Computer Security
 » 
IDS (Intrusion Detection System)

TippingPoint Recommended Disabled Filters

View: New views
2 Messages — Rating Filter:   Alert me  

TippingPoint Recommended Disabled Filters

by Carl Hester :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi everybody-

We recently bought a TippingPoint IPS for our company and noticed that along with 3500 active definitions, there were a few hundred that were recommended disabled.  I'm curious if anyone has ever had the need to enable any of these and what the situation was.  

thanks

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------


Re: TippingPoint Recommended Disabled Filters

by Secure Scorp :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

The Tipping Point IPS out-of-the-box configuration recognizes and
blocks malicious traffic that is known to be malicious at all times,
under all conditions, in all network environments.From a Security
Standpoint, a default Configured IPS is configured as follows:
–There is a single Default Security Policy – All Filters in this
Policy are set to use their Category Settings
–Category Settings – All Category Settings are set to use the
Recommended Setting for each Filter
–Filters – Because of the Category Settings, all IPS Filters are set
to their Recommended setting as determined by the DVLabs team at
TippingPoint

So, to start with you are good  to put this on the network and not
worry about the disabled ones for a while.

Going ahead, with a Default Security Policy, Customization may be
Required depending on your network/requirement
 1) Different Security Policy for Different Segments or Directions
       *Core versus Perimeter
       *Inbound Internet versus Outbound Internet
 2) Different Security Policy for VLAN Traffic
       *VoIP VLAN etc

i.e. you would need to fine tune your IPS depending on the false
alarms etc. Also, you might want to start with checking the new
Digital Vaccines(DVs) to find which disabled filters you want to
enable. This will need you to understand the kind of traffic you
intend to block and allow.

Hope this helps. Let me know if you have more questions.

Thanks,
Aditya Govind Mukadam

On Tue, Jul 1, 2008 at 7:17 PM, <chester@...> wrote:

>
> Hi everybody-
>
>
> We recently bought a TippingPoint IPS for our company and noticed that along with 3500 active definitions, there were a few hundred that were recommended disabled.  I'm curious if anyone has ever had the need to enable any of these and what the situation was.
>
>
> thanks
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Free Forum Powered by Nabble Forum Help