IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TippingPoint Recommended Disabled Filters

From: "Secure Scorp" <securescorp () gmail com>
Date: Thu, 3 Jul 2008 08:48:43 +0530
The Tipping Point IPS out-of-the-box configuration recognizes and
blocks malicious traffic that is known to be malicious at all times,
under all conditions, in all network environments.From a Security
Standpoint, a default Configured IPS is configured as follows:
–There is a single Default Security Policy – All Filters in this
Policy are set to use their Category Settings
–Category Settings – All Category Settings are set to use the
Recommended Setting for each Filter
–Filters – Because of the Category Settings, all IPS Filters are set
to their Recommended setting as determined by the DVLabs team at
TippingPoint

So, to start with you are good  to put this on the network and not
worry about the disabled ones for a while.

Going ahead, with a Default Security Policy, Customization may be
Required depending on your network/requirement
 1) Different Security Policy for Different Segments or Directions
       *Core versus Perimeter
       *Inbound Internet versus Outbound Internet
 2) Different Security Policy for VLAN Traffic
       *VoIP VLAN etc

i.e. you would need to fine tune your IPS depending on the false
alarms etc. Also, you might want to start with checking the new
Digital Vaccines(DVs) to find which disabled filters you want to
enable. This will need you to understand the kind of traffic you
intend to block and allow.

Hope this helps. Let me know if you have more questions.

Thanks,
Aditya Govind Mukadam

On Tue, Jul 1, 2008 at 7:17 PM, <chester () haymakertech com> wrote:


Hi everybody-


We recently bought a TippingPoint IPS for our company and noticed that along with 3500 active definitions, there were 
a few hundred that were recommended disabled.  I'm curious if anyone has ever had the need to enable any of these and 
what the situation was.


thanks

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: