From: Paul Patrick (ppatrick@cisco.com)
Date: Sat Oct 15 2005 - 17:20:33 GMT-3
Tim,
The new ISR routers support up to 500 signatures (256.sdf) which can be
configured to alarm, drop, reset, or any combination. For a small
business with limited budget and IT staff, it makes sense to run IDS/IPS
on the perimeter router.
More info can be found at:
http://www.cisco.com/en/US/products/ps6634/products_white_paper0900aecd8
0327257.shtml
P.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tim
Sent: Saturday, October 15, 2005 9:04 AM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: IDS Best Practice
Hi guys,
Since it's possible to enable some IDS functionality in IOS on a
perimeter
router, is there any rule of thumb or BEST Practice on the issue of what
IDS
functionality should be implemented on a router versus on the IDS
itself?
Obviously, if you have both a router and an IDS, all IDS can be
implemented
on the IDS itself but I'm wondering if there would be any benefit to
enabling
a few signatures - perhaps those that block DOS attacks - on the router.
Also, when IDS is enabled on a router interface that also has an inbound
acl, which processing takes place first? The IDS or acl?
Any guidance or insight would be greatly appreciated.
TIA, Tim
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3