01-30-2011 09:19 PM - edited 03-10-2019 05:15 AM
Dear all,
When I log on to the IPS module of my ASA, i see many signatures with with risk rating of HIGH but they are not activated(ENABLED). I dould if it is advisable to activate all those signatures with risk rating of HIGH in the IPS. I believe if those signatures have risk rating of HIGH, then they should all be enable to fight against security threat.Will it cause performance degredation if all of them are enable? or will it block some legitimate traffic if all are enabled to fight thrreat?
I will be very grateful for your help.
Kind regards.
Solved! Go to Solution.
01-31-2011 07:25 AM
No, it is definitely not recommended to enable all signatures on the IPS. It will definitely cause performance degradation as it is not meant to be all enabled.
Cisco IPS team has pre-enabled signatures that are current and tweak the signatures on every signature update if it is deemed to be of high security risk. Those that have been disabled are likely to be old signatures that are no longer current at this stage unless you don't patch your end hosts. IPS will monitor and/or block threats however, it is still the responsibility of the host administrator to patch the hosts. IPS will only prevent and provide you guidance to patch the end hosts.
02-02-2011 11:24 AM
Great to hear, thanks. Please kindly mark the post as answered so others can learn through your post. Thank you.
02-05-2011 05:53 AM
Claude,
To mark and rate the answer pls. follow this simple step:
https://supportforums.cisco.com/docs/DOC-6022#discussions_correct
-KS
01-31-2011 07:25 AM
No, it is definitely not recommended to enable all signatures on the IPS. It will definitely cause performance degradation as it is not meant to be all enabled.
Cisco IPS team has pre-enabled signatures that are current and tweak the signatures on every signature update if it is deemed to be of high security risk. Those that have been disabled are likely to be old signatures that are no longer current at this stage unless you don't patch your end hosts. IPS will monitor and/or block threats however, it is still the responsibility of the host administrator to patch the hosts. IPS will only prevent and provide you guidance to patch the end hosts.
02-02-2011 10:46 AM
Jennifer,
Thanks very much for the explanations. I have learnt a lot from what your response.
Regards
02-02-2011 11:24 AM
Great to hear, thanks. Please kindly mark the post as answered so others can learn through your post. Thank you.
02-03-2011 11:20 PM
Dear all,
This question has been answered
Kind Regards
02-05-2011 05:53 AM
Claude,
To mark and rate the answer pls. follow this simple step:
https://supportforums.cisco.com/docs/DOC-6022#discussions_correct
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide