Re: ASA with IPS



If the asa fw/ips is your main source for attacks, then the noise will be there forever.

Keep in mind that FWs report all hits on a specific rule. The outbound FW will receive too much garbage from "the wild". That said, the "deny all" rule will keep u with tons of logs, and your monitoring is useless from that standpoint.

I would recommend to establish what you want to monitor and bear in mind that the least place where you will get appropriate information is the deny all rule from the outbound FW/IPS. Moreover, what you need is some SIEM tool that will help u accomplish your attack alerting levels. I believe you might need different sources, to get appropriate logs in order to get attack reports

Hth

Omar

------Original Message------
From: Dan Vultur
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: ASA with IPS
Sent: Sep 28, 2010 02:47

Hello list,

I am interested in tunning the IPS on the ASA we have in the company and I would
like to know where can I find some quick tips/rules.

The point is that I receive a lot of e-mail, noise, for every packet that comes
from the internet so I want to refine the alerting level but still be proactive

about attacks that may occur.

Many thanks,

Dan





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



--------------------------
Sent from my mobile device

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • RE: ASA with IPS
    ... The SSM module runs the same 'OS' that the dedicated Cisco IPS runs. ... Subject: ASA with IPS ... Securing Apache Web Server with thawte Digital Certificate In this guide ...
    (Security-Basics)
  • RE: ASA with IPS
    ... the ASA has one of the poorest IPS there is. ... Securing Apache Web Server with thawte Digital Certificate In this guide we ...
    (Security-Basics)
  • Re: ASA with IPS
    ... the ASA has one of the poorest IPS there is. ... Securing Apache Web Server with thawte Digital Certificate In this guide we ...
    (Security-Basics)
  • Re: ASA with IPS
    ... I would agree with steve that the built in IPS on ASA is poor. ... Securing Apache Web Server with thawte Digital Certificate In this guide we ...
    (Security-Basics)
  • Re: IPS to protect against VOIP Attacks
    ... We have had good experience with Tipping Point IPS. ... components with an IPS against known attacks and DOS-DDOS attacks as well. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)