IDS mailing list archives
IPS Implementaion
From: "Chris M" <dontspammeplz48 () gmail com>
Date: Thu, 13 Sep 2007 15:49:36 -0400
I was wondering if anyone knows of any documents/papers/book/suggestions on the proper way to implement an IPS in a large environment. We had a vendor install the IPS units, and they were supposed to tune the signatures and apply filters, however there is still a lot of work to be done. I have been tasked with putting a plan together to get these units to begin automatic blocking instead of currently only watching traffic, but unfortunately I only have experience using Snort in a small environment without a lot of abnormal traffic. All the books I've been able to find online are either out of date or inadequate. Any help would be greatly appreciated! Thanks, Chris Moore ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IPS Implementaion Chris M (Sep 14)
- Re: IPS Implementaion Eric Hacker (Sep 14)
- Re: IPS Implementaion Göran Sandahl (Sep 17)
- <Possible follow-ups>
- Re: IPS Implementaion proneetb (Sep 14)
- Re: IPS Implementaion Eric Hacker (Sep 14)