Category Archives: IDS/IPS

Cisco IPS: Anomaly detection Introduction

Posted on November 16, 2013 by cyruslab

Introduction Cisco IPS 4240 establishes a baseline (normal traffic) and uses this baseline to check for deviation from traffic patterns to determine if there is anomaly in the network. This detection technique mainly detects worm attacks originated from host/s in … Continue reading →

Posted in IDS/IPS, Security | Tagged anomaly detection, intrusion detection system, Intrusion prevention system, IPS4240 | Leave a comment

Cisco IPS: Allowing Global Correlation update through ASA5505

Posted on November 11, 2013 by cyruslab

Management only interface Cisco ASA has a management only interface which you have to disable in order to allow IPS to get global correlation update. management-only command denies traffic that is not destined to the ASA itself. IPS that connects … Continue reading →

Posted in IDS/IPS, Security | Tagged global correlation, how to configure asa5505 to allow global correlation | Leave a comment

Cisco IPS: Inline Vlan Pair

Posted on November 11, 2013 by cyruslab

Inline Vlan Pair scenario Traffic between Vlan 10 and 20 has to be inspected by IPS, in order to achieve this and to save valuable IPS interface inline vlan pair mode is selected for this setup. Step by step explanation … Continue reading →

Posted in IDS/IPS, Security | Tagged how does Inline VLAN pair work?, Inline VLAN pair, Inline VLAN pair mode, IPS4240 | 2 Comments

Cisco IPS: Always boot into ROMMON

Posted on November 6, 2013 by cyruslab

Introduction I bought a Cisco IPS 4240 at a very good price from Ebay, Cisco IPS arrived my home last night, I was excited and looking forward to use this appliance immediately. To my disappointment, Cisco IPS persistently boot into … Continue reading →

Posted in IDS/IPS, Security | Tagged Cisco IPS 4240, Cisco IPS 4240 boots into ROMMON relentlessly, Cisco IPS 4240 unable to boot | Leave a comment

IPS: Update sid-msg.map

Posted on April 5, 2013 by cyruslab

Reference: http://oinkmaster.sourceforge.net/faq.shtml You need to update the sid-msg.map in order for the events to show its description, if sid-msg.map is not updated the events will be like Snort Alert [1:19187:2]. To update the sid-msg.map download the tar file from oinkmaster. … Continue reading →

Posted in IDS/IPS, Security | Tagged sid-msg.map | 1 Comment

IPS: Snort

Posted on March 31, 2013 by cyruslab

Tested systems 1. CentOS 6.4 32-bit, kernel version 2.6.32-358.2.1.el6.i686. 2. CentOS 6.4 32-bit, kernel version 2.6.32.60-grsec (grsec patched kernel) 3. Virtualbox version 4.2.10. 4. Snort engine version 2.9.4. Snort rules version 2940. Reference guide There are numerous installation guide over … Continue reading →

Posted in IDS/IPS, Security | Tagged barnyard, barnyard2, BASE, DAQ, snorby, snort, snortd | Leave a comment

Cisco Systems: IPS4360 Test case

Posted on January 27, 2013 by cyruslab

Intrusion detection and prevention test This post demonstrate an example on how to do IPS factory acceptance test. Test plan parameters example Product:IPS4360-K9 Serial Number: abcdefg Date:27/Jan/2013 Purpose: This test is to test the ability for IPS to block malicious … Continue reading →

Posted in IDS/IPS, Security | Tagged Cisco IPS4360, Cisco Security Manager, factory acceptance test for IPS, IPS test cases | Leave a comment

Category Archives: IDS/IPS

Cisco IPS: Anomaly detection Introduction

Cisco IPS: Allowing Global Correlation update through ASA5505

Cisco IPS: Inline Vlan Pair

Cisco IPS: Always boot into ROMMON

IPS: Update sid-msg.map

IPS: Snort

Cisco Systems: IPS4360 Test case

Categories

Archives

Recent Posts

Top Posts

CCIE blogroll

External Links

IDS

Open source

Pentest Virtual Lab

Security (VA and Pentest)

Blog Stats

Follow Blog via Email