Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: IPS SIG's

IPS SIG's 9 years 3 months ago #22768

  • CSMGUY
  • CSMGUY's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Ok everyone I would like everyone’s help on this!! I am trying to put together a standard deployment guide image as you will for my customer or potential customer as I am a Consultant and I work in a lot of different environments but not all so I come to you the people for you expertise and experience with cisco IPS 6.x or 5.x so this is what I am looking for I am looking for sigs that you hade to turn off right away because A. it broke your environment B. slowed down your environment u do not need to tell me what your Config is or how you are setup im just trying to put together a data mold so that I may be able to put together a Config that will work right out of the box!!! :idea:



The CSMGUY
The administrator has disabled public write access.

Re: IPS SIG's 8 years 11 months ago #24535

  • ramasamy
  • ramasamy's Avatar
  • Offline
  • Frequent Member
  • Posts: 67
  • Karma: 0
Hi,

It is not recommended to use the same configuration file for all the IPS devices in different environment. First you need to study about the network architecture and the traffic which is flowing on the network.

Depending up on the network traffic flow you need to enable the right signature

For example in your office the web service is on IIS then you then you need to enable the IIS related signature and not the Apache related signature, in this way you can reduce the load on the device.

Make sure while creating the costume signature because it will lead to the high CPU utilization if you are not configuring it properly.

If you are using CISCO products then you can use the MySND to know more about the signature depending on that you can enable or disable the signature.

From version 6.x you can configure the virtual sensor and bind different interface pair to different virtual sensor.

For example you can assign 1 pair of interface to virtual sensor 1 and place it on internet segment, for that sensor enable the Virus, sperm, worm, http signatures etc.

Assign the other pair of interface to the 2nd virtual sensor and place it in the LAN segment which is not having Internet access and enable the right signature. So that no need to inspect all the traffic with all the signature.
The administrator has disabled public write access.
Time to create page: 0.073 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup