Tag Archives: IDP

Sourcefire Intrusion Prevention Policy

Up to this point we have our SFR passing the traffic and block only telnet to certain hosts. Now we will go a step forward and play around with the “Intrusion Prevention (IPS)” policy. Our topology stays the same, but … Continue reading

Posted in Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , , , | 3 Comments

Cisco IPS – Creating a custom signature

Cisco IPS sensor in current version of 7.something has over five thousand sigs, out of which more than one thousand are enabled. However, there will be times when we have to create a custom signature to fit our needs. Let’s … Continue reading

Posted in Cisco, IPS | Tagged , , , , | 2 Comments

IPS: trues or falses

Recently I was thinking about IPS alarms and remembered the times when trying to distinguish between various types of events in IPS.  There are four types of event categories and many people have trouble telling them apart. This is going … Continue reading

Posted in Cisco, IPS | Tagged , , , , , , , , | 1 Comment