|
-
February 17th, 2005, 04:59 AM
#1
IPS: Intrusion Detection systems
02/16/05
Intrusion prevention systems provide an active line of defense
By William Jackson
GCN Staff
SAN FRANCISCO—Squeezed for time and manpower, IT administrators are moving beyond intrusion detection systems, implementing tools to automatically block intrusions.
http://www.gcn.com/vol1_no1/daily-updates/35069-1.html
Intrusion prevention systems provide an active line of defense
I think this is the right forum.
-
February 17th, 2005, 05:35 AM
#2
Intrusion Prevention Systems are pretty sweet. I have Cisco's IPS implemented on my home network. I've had little problems with it as far as false positives. You just have to remember to update their signature files (no autoupdate at this point). You can also create your own signatures. I've put in a couple of my own signatures just for testing it out.
The main problems I've had with it, is the obvious fail closed. I've had problems with the IPS triggering an event and it drops esmtp traffic. I disabled that in my policy because it was generating a lot of alerts.
Another thing is that when I tried to scan from my network out onto the internet (nmap, nessus, etc.) it would drop the traffic. It is designed to do this... so I just set it to alert me for outbound instead of drop.
I rarely see anything on the inbound side. I have ACLs put first and then the IPS rules.
The only alerts/drops I've seen are worms that try to attack web servers.
If I disable my inbound ACLs or move the ACL placement, the alarm bells start ringing!
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 17th, 2005, 03:51 PM
#3
Junior Member
phishphreek80,
Im intreasted to know which one, is it in the Cisco IPS 4200 Series?
-
February 17th, 2005, 03:54 PM
#4
Senior Member
im wondering if we have one of those.
I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
-The Monarch.
-
February 17th, 2005, 04:29 PM
#5
Originally posted here by Stephen12
phishphreek80,
Im intreasted to know which one, is it in the Cisco IPS 4200 Series?
I'm actually using a Cisco 831 broadband router with the IP/FW/3DES Feature set.
I had to upgrade the flash memeory becaues the latest SDM (security device manager) and IOS won't fit into flash without the upgrade.
You can manage the IPS through a HTTPS session which is launched from within the SDM.
I can't afford the big boys on my home network. 
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 17th, 2005, 05:06 PM
#6
Junior Member
Is it only cofigerable from the web interface or can you telnet or console into the router like other cisco routers?
And on the orignial topic, IPS should not replace an IDS, it should be used as another tool to defend networks with. Asssuming its doing its job without auditing your isd and other logs could be a costly mistake.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote