topic Adding a host IP under trusted host in IDSM in Network Security

Adding a host IP under trusted host in IDSM

shankar1023 — Sun, 10 Mar 2019 12:39:12 GMT

Could anyone let me know what is the use / impact of adding one host IP in IDSM under - configuration- trusted host? I am trying to add a host IP which is generating legitmate traffic(to exculde this IP from reporting), however, I would like to get more information that what exatctly will happen if I add this

Thank you,

Sankar

Adding a host IP under trusted host in IDSM

shankar1023 — Mon, 09 Apr 2012 10:25:10 GMT

Also, It says the below error when adding, please help on this

Adding a host IP under trusted host in IDSM

sawgupta — Mon, 09 Apr 2012 10:29:16 GMT

Well, IPS tries to connect on port 443 by defaut on the target IP address. If it is closed, you'll receive this error.

Alternatively, you can specify the port number in the command.

Regards,

Sawan Gupta

Adding a host IP under trusted host in IDSM

shankar1023 — Mon, 09 Apr 2012 10:30:44 GMT

This isnt the IPS device, its IDSM. also , I am trying to add a trusted host.

Adding a host IP under trusted host in IDSM

sawgupta — Mon, 09 Apr 2012 10:34:42 GMT

Right. The trusted-host should have port 443 open.

Once a trusted-host is added, then for future communication the stored key would be used.

Please have a look at the following link:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliTasks.html#wp1056053

Regards,

Sawan Gupta

Adding a host IP under trusted host in IDSM

shankar1023 — Mon, 09 Apr 2012 11:23:42 GMT

Can you please explain me about my initial query

Adding a host IP under trusted host in IDSM

sawgupta — Mon, 09 Apr 2012 11:58:56 GMT

Adding a host as trusted-host does not mean that the traffic from that host won't be analyzed.

If you trust the traffic from a source IP, do you see any false alerts being generated ?

Adding a host IP under trusted host in IDSM

shankar1023 — Mon, 09 Apr 2012 12:56:25 GMT

the traffic is not a false positive. I want to add the source/destination to the exclusion list so that I should not get this alrert from next time.My requirement it tell the IDSM to trust the traffic and do not declare it as malacious

Adding a host IP under trusted host in IDSM

sawgupta — Tue, 10 Apr 2012 06:51:31 GMT

Could you please tell us more about the network topology.

Regards,

Sawan Gupta

Adding a host IP under trusted host in IDSM

shankar1023 — Wed, 11 Apr 2012 06:45:19 GMT

The network topology is very simple, we have server forms connected via an IDSM which is acting as NIDS. it is detecting the malacious traffic on singnature based. I got a alert that one of the server is receving the SQL injection attack from an internet IP and I checked with the server owner and he confirmed that the traffic from the internet IP is legitimate. so I want to exclude this IP from the NIDS so that I will not get this alert from next time.

Adding a host IP under trusted host in IDSM

haivrajesh — Wed, 11 Apr 2012 20:11:16 GMT

Hi,

This case please disable the signature which is givinge alert.or tune the signature for ur server.

Regards

Rajeswar