Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
2
Replies

Is there a good guide on configuring the IPS?

saidfrh
Level 1
Level 1

‎07-23-2008 09:52 AM - edited ‎03-10-2019 04:12 AM

I "denied" IDs 1109/0, 1109/1, 1109/2, 1109/3, all Cisco IOS Interface DOS. The above was configured in the IDM>Configuration>Policies>Signature Definitions>sig0)>Active Signatures. Denying the above denied all Internet activity. How do I know which signatures to deny without bringing down necessary services?

2. Non of the Adware/Spyware signatures are marked as Deny in default configuration. Will Denying the above effecting network?

IDM>Configuration>Policies>Signature Definitions>sig>Adware/Spyware

3. Of the 3018 Viruses/Worms/Trojans signatures, only 3 have been configured by default to be denied. Common sense would dictate to deny all packets with above signatures. Would denying above packets effect the network or Internet connection?

Is there any good handbook/resource on configuring the IPS?

Thanks.

Said

Labels:
0 Helpful
2 Replies 2

mhellman
Level 7
Level 7

‎07-23-2008 02:34 PM

I don't know of a good resource.

I think you will find that people use different approaches to this depending on their tolerance for false positives and denying legitimate traffic. I work at a largish financial company, and I wouldn't dare enable a drop/deny action unless I knew it had a zero false positive rate. My assumption is simple...all signatures have false positives unless I can prove otherwise;-)

0 Helpful

saidfrh
Level 1
Level 1
In response to mhellman

‎07-23-2008 11:44 PM

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card