Network Security: Detailed info on Newbie question: autoblocking with IDS/IPS

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-IDS

[Top] [All Lists]

Newbie question: autoblocking with IDS/IPS

from [Daniel] Network Security

[Permanent Link]

Subject:	Newbie question: autoblocking with IDS/IPS
Date:	10 Dec 2004 15:47:36 -0000



Hi,

I'm thinking of buying one of that new CISCO IDS boxes which can be placed 
inline in the future.

Is anybody of you using the automatic shunning (I guess it's called so) feature 
of the CISCO IDS? 
Does this make sense? (Which signatures should be autoblocked?)

Or are you just monitoring and then blocking manually?

Any hint would be greatly appreciated!
-Daniel



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Newbie question: autoblocking with IDS/IPS, Daniel <= Re: Newbie question: autoblocking with IDS/IPS, Mike Johnson RE: Newbie question: autoblocking with IDS/IPS, Gary Halleen (ghalleen) CISCOs new IPS, Christoph Pertl (tm011081) Re: CISCOs new IPS, p z Tippingpoint IPS, Christoph Pertl(tm011081) Re: Tippingpoint IPS, Bob Walder Re: Tippingpoint IPS, Paul Schmehl

Previous by Date:	RE: NIDS and HIDS, Maynor, David (ISS Atlanta)
Next by Date:	Building and Installing Snot and Mucus, Prabhat Singh
Previous by Thread:	Snort [BASE, MySQL, FC3] Installtion Manual, Ghaith Nasrawi
Next by Thread:	Re: Newbie question: autoblocking with IDS/IPS, Mike Johnson
Indexes:	[Date] [Thread] [Top] [All Lists]