This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question: IPS/IDS

Hi,

Part of me wants to go through the IPS rules and set anything to "Drop" that won't interfere with my normal network usage, but then there's some parts of various documents/help files that seem to imply that if enough flags are raised, it will start responding and shut down the attack. Is that correct, or would I be better off setting things to drop the packet if I can get away with it? Maybe a bit of both?

Thanks

This thread was automatically locked due to age.

0 Simon Shaw over 18 years ago

Portscans etc get dropped but a lot of stuff in IPS will only be dropped if you tell it to.

Disable what you can, but be wary, you'd be suprised what counts as an attack sometimes. Like legit web mail logins etc...

Suggest you set it to email warnings of dropped stuff until you get a ruleset you are happy with.
Cancel
Vote Up 0 Vote Down

Cancel
0 ABx over 18 years ago in reply to Simon Shaw

Excellent, thank you! (I swear I posted this already, must not have submitted properly).

I definitely keep an eye on how many "hits" a rule has, and keep an eye on the notifications. I'm not in any hurry, would rather do things right [:)]
Cancel
Vote Up 0 Vote Down

Cancel