Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1304
Views
0
Helpful
5
Replies

How to tune the signatures of AIP-SSM-20

Go to solution
claude.fozao
Level 1
Level 1

‎01-30-2011 09:19 PM - edited ‎03-10-2019 05:15 AM

Dear all,

When I log on to the IPS module of my ASA, i see many signatures with with risk rating of HIGH but they are not activated(ENABLED). I dould if it is advisable to activate all those signatures with risk rating of HIGH in the IPS. I believe if those signatures have risk rating of HIGH, then they should all be enable to fight against security threat.Will it cause performance degredation if all of them are enable? or will it block some legitimate traffic if all are enabled to fight thrreat?

I will be very grateful for your help.

Kind regards.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-31-2011 07:25 AM

No, it is definitely not recommended to enable all signatures on the IPS. It will definitely cause performance degradation as it is not meant to be all enabled.

Cisco IPS team has pre-enabled signatures that are current and tweak the signatures on every signature update if it is deemed to be of high security risk. Those that have been disabled are likely to be old signatures that are no longer current at this stage unless you don't patch your end hosts. IPS will monitor and/or block threats however, it is still the responsibility of the host administrator to patch the hosts. IPS will only prevent and provide you guidance to patch the end hosts.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to claude.fozao

‎02-02-2011 11:24 AM

Great to hear, thanks. Please kindly mark the post as answered so others can learn through your post. Thank you.

View solution in original post

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to claude.fozao

‎02-05-2011 05:53 AM

Claude,

To mark and rate the answer pls. follow this simple step:

https://supportforums.cisco.com/docs/DOC-6022#discussions_correct

-KS

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-31-2011 07:25 AM

No, it is definitely not recommended to enable all signatures on the IPS. It will definitely cause performance degradation as it is not meant to be all enabled.

Cisco IPS team has pre-enabled signatures that are current and tweak the signatures on every signature update if it is deemed to be of high security risk. Those that have been disabled are likely to be old signatures that are no longer current at this stage unless you don't patch your end hosts. IPS will monitor and/or block threats however, it is still the responsibility of the host administrator to patch the hosts. IPS will only prevent and provide you guidance to patch the end hosts.

0 Helpful

Go to solution
claude.fozao
Level 1
Level 1
In response to Jennifer Halim

‎02-02-2011 10:46 AM

Jennifer,

Thanks very much for the explanations. I have learnt a lot from what your response.

Regards

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to claude.fozao

‎02-02-2011 11:24 AM

Great to hear, thanks. Please kindly mark the post as answered so others can learn through your post. Thank you.

0 Helpful

Go to solution
claude.fozao
Level 1
Level 1
In response to Jennifer Halim

‎02-03-2011 11:20 PM

Dear all,

This question has been answered

Kind Regards

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to claude.fozao

‎02-05-2011 05:53 AM

Claude,

To mark and rate the answer pls. follow this simple step:

https://supportforums.cisco.com/docs/DOC-6022#discussions_correct

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card