06-06-2014 01:20 PM - edited 03-10-2019 06:12 AM
Hello,
I am currently planning on implementation of 4360 IDS system that will not be inline but monitoring the data VLAN on a switch. Someone asked me if I was going to create a blacklist and a whitelist for the IDS. Would that even be worth creating such lists if the device is not going to be inline with data flows? And they also stated that Cisco, when they push out new IPS/IDS signatures, that they have a default blacklist/whitelist within the code of the signatures. Is that correct?
Thanks
06-09-2014 09:32 AM
You can opt for your IPS/IDS to participate in the CIsco Global Correlation Network. This will send some of your traffic statistics to a centralized location for analysis and policies will be created and distributed to IPS/IDS globally. This includes blacklisting certain IP addresses.
As for creating a whitelist/blacklist for your specific IDS, you can add hosts to a "Never Block" list. Typically, this is reserved for your NMS since its polling can be perceived as scanning. Your colleague may be talking about zones. The IDS allows multiple zones (internal, external, DMZ) with different policies assigned to each.
06-10-2014 08:32 AM
Thanks for the reply Jason!
I was wondering though would a blacklist/whitelist be beneficial since our implementation of the IDS is not inline to the data flow? The IDS implementation that we were approved to do is monitoring a switch port that is is OOB. So if there were a blacklist/whitelist implemented on the IDS then it will be worthless because it will not be able block or allow that traffic flow, correct?
03-12-2017 04:54 AM
My website (dealslama.com) is constantly getting attacked from china ip address I found a resource which lists all ip address should be banned but I'm not sure how to use this ip's ?
Can you help ?
Resource is : http://www.wizcrafts.net/chinese-iptables-blocklist.html
Thanks
03-12-2017 07:17 AM
How you use them (if indeed that is possible in your environement) depends on the setup you have for hosting your site.
Can you tell us more about your hosting environment?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: