Solved: Re: Automatic update for IPS on Cisco`s site

rodrigo.cisco · ‎10-16-2008

Hi all,

with Cisco Service for IPS active my IPS that run in ASA module will be able to download the signatures on Cisco`s Web site and update them alone?

thanks for your help. "Together we are even better"

uchimaku · ‎10-16-2008

Yes, If you are running IPS 6.1(1) you can configure a schedule on the sensor to check for any signature updates on CCO , download and install them.

View solution in original post

uchimaku · ‎10-16-2008

Yes, If you are running IPS 6.1(1) you can configure a schedule on the sensor to check for any signature updates on CCO , download and install them.

Farrukh Haroon · ‎10-18-2008

But please note that even tough its 'possible', its always better to do this manually. Sometimes some signatures generate a lot of false positives and its a good idea to check here on netpro and other places for any problems others are facing before applying signature updates (in production). However most signatures only produce alerts, so its just the noise that will worry ya and 'usually' signature updates don't break anything on the network.

Regards

Farrukh

rodrigo.cisco · ‎10-18-2008

Farrukh, Tks for you answer!!!

Could you explain me better why the signature update usually dont break anything? All this (security world) is very new for me.

Thanks you so much

Rodrigo Alves

Farrukh Haroon · ‎10-18-2008

Rodrigo that is the case because Cisco usually keeps signatures to only 'Product Alert' by default, and no block/deny actions are performed. The only notable exception is the TCP normalization engine.

Regards

Farrukh