馃攳
Intrusion Detection and Prevention System Live Demo -IDPS Live example - IPS IDS - network security - YouTube
Channel: ISO Training Institute
[0]
welcome to blab on IPS we're going to give you a聽
real world demonstration of how IPS looks using聽聽
[8]
the SonicWALL as an example so once again we're聽
not interested specifically in learning how the聽聽
[14]
SonicWALL works but to see this in general the聽
general idea should carry through to any other聽聽
[19]
appliance so on the SonicWALL in order to to聽
see the IPS we go to security services and then聽聽
[27]
we choose it choose intrusion prevention and here聽
you can either enable it or disable it so if it's聽聽
[38]
enabled here then it's pretty it's pretty much聽
ready to go so if this is enabled then you do聽聽
[45]
have intrusion prevention working and it's going聽
to test everything that passes through to Sonico聽聽
[51]
against these signatures so you can see that聽
you have about 5,000 signatures here so another聽聽
[61]
thing to notice is that you have a signature time聽
stamp so it means that the last time signatures聽聽
[69]
were downloaded was yesterday today is the seventh聽
so pretty much every day you're going to get new聽聽
[76]
signatures from SonicWALL assuming your license聽
and you know you're paying for it so there's聽聽
[83]
another thing here if you don't want to accept聽
the defaults you can you can adjust this a little聽聽
[88]
bit to your to suit your needs so what they do is聽
each one of these signatures is either they rate聽聽
[96]
it as either high priority medium priority or low聽
priority so if you look here at this one signature聽聽
[103]
you know that these signatures here these are all聽
mediums but if you scroll through you'll see some聽聽
[108]
that high and some that are low so the folks over聽
at SonicWALL are saying that it's a high priority聽聽
[116]
then that's they're a very dangerous attack聽
and if it's a low priority then it's not very聽聽
[122]
dangerous so by checking these you can prevent聽
and detect high medium or low as you like so if聽聽
[132]
you anything under prevent means it will actually聽
stop it anything under the tech means that it will聽聽
[140]
log it but not actually stop it so if you if you聽
don't want to deal with with low priorities then聽聽
[148]
you can just uncheck that now you might want to do聽
that because well priorities attacks can sometimes聽聽
[155]
cause false positives another thing you might聽
want to do is you might want to start out with聽聽
[163]
prevent all and detect all and just see how much聽
of a nuisance it is you might have a lot of end聽聽
[171]
users complaining that they can't do this and that聽
so what you might want to do to prevent that would聽聽
[178]
be to do it like this so you you're not going聽
to actually prevent them prevent low priorities聽聽
[184]
but you're going to detect a lil priorities which聽
means it login then you can look at the logs and聽聽
[191]
based upon what you see you can make a decision as聽
to how you want to set this up in the future now聽聽
[198]
the only other thing that you might want to do聽
is sometimes you find a particular signature is聽聽
[203]
causing a problem for you if it's a false positive聽
so you can disable any signature that you like so聽聽
[209]
just go to say NetBIOS so if this particular聽
if this particular signature was causing you聽聽
[218]
a problem then disable it from from here so聽
that's a little bit of information give you聽聽
[227]
an idea as to how IPS works in general that is the聽
end of this video thank you very much for watching
[235]
you
Most Recent Videos:
You can go back to the homepage right here: Homepage