Home >> Departmental and End User Computing >> Small-Area Networking (SAN)

How we tested Cisco IPS 7.0

By: Joel Snyder On: 11 Aug 2009 For: Network World (U.S.) (GM) Creator

Network World tested version 7 of the software upgrade to Cisco’s intrusion prevention appliances. Find out how we reviewed the reputation services feature

We installed a Cisco 4260 IPS appliance in a production network with approximately 700 Web sites generating approximately 25 Mbps traffic to the Internet. Our goal in this testing was to focus on the reputation services aspect of the 7.0 software, so we did not do specific performance or IPS coverage testing.

Initially, we installed a beta version of 7.0 software that Cisco made available. We then placed the IPS both in front of (on the Internet side of) and behind different firewalls protecting the network. However, with beta 7.0 software, the IPS caused significant service interruption when placed outside of the firewall. We pulled the IPS from the network and waiting for Cisco to release the final 7.0 software.

When 7.0 release software was available on Cisco's Web site, we re-installed the IPS. Following Cisco's advice, we only placed the IPS behind firewalls, rather than on the Internet side of the firewalls. We used two different gigabit Ethernet circuits, carrying a total of 14 different VLANs. The IPS ran in production on those network segments, inspecting and protecting 12 of the different VLANs, for over two weeks.

We also installed Cisco IPS Manager Express 7.0 software on a Windows 2000 server with a 3GHz Pentium 4 CPU, 3GB of RAM and internal SATA hard drives. We found that even with 1.2 million events in the database, the performance of IPS Manager Express was very satisfactory.

Cisco engineers assisted, remotely, with the initial configuration of the IPS and provided some technical support via e-mail during the testing. Once we felt the IPS was stable on our production networks, we studied the alerts that the IPS created based on the traffic on those networks. In combination with normal Cisco technical support resources, we tuned the IPS for a period of about one week. The tuning generally included identifying signatures with a high false positive count and either disabling or, in a few cases, adjusting them to ignore particular systems.

During the tuning period, we enabled all reputation service features of IPS 7.0, but ran them in "audit" mode to get comfortable with what the reputation service was going to do to the events and to the IPS itself.

After tuning was completed, we set the reputation service features be active and monitored the results.

Sign up for our Newsletters

Tags: network, Cisco, firewalls, Internet

Close X

Your Name:

Your E-mail:

Friend's Name:

Friend's E-mail:

Close X

| Views: 1952 | Rating:

(1 votes)

Rate this article on a scale of
1 to 5 stars,5 being the best.

Close X

Page 1

Quick Access

Video Conferencing Cloud Computing Resource Centre CIO Canada's Brainstorm Centre CIO Canada Debate

Joel Snyder is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.

blog comments powered by Disqus

Related White Papers

Moses Cone Health System deployed Unified Computing System as part of the transition to electronic medical records - Based in North Carolina, Moses Cone Health System offers a range of services, including cardiovascular care, the latest cancer treatments, rehabilitation neurology, and trauma care, in both hospital and outpatient settings. Moses Cone Health System is accelerating its transition to electronic medical records (EMR) and Physician Order Entry (POE).

Network Mobility Solutions - Organizations need innovative strategies and approaches to secure, manage and support their converged networks. Next-generation wireless and wired networks and the enterprise data centre must be immediately and cost-effectively able to support new business models and processes.

Linking Mobile Solutions to Business Strategy - There are many indications that integrated mobility solutions are poised for rapid growth in Canada. Phase 1 of a 2007 study conducted by IDC, is covered in this white paper, which outlines how companies that have a mobile strategy can reap the rewards of # investments mobilizing business applications, improving customer service # optimizing mobile assets and # helping employees be more effective when making daily decisions about best servicing customers. Meanwhile, organizations that adopt mobile solutions without clear goals in mind may find it a challenge to integrate solutions, control costs, and ensure a superior customer experience.

The Evolution of Collaborative Applications: The mobile workforce & beyond - What are the Benefits of Social Networking? Before investing in Social Networking/Web 2.0 software read this report. Click here to download!

Unified Communications Helps Mortgage Broker Connect with Customers - Case Study: Mortgage broker, MonsterMortgage.ca better connects with its customers through unified communications.

more: White Papers

CIO Canada	ComputerWorld Canada	Network World Canada	Computer Dealer News	Direction Informatique	IT Business.ca
Click Here to Subscribe Now!

IT World Canada Curated
	Job and Career Resources • Canadian IT Jobs • IT Sales Jobs • Salary Calculator • Tech Learning Space	Knowledge Services • CDN ProFIT - Turnkey Marketing solutions • Visability • Knowledge Store
Subscribe Now- Register

Log In

How we tested Cisco IPS 7.0

Network World tested version 7 of the software upgrade to Cisco’s intrusion prevention appliances. Find out how we reviewed the reputation services feature

Quick Access

Related Videos

Most Popular

Related White Papers

Email
Password