Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: IDS on RED, GREEN, ORANGE

IDS on RED, GREEN, ORANGE 13 years 4 weeks ago #8975

  • beexo
  • beexo's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 78
  • Thank you received: 0
HI,

I have an ipcop (firewall) box. The question is: Should I enable IDS on RED? Why?

Should I enable IDS on GREEN? Why?

I have it enabled on green just to see if something shows up. I had it enabled on red, but had to disable it, as it would cause the system to halt (almost impossible to access any page on the web).

Re: IDS on RED, GREEN, ORANGE 13 years 4 weeks ago #8987

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
I'm a bit puzzled as all the IDS (snort) on IPCOP does is monitor suspicious activity based on the currently installed snort rules. ( http://www.snort.org/ ). It does not actually control or filter web access. A wild guess may be that there may be so much malicious activity going on that the logging is affecting the performance of your IPCOP. Are you running IPCOP on a very low spec machine?

As to whether to enable IDS on RED or GREEN. I would definitely enable on RED. If you suspect internal malicious activity, you can also enable on GREEN.

Re: IDS on RED, GREEN, ORANGE 13 years 4 weeks ago #8990

  • beexo
  • beexo's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 78
  • Thank you received: 0
You've answered my question. Thanks.

As to the slow response, I am still trying to find out what is causing it. I don´t think it has to do with IDS anymore.

Re: IDS on RED, GREEN, ORANGE 13 years 4 weeks ago #8992

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
Let us know if you find out what's causing the speed problems. I'm always looking for problems/solutions to file away in my "problems database".

Re: IDS on RED, GREEN, ORANGE 13 years 3 weeks ago #8994

  • beexo
  • beexo's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 78
  • Thank you received: 0
I narrowed down the problem to a bad or to big black list used with urlfilter. I had uploaded a 10MB list. I then uploaded a list from the university of tolouse, which is abou 3MB, and now everything is working fine.

IDS is now set on red.
  • Page:
  • 1
Time to create page: 0.138 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup