IDS mailing list archives
Re: TippingPoint Recommended Disabled Filters
From: "Secure Scorp" <securescorp () gmail com>
Date: Thu, 3 Jul 2008 08:48:43 +0530
The Tipping Point IPS out-of-the-box configuration recognizes and blocks malicious traffic that is known to be malicious at all times, under all conditions, in all network environments.From a Security Standpoint, a default Configured IPS is configured as follows: –There is a single Default Security Policy – All Filters in this Policy are set to use their Category Settings –Category Settings – All Category Settings are set to use the Recommended Setting for each Filter –Filters – Because of the Category Settings, all IPS Filters are set to their Recommended setting as determined by the DVLabs team at TippingPoint So, to start with you are good to put this on the network and not worry about the disabled ones for a while. Going ahead, with a Default Security Policy, Customization may be Required depending on your network/requirement 1) Different Security Policy for Different Segments or Directions *Core versus Perimeter *Inbound Internet versus Outbound Internet 2) Different Security Policy for VLAN Traffic *VoIP VLAN etc i.e. you would need to fine tune your IPS depending on the false alarms etc. Also, you might want to start with checking the new Digital Vaccines(DVs) to find which disabled filters you want to enable. This will need you to understand the kind of traffic you intend to block and allow. Hope this helps. Let me know if you have more questions. Thanks, Aditya Govind Mukadam On Tue, Jul 1, 2008 at 7:17 PM, <chester () haymakertech com> wrote:
Hi everybody- We recently bought a TippingPoint IPS for our company and noticed that along with 3500 active definitions, there were a few hundred that were recommended disabled. I'm curious if anyone has ever had the need to enable any of these and what the situation was. thanks ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- TippingPoint Recommended Disabled Filters chester (Jul 02)
- Re: TippingPoint Recommended Disabled Filters Secure Scorp (Jul 03)