Recent Comments
Tag Archives: intrusion
Event Action Filters
As we could see so far, for every signature there could be one or more actions associated with it. Those actions are per signature, which means that action or actions associated with a signature will be executed for every attacker/victim … Continue reading →
Posted in Cisco, IPS
|
Tagged action, cisco, event, filter, intrusion, ips, prevention, protection, signature
|
4 Comments
Cisco IPS Event Summarization
One thing an intruder could try pulling off to evade being detected is hammering our IPS with so many events that IPS gets too busy to do its job but rather handling events. This is where summarization comes into play. … Continue reading →
Posted in Cisco, IPS
|
Tagged alarm, cisco, event, intrusion, ips, prevention, summary
|
Leave a comment
IPS: trues or falses
Recently I was thinking about IPS alarms and remembered the times when trying to distinguish between various types of events in IPS. There are four types of event categories and many people have trouble telling them apart. This is going … Continue reading →
Cisco IPS scenario three – Inline VLAN Pairs
Ok, this was quite a break and now it’s time to move on with the third part of IPS sensor deployment saga – Inline VLAN Pairs. In the previous article, we saw how to place an IPS sensor in an … Continue reading →
Cisco IPS sensor scenario two – Inline Interface Pairs
For all of you that are like me preparing for CCIE Security lab exam and are practicing IPS sections, I will try to do IPS 6.x in GNS3 lab environment. There are good chance that CCIE Security is shifting from … Continue reading →
Blocking/shunning attackers with Cisco IPS and ASA
As we all know Cisco IPS 4200 series of sensors can be set up in four ways or modes in our network: Promiscuous mode Inline interface pair mode Inline VLAN pair mode VLAN Group Mode We will deal with … Continue reading →
popravak 