I "denied" IDs 1109/0, 1109/1, 1109/2, 1109/3, all Cisco IOS Interface DOS. The above was configured in the IDM>Configuration>Policies>Signature Definitions>sig0)>Active Signatures. Denying the above denied all Internet activity. How do I know which signatures to deny without bringing down necessary services?
2. Non of the Adware/Spyware signatures are marked as Deny in default configuration. Will Denying the above effecting network?
3. Of the 3018 Viruses/Worms/Trojans signatures, only 3 have been configured by default to be denied. Common sense would dictate to deny all packets with above signatures. Would denying above packets effect the network or Internet connection?
Is there any good handbook/resource on configuring the IPS?