topic Re: Is there a good guide on configuring the IPS? in Network Security

Is there a good guide on configuring the IPS?

saidfrh — Sun, 10 Mar 2019 11:12:42 GMT

I "denied" IDs 1109/0, 1109/1, 1109/2, 1109/3, all Cisco IOS Interface DOS. The above was configured in the IDM>Configuration>Policies>Signature Definitions>sig0)>Active Signatures. Denying the above denied all Internet activity. How do I know which signatures to deny without bringing down necessary services?

2. Non of the Adware/Spyware signatures are marked as Deny in default configuration. Will Denying the above effecting network?

IDM>Configuration>Policies>Signature Definitions>sig>Adware/Spyware

3. Of the 3018 Viruses/Worms/Trojans signatures, only 3 have been configured by default to be denied. Common sense would dictate to deny all packets with above signatures. Would denying above packets effect the network or Internet connection?

Is there any good handbook/resource on configuring the IPS?

Thanks.

Said

Re: Is there a good guide on configuring the IPS?

mhellman — Wed, 23 Jul 2008 21:34:59 GMT

I don't know of a good resource.

I think you will find that people use different approaches to this depending on their tolerance for false positives and denying legitimate traffic. I work at a largish financial company, and I wouldn't dare enable a drop/deny action unless I knew it had a zero false positive rate. My assumption is simple...all signatures have false positives unless I can prove otherwise;-)

Re: Is there a good guide on configuring the IPS?

saidfrh — Thu, 24 Jul 2008 06:44:35 GMT

Thanks.