can you telnet or console into the router like other cisco routers?

    And on the orignial topic, IPS should not replace an IDS, it should be used as another tool to defend networks with. Asssuming its doing its job without auditing your isd and other logs could be a costly mistake.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides