Learn how to a build a cloud-first strategyRegister Now



Posted on 2011-05-06
Medium Priority
Last Modified: 2013-11-29
Has anyone evr had or bought in an IDS/IPS (cisco IPS4240) audit, and if so what do the auditors/pen testers/security consultants test and report on? Are there any best rpactice config and management guides for cisco IPS 42 40's? Or any generic best practice for managing/config'ing IDS's
Question by:pma111
  • 2
LVL 65

Accepted Solution

btan earned 2000 total points
ID: 35711229
You can check out NSS Lab methodology of testing IPS (2nd link), will be useful as a guide since most of the big player including CISCO participate in such testing. In the methodology the test cases are shared as well as the probable test environment. The tools are listed too

@ http://www.nsslabs.com/research/network-security/network-ips/cisco-4260-sensor-ips-individual-test-report-q3-2010.html
@ http://www.nsslabs.com/assets/Methodologies/nss%20labs%20ips%20group%20test%20methodology%20v6.1.pdf

CISCO also has some brief guidelines

@ http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps7264/ps6634/IOS_IPS_Best_Practices.pdf
@ http://www.cisco.com/web/about/security/intelligence/securetcl.html
@ http://www.cisco.com/web/about/security/intelligence/cwilliams-ips.html

Specifically on government general practices and guidelines, suggest that you check out
a) DISA STIG (deployment/policy) - http://iase.disa.mil/stigs/net_perimeter/network_infra/firewall.html
b) NIST SP800-94 @ http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
LVL 65

Expert Comment

ID: 35711614
you may be interested in this IDS test tool

@ http://marcoramilli.blogspot.com/2011/05/ids-testing-frameworks.html

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question