Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
2
Replies

TVR Ratings

Go to solution
David Shearing
Level 1
Level 1

‎08-28-2009 02:39 AM - edited ‎03-10-2019 04:45 AM

Hi,

I have an AIP-SSM-10 Module running version 7.01. Do i need to configure the Target Value Rating for all the machines on the network, or does it work by default?

Eitherway what would be the recomended proceedure?

Thanks for the help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-28-2009 06:27 AM

Configuring the TVR is 'optional'. The sensor will work without it.

However you set TVR values for your hosts/servers based on their criticality. But be careful, you might actually drop all traffic to this 'critical' server by doing so. Have a look at these white papers for more details:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd80191021.html

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd806e7299.html

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/overview_c17-464691.html

Please rate if helpful.

Regards

Farrukh

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-28-2009 06:27 AM

Configuring the TVR is 'optional'. The sensor will work without it.

However you set TVR values for your hosts/servers based on their criticality. But be careful, you might actually drop all traffic to this 'critical' server by doing so. Have a look at these white papers for more details:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd80191021.html

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd806e7299.html

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/overview_c17-464691.html

Please rate if helpful.

Regards

Farrukh

0 Helpful

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎08-28-2009 06:28 AM

By default all addresses will default to a Medium TVR value which winds up with a neutral affect to the Risk Rating of the alerts (neither raises nor lowers the Risk Rating).

If you aren't really using Risk Rating for anything, then you are better off just leaving the TVR settings with the defaults.

If you do make use of Risk Rating (such as the default Event Action Override for denying packets, or use it rank which events you want to spend time looking at), then modifying TVR for "special" boxes in your network can help. Specific servers that are closely monitored may be given high TVR values so attacks against them pop up to the top of your list of events to look into. Lab Machines might wind up with Low TVR values because you may not want to spend time analyzing attacks against those machines.

All others you wouldn't configure a TVR for, and they will default to Medium TVR.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card