IPS and Virtual Sensors

Similar Messages

• V6 and Multiple Virtual Sensors

  In a few places, we have a sensor both behind and in front of a firewall and both of them are underutilized. With v6, it would seem that monitoring both links using separate physical monitoring interfaces and virtual sensors would be possible. I'm concerned about problems this might cause. For example, I already know that today CSMARS doesn't include the interface from the original raw message, so I won't be able to differentiate based on that. Will CSMARS toss the "duplicate" event anyway? Any other reasons this configuration isn't advisable? Anyone doing this in production today?

  Well the normalizer engine gets affected by putting your IPS in front and behind your firewall. With different Virtual sensor you would be able to take out this issue. I had some issues with this. So what i did was to have my IPS inline pair behind the PIX firewall and have promiscous port connect outside. Something like you have your Router connect to your hub and your pix outside connect to the hub too. Then you have a promiscous port connected to this hub. This way you would know the attacks happening outside of your Firewall. This is what i use, but my design is a bit more than this and i have a specific reason to use the hub here.
  -Hoogen

• IPS Virtual Sensors

  hi,
  1. Can I use the default virtual sensor vs0 for the incoming traffic on all the interfaces.
  2. How can I allocate interfaces to the AIP-SSM module.
  3. How can I allocate interafces to the IDSM module.
  I am assuming that the interfaces assigned are the ones on which inline inspection is performed.

  The AIP-SSM does not have 'both' of these modes. This is only valid for sensors/IDSM AFAIK.
  The AIP is 'internally connected' to the ASA and has only two deployment modes available instead of three, here is a brief description from CCO:
  #Is the AIP-SSM module to function or be deployed in promiscuous or inline mode?
  * Promiscuous mode means that a copy of the data is sent to the AIP-SSM while the ASA forwards the original data on to the destination. The AIP-SSM in promiscuous mode can be considered to be an intrusion detection system (IDS). In this mode, the trigger packet (the packet that causes the alarm) can still reach the destination. Shunning can take place and stop additional packets from reaching the destination, however the trigger packet is not stopped.
  * Inline mode means that the ASA forwards the data to the AIP-SSM for inspection. If the data passes AIP-SSM inspection, the data returns to the ASA in order to continue being processed and sent to the destination. The AIP-SSM in inline mode can be considered to be an intrusion prevention system (IPS). Unlike promiscuous mode, inline mode (IPS) can actually stop the trigger packet from reaching the destination.
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml
  Regards
  Farrukh

• Wireless sensor networks and virtual lab

  Hi all
  i am a new to wireless and virtual lab . i would like to build a virtual lab in wireless sensor networks where in all the configurations .. ie hardware conf would be done and across the internet i can shd be accessing the virtual lab and performing operations like . on / off of sensors .. etc
  can any one let me know the steps in which the same can be performed

  Hello ayaym,
  That is a pretty broad description.  You may need to narrow down your questions to be more specific.
  It seems like you are doing 2 things.  One is create a wireless network.  Two is access that network over the internet.
  1.  Wireless, there are numerous commercial wireless technologies.  Wireless ethernet, Wi-Fi, proprietary protocol wireless boxes.  Zigbee, wireless HART, bluetooth.  Etc.......  What makes the most sense would be determined by how these sensors would be connected in a wired world.  Then look at the common factors and whether you can adapt all the devices to a common wireless system.  For instance, if it's ethernet, you could add in wireless ethernet routers.  If it is RS-485 or RS-232 serial protocol, they also make ethernet boxes that would turn these into to remote virtual ports.
  2.  Internet connectivity.  Labview has remote panels and web publishing that would allow remote access to the front panels of running VI's.  It is just a matter of allowing those communications to occur in a secure way.  A Virtual Private Network might be required.  Other remote desktop software tools could work.

• Cisco IPS Concurrent session support in ips 4260 and 4270 sensor

  I am wondring that no document from Cisco IPS data sheets mention the concurrent session support in Cisco IPS 4200 series sensor. I am looking forward to any one who can advise about the subject.
  Thanks
  Nouman

  Hi.
  with IPS devices it's difficult to measure performance by # of connections per second since several factors count to the performance limit, including:
  1- packet size.
  2- object sizes per transaction
  3- transactions per second
  4- signatures enabled
  5- features enabled
  that why public documents try to make it more realistic by mentioning the transactional performance.
  here is a link mentioning concurrent connections for 4270:
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd806e7283.html
  although the link mentiones 100k and 200k, but we've seen situations where we had a lot more connections with a smaller amount of signatures enabled.
  for the 4260 the public document only mentions the transactional performance.
  Regards,
  Fadi.
  If this answers your question please mark the thread as resolved.

• About IPS and its working

  i want to know in detail about IPS and its working.Also is it using artificial intelligent or neural network for self upgrading reason.

  No, the sensors are not intelligent. They will very happily sit there dumb until updated manually.

• Has anyone deployed a midlet on a virtual sensor under windows 7 64 bit?

  Hello
  I need help and I would really appreciate if any one can save me.
  when I want to deploy a midlet on a virtual sensor in Solarium, I get this error: "Cannot load C:\Program Files\Java\jdk1.7.0_21\jre\bin\client\jvm.dll"
  My OP is windows 7 (64 bit). my java is also 64 bit and I should remind that there is no jvm.dll in in client folder in 64 bit java. So I set the address of jvm.dll to:
  "C:\Program Files\Java\jdk1.7.0_21\jre\bin\server"
  but still I get the same error.

  Got the exact same problem aswell, finally fed up with it now as i just started up firefox and 14 new windows opened because of this bug, luckily my computer can handle them but someone with a slower processor it would have been a nightmare, needs fixing ASAP.
  Reverting back to 3.6.3 until this issue is solved. (link for anyone wanting to do the same below)
  http://www.filehippo.com/download_firefox/7345/

• How can integrate IPS and WAAS???

  I have been working a lot with troubles to integrate an IPS 4240 in my WAAS plataform. A lot of signatures comes up when I have actived IPS. I found out some tips about disabled specific signatures and install the appliance in IDS mode.
  ¿Anybody known how i can conduct a transparently integration with these technologies?

  When the IPS sensor is placed outside of the optimization path, then both IPS and WAAS will work well. The IPS sensor blocks the TCP option 21 that WAAS uses to initiate the WAAS setup. The IPS sensor cannot handle the sequence number manipulation that WAAS currently uses. It's outside the RFC and the sensor will block those packets by default.

• Proximity sensor and light sensor not working

  Z10STL100-1/10.2.1.2141
  My proximity and light sensors are not working. BlackBerry virtual expert can't detect motion in proximity sensor test and not able to handle light dim or high in light sensor.
  What should I do now?
  It's very frustrating because I just bought this phone yesterday.

  Strange thing happened to me today. When i did security wipe my both sensors started working. Both were working till evening. Then suddenly it stopped working, so what is the problem.?
  I am really waiting for solution.

• How to Install Physical and Virtual Host

  I am getting licensing issues after I installed Essentials 2012R2 on a physical machine and then used the same license to virtualize it.  It's saying my physical machine needs to hold all the FSMO roles in which my virtual machine is hosting those roles.
  I read that Microsoft allows you to use the Essentials license for the physical and virtual server.  Is that correct? 
  Is there a specific service I need to remove on the physical machine in order for these errors to stop?  I still have the Windows Server Essentials Experience service installed. Is that what needs to be removed?
  Thanks,
  Doug

  Hi Doug,
  There is an article that provide details of licensing for Windows Server 2012 R2 Essentials. Please refer to and check if can help us to understand licensing for Windows Server 2012 R2 Essentials better.
  Understanding Licensing for Windows Server 2012 R2 Essentials and the Windows
  Server Essentials Experience role
  Please also refer to following article and check if can help you.
  Customize Deployment - Windows Server Essentials
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• What is the difference between "Invisible" (11g) and "virtual" index?

  Hi
  What is the difference between the "Invisible" index and "virtual" index?
  Thanks
  Balaji

  Indexes can be visible or invisible. An invisible index is maintained by DML operations and cannot be used by the optimizer. Actually takes space, but is not to be used as part of a potential access path.
  AFAIK, a virtual index is created by the tools used in SQL statement access path tuning to provide an alternative for the optimizer to test. It does not take any real space as it is a pure in memory definition.

• Can I use more than one blue-tooth device at the same time on IPhone 4S? Like a wireless headsets and speed and cadence sensor for cycling computer, receive the data and listen music simultaneously

  Can I use more than one blue-tooth device at the same time on IPhone 4S? Like a wireless headsets and speed and cadence sensor for cycling computer, receive the data and listen music simultaneously

  As long as the profiles are different (ex. HID vs AD2P) you will not have any issues. But say if you try to use 2 keyboards at once, it won't work. Or 2 headsets at once. Your scenario seems fine.

• HT1665 i have an apple IPhone4. I am experiencing certain problem with my iphone4. The problems are as follows a. my ear piece and proximity sensor is not working while making a call. 2. It cannot reproduce sound without earphone but rings if gets any cal

  Hi folks,
  i have an apple IPhone4. I am experiencing certain problem with my iphone4. The problems are as follows a. my ear piece and proximity sensor is not working while making a call. 2. It cannot reproduce sound without earphone but rings normally if gets any call.
  Can any one help me in this regard??

  Try to reset the phone by holding the sleep and home button for about 10sec, until the Apple logo comes back again. You will not lose data by resetting, but it can cure some glitches after installing new software or apps.

• How do I reinstall HP SImplepas and Validiy sensor on Win 8.1

  Hi 
  I reinstalled HP SImplepass and validity sensor driver once before by doing it in a particular order i can no longer remember and running it under compatibility settings. I had to refresh my machine and I cant get the snesor to work
  Can anyone advise on the correct order of installing driver and simple pass and advise on the correct HP SP file names for both for a dv7 7332earunning win 8.1 64 bit.
  Thanks

  Foxes_17
  Welcome bacl to the HP Community Forum.
  See the following:
  Instructions to Upgrade HP SimplePass
  Follow the procedure (Page 2 at writing):
  Procedure - Update / (Re) Install HP SimplePass
  1. Driver First
  2. Reboot
  3. Software Next
  4. Reboot
  NOTE:
  You will likely want to use / stay with Series 6 / version 6.x HP SimplePass.
  Ignore references to Series 8 HP SimplePass.
  Click the Kudos Thumbs-Up to say Thank You!
  And...Click Accept as Solution when my Answer provides a Fix or Workaround!
  I am pleased to provide assistance on behalf of HP. I do not work for HP. 
  Kind Regards,
  Dragon-Fur

• Difference between logical and virtual terms

  Hello,
  This is not purely oracle question; but in documentation so many times we find 2 terms:
  A. Logical
  B.Virtual.
  So what is the principle difference between logical and virtual? As I know physical is that which I can see and touch; while logical/virtual is that is imaginary. We say tablespace is logical not virtual; while Java Virtual Machine; not Java Logical Machine. So I want to know; what is the principle difference; why two words for an imaginary thing. Before posting question; I searched in google as “Difference between virtual and logical” but I couldn’t found the answer.
  Please quote your comments.
  Thanks & Kind Regards
  Girish Sharma

  Girish,
  I wont say that I am correcting you as this is like that half glass full/empty thing.May be what I see is half empty , you would see the same as half full.
  Well now coming to the explanation.I am saying honestly , I got more confused after reading your definitions.What do you mean by saing that tablespace is not virtual.I see it as purely virtual.We don't say it as virtual tablespace or logical tablespace but it is actualy logical/virtual, having no existance but just the definition right?
  How can you say that the size of virtual is larger than logcial?The size of tablespace is actualy the sum total of size of datafiles.So it actualy becomes very larger right?Much larger than JVM which is of few megs only.
  The point 3 totally knocked me out.I have no idea what you said.
  Ok I tell you this.Just remember the definition that Hans gave already.If you ask me than its the best definition that we can have. Just remember this and if some one asks you more further than give them your point 3 definition and tell them understand this ;-).Please don'tmind I am just kidding. Its just semantics.Don't get lost into it.You will find many people using both the terms interchangibly. So its ok.I shall stick with Hans's defintion,simple and concise.There are lot more other topics to dig upon in oracle.I can mail you lots of them.Spend time on those.Don't think that I am demotivating you.I understand you asked only because you have a doubt.But we got a good resolution of it and beyond that, its not of much use to dig it atleast not in the technial terms.
  Cheers
  Aman....
  PS:Are you on oraclecommunity.net?