Security Basics mailing list archives
RE: ASA with IPS
From: "Andy Tornquist" <atornquist () aamc org>
Date: Tue, 28 Sep 2010 13:58:02 -0400
Are you looking for tools to test your IPS or suggestions on policies? For policies: Is it going to be in stream and block automatically? If in stream you want to be very conservative on what gets denied. If it won't be in stream then you can be more liberal with the signatures you are going to leave on. I wouldn't worry about some false positives you want to keep it at a level where you can still see all the issues. Do you care if someone attempts to exploit a product you are not running? It is more over head to monitor for them. On the one head you may catch someone who is trying to gain access but on the other you need to decide what will you do if the signature fires? If you are not going to follow up on them leave the signatures off. The other important thing is how much bandwidth and how many packets per second is the ASA seeing? Is your IPS going to keep up with the traffic and the number of signatures? If you have one that exceeds your requirements then things like inspection load and missed packets should not be a worry. Every environment is different so plan on spending some time tuning to get rid of the false positives Let me know if you have any questions. Andy Tornquist Sr. Infrastructure Security Specialist Association of American Colleges -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Vultur Sent: Tuesday, September 28, 2010 3:47 AM To: security-basics () securityfocus com Subject: ASA with IPS Hello list, I am interested in tunning the IPS on the ASA we have in the company and I would like to know where can I find some quick tips/rules. The point is that I receive a lot of e-mail, noise, for every packet that comes from the internet so I want to refine the alerting level but still be proactive about attacks that may occur. Many thanks, Dan ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- ASA with IPS Dan Vultur (Sep 28)
- RE: ASA with IPS Andy Tornquist (Sep 28)
- RE: ASA with IPS Steven C Holmes (Sep 28)
- Re: ASA with IPS Kellstr (Sep 30)
- Re: ASA with IPS Richard Robins (Sep 30)
- Re: ASA with IPS Dan Vultur (Sep 30)
- RE: ASA with IPS Andy Tripp (Sep 30)
- Re: ASA with IPS paulosterwald (Sep 30)
- Re: ASA with IPS Ramki B Ramakrishnan (Sep 30)
- <Possible follow-ups>
- Re: ASA with IPS Omar Salvador Alcalá Ruiz (Sep 30)