I'm pretty new to managing IPS. My co is looking at deploying a large number of this and i'm suppose to manage it. i got a few questions
1. are the available signature in default IOS IPS enough? i fired rentina to an old redhat version OS but i find that the results from IOS IPS is pretty generic.it detects non valid http traffic over ssl but not the vulnerablities used, and it does even detects nmap non tcp port scanning
2.do you recommend using the default IOS IPS signatures ? if no, any recommendations & standards to follow ?
3. Any guidance on custom signature development on IOS IPS ?
4. Any method to manage large numbers of IOS IPS rules/singatures on a single console ? So i can push the signature from a single console to each and every routers. if not, it is possible to copy the signature folders over all the routers to get the same sets on signature on the routers?
Appreciate any useful informations. Thanks in advance