[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Best practice policy



Hi All,
 
Quick question on creating (or 'deriving new') policy from ISS's default 'Attack Detector' policy.  What are the recommended signatures to configure RSKILLS for to protect the internal network with a version 7 network sensor? Or do I have to go through the whole list and either guess at which ones I should be protected from or do I go through the present analysis and whatever tag names show up I configure the policy to send RSKILLS to.  The latter seems a little backwards,  as in configuring the protection AFTER the attack....Sorry if this is a dumb question but I am new with the ISS IDS.

Thanks in advance!
 
Michael
 
Michael G. Montgomery, MCSE, CCNP, CCSA
Senior Consultant
Portola Systems, Inc.
Computer Network Engineering and Integration
mmontgomery@xxxxxxxxxxxxxxxxxx
www.portolasystems.net
707.824.8800 Ext. 15
707.824.8866 FAX
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Michael Montgomery
TEL;WORK:707-824-8800 x15
TEL;PREF;FAX:707-824-8866
EMAIL;WORK;PREF;NGW:mmontgomery@xxxxxxxxxxxxxxxxxx
N:Montgomery;Michael
TITLE:Senior Consultant
END:VCARD