The Tipping Point IPS out-of-the-box configuration recognizes and
blocks malicious traffic that is known to be malicious at all times,
under all conditions, in all network environments.From a Security
Standpoint, a default Configured IPS is configured as follows:
–There is a single Default Security Policy – All Filters in this
Policy are set to use their Category Settings
–Category Settings – All Category Settings are set to use the
Recommended Setting for each Filter
–Filters – Because of the Category Settings, all IPS Filters are set
to their Recommended setting as determined by the DVLabs team at
TippingPoint
So, to start with you are good to put this on the network and not
worry about the disabled ones for a while.
Going ahead, with a Default Security Policy, Customization may be
Required depending on your network/requirement
1) Different Security Policy for Different Segments or Directions
*Core versus Perimeter
*Inbound Internet versus Outbound Internet
2) Different Security Policy for VLAN Traffic
*VoIP VLAN etc
i.e. you would need to fine tune your IPS depending on the false
alarms etc. Also, you might want to start with checking the new
Digital Vaccines(DVs) to find which disabled filters you want to
enable. This will need you to understand the kind of traffic you
intend to block and allow.
Hope this helps. Let me know if you have more questions.
Thanks,
Aditya Govind Mukadam
On Tue, Jul 1, 2008 at 7:17 PM, <[EMAIL PROTECTED]> wrote:
>
> Hi everybody-
>
>
> We recently bought a TippingPoint IPS for our company and noticed that along
> with 3500 active definitions, there were a few hundred that were recommended
> disabled. I'm curious if anyone has ever had the need to enable any of these
> and what the situation was.
>
>
> thanks
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
