IPS on your network, today?

Become the IPS expert for your network? It is not easy. None of the products on the market make IPS easy, and it really should not be easy. You have to know the protocols, how the alerts work, and be able to tweak them.

Do you know snort? Do you know Talos / FMC rules are snort–but they also have some differences how cisco applies them. One difference – “Connectivity default policy and disabled in the Connectivity over Security default policy. Talos sometimes uses a rule update to change the default action of one or more rules in a default policy.” That means you cant just edit some of the Talos rules!

For cisco firepower IPS, I suggest this. You can always go “turbo security” or super security and move the Snort/Talos rules to high security. This is done by choosing the “Balanced Security and Connectivity” and change it to “Security Over Connectivity”. If you have emergency malware breakout and can not figure out exactly what is causing it, then do something. Raise your security by flipping the switch. Picture is shown below on where to do it. Thank me next time.

Read more

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/asa-fp-services/asafps-local-mgmt-config-guide-v64/understanding_network_analysis_and_intrusion_policies.html

Copyright 2021 Rod Deluhery

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s