Lots of posts on in-depth technical questions on this forum, while mine is a lot more generic.
As a service provider we manage many seperate customer networks, some internet connected, some not. We have been looking at several IDS systems for a while now, and it´s not technical problems which are causing us headaches but more functional.
If we would to roll out IDS for several networks, no doubt we´ll be hit around the head with lots of events, intrusions, logs what have ya. To maintain a 24 h service on this level is downright nearly impossible. You would need Level 3 technical personel to look at these events, even if they can be cut down to a few a day, it would still mean looking into these alerts on a daily/nightly basis and determine the next cause of action. In my opinion large environments will result in many (to many) alerts, filtering them will help, but will also improve changes you might be missing a serious event.
Obviously to have this much manpower on it would be very expensive. I would like to receive some comments on how some of you are coping with this, or is it not as bad as it all looks? Maybe if you tune it right a few alerts a week? I have no idea what to expect, that part of the problem.
First, make sure you install the IDS behind a firewall. That will stop a lot of unwanted alarms. Thats really all you want to monitor anyway, what gets through the FW. Then its a matter of tweeking the IDS until you are only being notified by true intrusions and not a bunch of false positives. It takes several days/weeks to get the signature list trimmed down. There will be a lot of false positives at first. The IDS does all the work (eventually ) anyway by resetting and blocking connections. Takes some time to get it settled down though.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :