Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
2
Replies

Before I turn on IDS

tbulliard
Level 1
Level 1

‎01-06-2004 01:29 PM - edited ‎03-09-2019 06:02 AM

I am getting ready to launch 12 IDSM-2 modules in our state agencies. We have 20+ DNS and ADS servers, 35 - 40 web servers. Each agency has a monitoring group that use programs such as; pinger, nexxus, netview, etc....

I know these machine are going to set off a bunch of signatures. Can anyone give me a list of signatures that I should filter for DNS and ADS servers. Any suggestions for the others would be greatly appreciated.

Thanks,

Labels:
0 Helpful
2 Replies 2

jbohla
Level 1
Level 1

‎01-15-2004 06:15 AM

Use the following URL for configuring this,http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap3.htm#593394

0 Helpful

david.d
Level 1
Level 1

‎01-28-2004 11:07 AM

I took a low tech approach and monitored for a baseline. Once I confirmed my false positives and "normal" traffice I started applying event filters a few at a time. This provided time to learn the system as well.

This site has less than 100 servers so it's not a huge amount of traffic to pilfer through. Even though you have quite a bit more, you still may want to take a similar approach.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents