IPS Tech Tips - Introducing NGFW with IPS
Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco new NGFW with IPS and its operations. This event requires registration.
Topic: Cisco IPS Tech Tips - Introducing NGFW with IPS
Host: Cisco Security Group
Date and Time:
Thursday, December 19, 2013 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=207672622&t=a&EA=ralbach%40cisco.com&ET=5a30e5f0d7b86e89044459f4fac9065e&ETR=6d878102a33643d67bc6b9d3df08da27&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert
Similar Messages
-
IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services
Hi Folks -
Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
Hope to see you there.
-Robert
Cisco invites you to attend a 30-45 minute Web seminar on IPS Best Practices delivered via WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management Services
Host: Robert Albach
Date and Time:
Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago, GMT-05:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation. If you wish to be excluded from these invitations then please let me know!Hi Marvin, thanks for the quick reply.
It appears that we don't have Anyconnect Essentials.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license? -
IPS Tech Tip - Evasions - TCP/IP examples and handling - Sig team presentation
Hi Customers,
Its summer time and nothing evokes cool quite like a discussion into the TCP / IP stack and how creative attacker types try to hide attacks behind it. This presentation will feature a security researcher from our signature team and will be the first of several presentations on evastions and how the Cisco IPS handle them.
We hope that you can make it.
Thanks,
-Robert
Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco IPS internal operations using WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - Handling Evasions
Host: Robert Albach
Date and Time:
August 25, 2011 9:30 am, Central Daylight Time (Chicago, GMT-05:00)
To register for the online event
1. Go to https://ciscosales.webex.com/ciscosales/onstage/g.php?d=201261254&t=a&EA=ralbach%40cisco.com&ET=64ed8e6d81005252203f6671cfeee480&ETR=fb46b8799a6afe989e9a744f0fac0d77&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.Sadly we did not get the recording done. The presentation and the example pcaps however are on this forum now.
-Robert -
IPS Tech Tip - "show tech" command part 2 - IPS dev team webinar
Hi Folks,
The IPS product management and development team would like to invite you to this 30-40 minute webinar followed by Q&A sessions. These will be recorded and put on this forum as well. We hope you can attend.
-Robert
Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - show tech part 2
Host: Robert Albach
This month's Cisco IPS Tech Tip will continue December's show tech command discussion. The show tech command holds a wealth of information regarding your IPS's performance and status. Cisco IPS development team members will continue to talk about what all this information means to you and then answers your questions.
Date and Time:
January 27, 2011 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=202882129&t=a&EA=ralbach%40cisco.com&ET=85576c2dbfd6dca4b756de40b6728a2b&ETR=5d7e40b0e38f564be0a8bd55114369fc&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.Sadly we did not get the recording done. The presentation and the example pcaps however are on this forum now.
-Robert -
Cisco IPS Tech Tips: Data Center Protections and Platforms
Hello Cisco Community Forum Members;
Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco IPS internal operations using WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - Data Center Protections and Platforms
Host: Robert Albach
Date and Time:
Thursday, July 19, 2012 10:00 am, Central Daylight Time (Chicago, GMT-05:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=206048546&t=a&EA=ralbach%40cisco.com&ET=ade69a0aa29f279471b6a85feae46a71&ETR=5b39cf5f535442c1763f090845d7ddd3&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
Cisco IPS Tech Tips - Protecting Industrial Environments - Nov. 20 2012
Robert Albach invites you to attend a 30-45 minute Web seminar on protecting Industrial Environments with Cisco IPS. This event requires registration.
Topic: Cisco IPS Tech Tips - Protecting Industrial Environments
Host: Robert Albach
Date and Time:
Tuesday, November 20, 2012 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=204100621&t=a&EA=ralbach%40cisco.com&ET=9a66f6e8f36ecbaab4ac37ed47bae5cf&ETR=c55c84ed345001203dd77689eca88777&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation. -
Cisco IPS Tech Tips: 2010 Dec 16 - show tech commands
Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
IPS Tech Tips are monthly webinars lasting approximately 30 minutes with question and answer to follow. This month’s event will focus on the “show tech” command and its potential relevance to your IPS operation.
Topic: Cisco IPS Tech Tip 2010 Dec 16 - Show Tech
Host: Robert Albach
Date and Time:
December 16, 2010 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=205452108&t=a&EA=ralbach%40cisco.com&ET=72ce549014a807001ae666a6d82dcc7c&ETR=6ff5ff3ebf442ab68017b906c9ead1a7&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
You can contact Robert Albach at:
[email protected]
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
Cisco IPS Tech Tips: 2010 Dec. 16 - Show Tech Part 1 Recording
Hi Cisco IPS Users,
I've attached the recording from our last Tech Tips regarding the "show tech" command. We hope that you will find this of value in the operation of your Cisco IPS.
As always feel free to leave comments on the content or future subjects you would like to see us address.
The continuation of this discussion will take place today (Jan 27th).
Thanks,
-Robert
Robert Albach
IPS Product Management
[email protected]The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
IPS Tech Talk -Global Correlation
Robert Albach of the Cisco IPS Team invites you to attend a Web seminar using WebEx. This event requires registration.
The event is a 30 minute webinar on Global Correlation - its operation and how it works with your Cisco IPS. Following the presentation there will be Question and Answer period with members of the IPS development team.
Topic: Cisco IPS Tech Talk 2010 Nov 18
Host: Robert Albach
Date and Time:
November 18, 2010 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=204029379&t=a&EA=ralbach%40cisco.com&ET=6511931d5b5055f2311dc9824532002a&ETR=2c3560b429c7cfc0c2553092a899c175&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
You can contact Robert Albach at:
[email protected]Will this event be available for viewing later? 10am CST is about 1am here in Korea, so I don't think I'll be able to attend live.
-
How do I use Cisco MARS to monitor two ASA (active/stby) with IPS modules?
Hi
The two ASA with IPS modules are in active/standby mode. When I try to add both the two IP (active/standby) into the MARS, the MARS will complain duplicated hostnames.
How to setup MARS to monitor ASA with IPS with active standby topology?
Thanks!Hi,
The fundamental problem with this scenario is that you have non-failover capable modules in a failover chassis - think of the ASA failover pair as one device and the IPS modules as two completely separate devices.
Then, as already mentioned, add only the primary ASA. (The secondary will never be passing traffic in standby mode so it's not actually needed in MARS) Then, with the first IPS module you can add it as a module of the ASA or as a standalone device (MARS doesn't care). With the second IPS module the only option is to add it as a separate device anyway.
In a failover scenario the ASA's swap IP's but the IPS's don't so whereas you'll only ever get messages from the active ASA you'll get messages from both IPS IP's depending on which one happens to be in the active ASA at the time.
Don't forget that you have to manually replicate all IPS configuration every time you make a change.
HTH
Andrew. -
Looking for a List of GT72 with IPS screen
hi guys !
I'm looking to buy a GT72 with a 970M or 980M , but my main focus is on the screen . i really want a IPS screen with my GT 72 , and i know that there is a few which got one.
when i look on website a lot of information are missing and i'm never sure if there is actually a IPS screen or not.
My budget is like between 1.7k€ and 1.9k€ so if someone could make a list of GT72 with IPS screen in this price average it would be nice
sorry for my bad english
thanksHi Ann Thanks for that. I did come across that list too. There is a wiki site started also that has bugn to show how each works too. That's what I'd love to create for the entire list with a thumbnail as a visual When I have time!
http://premierepro.wikia.com/wiki/Transitions -
NeedHelp Is it bug at IDSM-2 with IPS-K9-7.0-2-E3.pkg??
Dear All,
i have idsm with IPS-K9-7.0-2-E3.pkg installed,
i use inline mode for this idsm, and idsm place is front on server farm
but i have some problem that one segment in my network cant access the server
but another segment can access that server,
that server is oracle database aplication (real time)
in this is happend only for that server.
when i filter the traffic with idsm, the result that transaction match with
signature number 7000, evenly that signature dont have action to deny the traffic,
the traffic still cannot bypass, then ill try to disable but nothing impact to that segment
evenly other segment can access that server normally.
anyone can explain to me why this happen??
ill try to downgrade to IPS-K9-7.0-2-E3.pkg with IME but always error..
anyone can help me please..Hi Josh..
This is my answer
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
First off, you cannot downgrade the version without a re-image. You can only downgrade signatures. Second, you mention 7.0(2)E3 as the version you are on and the version you want to downgrade to. Can you verify what version you are running?
Im not yet downgrade to 7.0(2) because I don’t have yet permission from my bos . And now my isdm still use 7.0(2)E3
This is capture from my isdm
OTIDSM# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 7.0(2)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S425.0 2009-08-17
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: WS-SVC-IDSM-2
Serial Number: SAD132802TL
Licensed, expires: 20-Oct-2010 UTC
Sensor up-time is 2 days.
Using 1415421952 out of 1983504384 bytes of available memory (71% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 38.6M out of 166.8M bytes of available disk space (24% usage)
boot is using 41.5M out of 68.6M bytes of available disk space (64% usage)
MainApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
AnalysisEngine B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
CollaborationApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
CLI B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500
Upgrade History:
IPS-K9-7.0-2-E3 07:43:07 UTC Thu Oct 15 2009
Maintenance Partition Version 2.1(3)
Recovery Partition Version 1.1 - 7.0(2)E3
Host Certificate Valid from: 27-Apr-2010 to 27-Apr-2012
On the traffic not passing issue, if you put the sensor in bypass does that resolve the issue. That will eliminate any signature related actions from impacting the traffic. If you are still unable to access the servers then you should look for a routing or network layer issue
What you mean about bypass? Is it to released the idsm from network? If that so, I had do that and the server can access from segment that before cant access it. I had done to check the network layer problem but everything is ok,
And I want to clarify the other segment that cant access the server only for some application (real time application) in that server but the server can ping and telnet from that segment ( I think this is to clarify the network issue problem)
If that clears things up, the next step would be to create an Event Action Override to produce alert for all signatures. Then you can review IME for any signatures firing related to these servers. Please remove the Override once you are done testing as this can have a performance impact on the sensor over time and should only be used temporarily to troubleshoot a specific issue.
