your
process a bit to see how it might fit into our plans here;)
Cheers,
Paul
-Original Message-
From: Ross Vandegrift [mailto:r...@kallisti.us]
Sent: Saturday, February 07, 2009 10:50 AM
To: Paul Stewart
Cc: 'Gregori Parker'; 'Cisco-nsp'
Subject: Re: [c-nsp] IDS Recommendations
On Fri, Feb 06, 2009 at 07:24:34PM -0500, Paul Stewart wrote:
A good example to paint a picture here is that some of these servers are for
web hosting. If a client uploads a php script (example) that has a
vulnerability we would like the IDS to trip on it - again we can't have the
world but
Hi there...
Our server farms hang off a pair of 6509's today. The SVI interfaces are
redundant with HSRP for each VLAN that feeds the servers Sup2/MSFC2
running native IOS.
So, we're looking for IDS/firewall solutions to protect a few of the VLAN's
in particular. We did have a pair of
is well below 400mbps), and it requires much more tuning to
be useful.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Paul Stewart
Sent: Friday, February 06, 2009 1:46 PM
To: 'Cisco-nsp'
Subject: [c-nsp] IDS
: [c-nsp] IDS Recommendations - Cisco?
I would highly recommend keeping some sort of firewall to ACL/NAT
upstream from your hosts...I personally don't put a lot of stock into
host-based firewalling as one's sole means of protection. If the FWSM
didn't serve you well (all my problems with FWSM went