-
Recent Posts
Recent Comments
Archives
- April 2020
- September 2018
- August 2018
- April 2017
- March 2017
- March 2016
- January 2016
- December 2015
- November 2015
- September 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- May 2014
- March 2014
- February 2014
- January 2014
- December 2013
- October 2013
- September 2013
- August 2013
- July 2013
- May 2013
- March 2013
- February 2013
- January 2013
- December 2012
- September 2012
- August 2012
- July 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- August 2011
- July 2011
Categories
- AAA
- ACS 5.x
- ACS/RADIUS/TACACS
- ASA
- BGP
- Certificates
- Cisco
- Cloud
- DHCP
- Exchange
- FirePOWER
- FireSight
- Firewall
- ftd
- GNS3
- Hyper-V
- IOS
- IPS
- IT Related
- LINUX
- Metasploit
- Microsoft
- NAT
- Nexus1000V
- Paloalto
- PENTEST
- PKI
- Radware
- Routing
- RSA
- Security
- Server 2012
- Sourcefire
- Switching
- Uncategorized
- Virtualization
- VMWare
- VPN
- WebVPN
- Windows
- Wireless
Meta
Tag Archives: intrusion
Event Action Filters
As we could see so far, for every signature there could be one or more actions associated with it. Those actions are per signature, which means that action or actions associated with a signature will be executed for every attacker/victim … Continue reading →
Posted in Cisco, IPS
|
Tagged action, cisco, event, filter, intrusion, ips, prevention, protection, signature
|
4 Comments
Cisco IPS Event Summarization
One thing an intruder could try pulling off to evade being detected is hammering our IPS with so many events that IPS gets too busy to do its job but rather handling events. This is where summarization comes into play. … Continue reading →
Posted in Cisco, IPS
|
Tagged alarm, cisco, event, intrusion, ips, prevention, summary
|
Leave a comment
IPS: trues or falses
Recently I was thinking about IPS alarms and remembered the times when trying to distinguish between various types of events in IPS. There are four types of event categories and many people have trouble telling them apart. This is going … Continue reading →
Cisco IPS scenario three – Inline VLAN Pairs
Ok, this was quite a break and now it’s time to move on with the third part of IPS sensor deployment saga – Inline VLAN Pairs. In the previous article, we saw how to place an IPS sensor in an … Continue reading →
Cisco IPS sensor scenario two – Inline Interface Pairs
For all of you that are like me preparing for CCIE Security lab exam and are practicing IPS sections, I will try to do IPS 6.x in GNS3 lab environment. There are good chance that CCIE Security is shifting from … Continue reading →
Blocking/shunning attackers with Cisco IPS and ASA
As we all know Cisco IPS 4200 series of sensors can be set up in four ways or modes in our network: Promiscuous mode Inline interface pair mode Inline VLAN pair mode VLAN Group Mode We will deal with … Continue reading →