Hi All,
From the experience in 6.312, I learn that IDS can really slow things down ( I used to turn on everything thinking more is better but that really slowed things down) thus would like to share my current configuration.
My Network only has Windows XP Laptop which runs F-Secure Policy Server ( I see it loads Apache)
Thus I turned on only the following.
1) Operating System Specific Attacks -> Windows
2) Attacks Against Servers
HTTP Servers ->
Common (Is this necessary)
Apache (F-Secure Policy Server)
3) Attacks against Client Software, Everything Enabled.
4) Protocol Anomaly, Everything Enabled.
5) Malware, Everything Enabled.
Performance Tuning, I configured my F-Secure Policy Server ( my laptop ) to be under HTTP
Is this optimal?
Should I turn on the rules for SMTP, POP, DNS since
1) I did turn on SMTP Proxy and configured it to point to a print server so that I can use the smarthost.
2) I am using POP proxy to scan my pop3 e-mails from ISP.
3) I am using DNS Proxy which forward to my ISP DNS.
Would the IDS help protect Astaro own components or those rules is necessary only if I got seperate servers for those functions.
Thank You for all the advice.
[;)]
This thread was automatically locked due to age.
