Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: IDS on RED, GREEN, ORANGE

IDS on RED, GREEN, ORANGE 11 years 5 months ago #8975

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
HI,

I have an ipcop (firewall) box. The question is: Should I enable IDS on RED? Why?

Should I enable IDS on GREEN? Why?

I have it enabled on green just to see if something shows up. I had it enabled on red, but had to disable it, as it would cause the system to halt (almost impossible to access any page on the web).
The administrator has disabled public write access.

Re: IDS on RED, GREEN, ORANGE 11 years 5 months ago #8987

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
I'm a bit puzzled as all the IDS (snort) on IPCOP does is monitor suspicious activity based on the currently installed snort rules. (http://www.snort.org/). It does not actually control or filter web access. A wild guess may be that there may be so much malicious activity going on that the logging is affecting the performance of your IPCOP. Are you running IPCOP on a very low spec machine?

As to whether to enable IDS on RED or GREEN. I would definitely enable on RED. If you suspect internal malicious activity, you can also enable on GREEN.
The administrator has disabled public write access.

Re: IDS on RED, GREEN, ORANGE 11 years 5 months ago #8990

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
You've answered my question. Thanks.

As to the slow response, I am still trying to find out what is causing it. I don´t think it has to do with IDS anymore.
The administrator has disabled public write access.

Re: IDS on RED, GREEN, ORANGE 11 years 5 months ago #8992

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Let us know if you find out what's causing the speed problems. I'm always looking for problems/solutions to file away in my "problems database".
The administrator has disabled public write access.

Re: IDS on RED, GREEN, ORANGE 11 years 5 months ago #8994

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
I narrowed down the problem to a bad or to big black list used with urlfilter. I had uploaded a 10MB list. I then uploaded a list from the university of tolouse, which is abou 3MB, and now everything is working fine.

IDS is now set on red.
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup