IPS Implementaion



I was wondering if anyone knows of any
documents/papers/book/suggestions on the proper way to implement an
IPS in a large environment. We had a vendor install the IPS units,
and they were supposed to tune the signatures and apply filters,
however there is still a lot of work to be done. I have been tasked
with putting a plan together to get these units to begin automatic
blocking instead of currently only watching traffic, but unfortunately
I only have experience using Snort in a small environment without a
lot of abnormal traffic. All the books I've been able to find online
are either out of date or inadequate. Any help would be greatly
appreciated!

Thanks,

Chris Moore

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • RE: IDSIPS that can handle one Gig
    ... the need for IPS ... I hear this every now and then from security people, ... I have yet to see an environment (and I am a consultant so I see ... single Microsoft Windows patch. ...
    (Focus-IDS)
  • RE: IPS comparison
    ... and do a comparison In Your Environment. ... Everyone's mileage varies with these products so far - useability. ... Since your web/application servers are always your "IPS of last resort" ... method of distilling it all down to useful data? ...
    (Pen-Test)
  • WNT DCHP + W2K
    ... Within a W2k environment for a W2K DHCP to assign IPs it ... has to be authorized within the Active Directory. ... stop a WinNT machine within a W2K environment from ... understanding is that it would assign IPs too. ...
    (microsoft.public.win2000.security)