Well, I will try your suggestion, But I will wait permission to execute it. I hope this is work for my idsm-2
If you are still having trouble, if may help to get some info about the config of the sensor and the switch. Specifically, how the VLAN or Interface Pairs are setup, etc.
Oke, I will…
Btw, thanks for your help boss
GBU … -
Configure ASA5515-X with IPS as standalone IPS.
There are instances in our organization when our customers need to have a standalone IPS device due to environment restrictions. In the past we used the 4240 sensors which are now, or soon to be, EOL. The upgrade path is the ASA 5515-X with IPS services and I have heard that the device will be able to operate as a standalone IPS device.
Does anyone know if this is indeed possible or does anyone have experience configuring the device this way? It'd definitely be cheaper than going with the 4300 devices so I'd be interested in feedback on this.We've done this with ASA5500 models, so it's a safe bet you could do this with the ASA5500x devices as well.
The difference between using an ASA and an appliance for an IPS sensor is there's all sorts of firewall technology that you'll need to disable (as much as possible at least, you can't turn it all off) and I believe the sensor will be blind to layer 2 attacks.
- Bob -
Are there any Lenovo X220 owners with IPS that don't notice ghosting?
I need to pull the trigger soon and have been watching all the posts about fan noise, throttling and IPS ghosting.
Are there any users with an IPS screen who do not notice, or are not bothered by, ghosting on their IPS screen?
I would prefer IPS for the better viewing angles and color reproduction.As far as I can tell, the two units I got all exhibit ghosting if I just let the screen idle for too long (assuming idle at max brightness for more than 15 minutes), I think it's an issue that will be addressed by Lenovo later and for the time being, it doesn't hinder productivity unless your use of the company requires the image to stay stationary for an extended period of time.
-
Tech Tip of the Week: Syncing Distribution Groups in Office 365
Having trouble getting your distribution groups to sync when migrating to Office 365?
We recently worked with a customer who had over 300 distribution groups that were not syncing to Office 365. Upon review, we noticed that the distribution groups did not have a Display Name.
Here are the steps we took in order to resolve the problem:
1. Open ADUC “Active Directory Users and Computers “On the top menu click on view and select Advanced Features.
2. Find the Distribution List that is not syncing to your Office 365 tenant > right click the Distribution List > select Properties > click on the attribute editor tab.
3. There are a couple attributes that must be filled out in order for it to Synchronize to Office 365.
Attributes: mail,
displayName – if they do not have any data, fill it in. Once completed click ok.
4. Open the MIISClient. This is located on your DIRSYNC Server. The default path is: “C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”
5. Click on Metaverse Search > input the following:
Attribute: Mail
Operator: Contains
Value:
“Email Address of the DG”
6. Once filled in click on search > double click the search results > click on the connectors tab. Note: If
you only see SourceAD Management Agent, perform the following:
7. Click on Management Agents > Right click SourceAD > click on Run > click on Full Import Stage Only > click on ok.
8. Right click SourceAD > click on run > click on Full Sync > click on ok.
9. Right click TargetWebService > click on Run > click on Full Confirming Import Stage > click on ok.
10. Right click TargetWebService > click on Run > click on Full Confirming Sync > click on ok.
11. Right click TargetWebService > click on Run > click on Export > click on ok.
We hope you found this week’s Tech Tip useful! Do you have a problem you want us to solve in our Tech Tip of the week series? Let us know!Check to see that your remote session is still active, using Get-PSSession.
Maybe you are looking for
-
Old school code :-(
Hey, I been writing my game and wanted to show somone my game. However i can only get the newer java vm to work on his computer. Well i been writing my code for an older version becuase JBuilder wouldnt configure properly. Well, the game works but th
-
How to put into treemap an obj that already has a tree map?
i have A Course class that contains a treemap for student. now i need another tree map to contain an array of Course. Course has it own attributes... I tried creating new instance of course course= new Course(aRegistrationNo,Add,rmNo.); CoursetreeMap
-
Can I use RowSet with Type 4 Oracle Driver
I am getting following exception when I am using Type 4 Driver with RowSet, but every thing fine with ResultSet. [12/Mar/2002 16:01:02:1] error: ODBC-083: could not load the library <db2cli.dll> configured in the registry for the driver <256> [12/Mar
-
Error Installing Premiere Elements 9 - Exit Code 7
Hi, I'm trying to install Premiere Elements 9 on a Mac (running 10.6.4), but it always comes up with an error, and the program can't be installed. Last time I tried it got to about 95% but then gave me this error: Exit Code: 7 -----------------------
-
NFS root_squash and kerberos question
Hi All, Does anyone know if it is possible to get NFS Exports from an OES2 SP2 Linux Server working without use the no_root_squash option. do we know if there will ever be Kerberos authentication for CIFS / NFS too? Thanks for any info Pete