[null] IPS hardening guide or checklist

[Shah Dhruv]

Hey null members ,

I've been searching on google and on a few benchmarked websites but unable to get an IPS checklist or a hardening guide .
Can anyone help me with one ?

The IPS is IBM Proventia.

______________________

Dhruv Shah aka Snypter

about.me/snypter

Blogger | Researcher | Consultant | Writer

Youtube | Facebook | Linkedin | Twitter | Blog | MySite

[TAS]

Below are some generic pointers that should help. 

1. Firmware and license.

2. Signature/Vaccine updates schedule

3. How will set up default action of the signature

4. Forwarding the logs to SYSLOG or SIEM

5. Configuring the alert email and report recipient

6. Configuring alerts of when sensors going down

7. Authentication on the device (LDAP, 2FA etc.)

8. Remote administration of the device

9. Configuration mode: Inline (blocking) Promiscuous Mode

10. SSL offloading is important - If the SSL is offloaded on the server then your IPS can hardly flag something. But these are sometimes regulatory requirements. 

HTH

-
TAS
http://twitter.com/p0wnsauc3

--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Shah Dhruv]

Something is better than nothing .. Thanks ..

[vinay kadagave]

I would like to add some points to TAS's list.

11. Change the default password of the IPS/IDS.
12. auto Configuration/policy  backup.

13. If the box is inline then check if built in Bypass kit is available or need external bypass kit.

Thanks & Regards,

Vinay