About norriscr1

norriscr1 · 09-25-2006

Just wanted to get an idea of what others thought about signatures that are enabled by default with an action.In our environment we've already seen a few false positives but we have all signatures set for "alert only" for now. We got hit by the ASA ...

norriscr1 · 04-24-2007

Agreed...and note that some signature updates REQUIRE a certain service pack level to be installed.

norriscr1 · 04-12-2007

Agreed. While I think that control of "banned" apps. such as P2P, IM, etc., is best solved with a well written and enforced corporate policy, it's still nice to have the IDS be able to flag violations for us.For us enforcing the no IM/P2P is not a lo...

norriscr1 · 04-10-2007

Don't worry too much about shutting down "good" traffic. When you start you can set all signatures to "Produce Alert" only. That will give you some time to see what might get blocked if you enable packet dropping/blocking.Make sure you have given the...

norriscr1 · 04-10-2007

There's probably not a "1 size fits all" answer here. If you have unlimited $$$ then you could sprinkle sensors all over you network but I'm guessing that's not the case. As such your going to need to take a few steps that will help you design your I...

norriscr1 · 03-27-2007

!!! Just be careful running the "cl xlate" command in a production environment. That could really impact your current traffic and cause the phones to ring.

Member Since	‎09-25-2006 06:13 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	10
Total Helpful Votes Received	13

User Statistics

User Activity

Which School of thought for sig defaults.

Re: IDS/IPS Signatures Update

Re: Google Talk

Re: IDP IPS Design

Re: IDP IPS Design

Re: How to translate this