Cisco ASA 5510 with IPS Module

I am interested in hearing from anyone that knows about or uses the IPS features in the Cisco ASA.  I'm looking to see how's it used, best practices, etc.  How do you like it? User friendly?  What kind of ongoing administration do you do with it?  Do you do more logging or actually blocking certain traffic?  I look forward to your responses.

Thanks.
LVL 11
rvthostAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tim HolmanCommented:
If you are familiar with Cisco IDS, then you'll have no problems with Cisco IPS, as they are virtually the same.  The IPS software runs on an Intel/PCI/Red Hat core within the ASA, along with PIX v7.0 and a subset of the VPN3000 software.
Taking a step back, what are you looking for, and why have you concluded that IPS features are an answer to your problems?
If you get led down the Cisco path, bear in mind ASA technology, plus their IPS, is relatively immature technology and there are many ways to defeat it with rate-based and zero-day attacks.  As Cisco IPS is signature based, they need the signature before they can block the exploit.  If a new exploit is released into the wild, there will be a period of time before that exploit is discovered, and a signature included in the IPS code.
0
rvthostAuthor Commented:
Tim, thanks for your comments.  We currently have a PIX that will be replaced later this year, most likely with the ASA 5510.  I'm still toying with the IPS module.  I am not familiar with Cisco IDS, and quite frankly, not real familiar with any IDS.  I'm wondering if it's a decent starting point to become familiar.  The main objective is to begin learning, so we are better able to handle future challenges as we open more services to the public.
0
Tim HolmanCommented:
A good grounding could be to start with the free versions of Smoothwall or Snort to gain grounding in firewall/IDS, then look at applying the 2 principles to whether or not you need more advanced IPS-style protection.
Don't discount host-IPS, like Tripwire, or specific tools designed to protect webservers -Teros, Netcontinuum, Netscaler and the likes.
Is there anything specific we can help with here?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rvthostAuthor Commented:
Tim - Thanks for the info.  Nothing specific at this time, but I'm sure there will be!  Thanks again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.