IPS Implementaion

I was wondering if anyone knows of any
documents/papers/book/suggestions on the proper way to implement an
IPS in a large environment. We had a vendor install the IPS units,
and they were supposed to tune the signatures and apply filters,
however there is still a lot of work to be done. I have been tasked
with putting a plan together to get these units to begin automatic
blocking instead of currently only watching traffic, but unfortunately
I only have experience using Snort in a small environment without a
lot of abnormal traffic. All the books I've been able to find online
are either out of date or inadequate. Any help would be greatly


Chris Moore

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.

Relevant Pages

  • RE: IDSIPS that can handle one Gig
    ... the need for IPS ... I hear this every now and then from security people, ... I have yet to see an environment (and I am a consultant so I see ... single Microsoft Windows patch. ...
  • RE: IPS comparison
    ... and do a comparison In Your Environment. ... Everyone's mileage varies with these products so far - useability. ... Since your web/application servers are always your "IPS of last resort" ... method of distilling it all down to useful data? ...
  • WNT DCHP + W2K
    ... Within a W2k environment for a W2K DHCP to assign IPs it ... has to be authorized within the Active Directory. ... stop a WinNT machine within a W2K environment from ... understanding is that it would assign IPs too. ...