Intrusion Prevention Best Practices

The best practices for deploying intrusion prevention in this environment are limited. The inspection point is at the perimeter of the network, and the ASA/PIX Security Appliance has 51 signatures to protect you. These signatures are narrowed down to the attacks that are still common on the Internet and are easily recognizable by the firewall.

The ASA 5500 family of security appliances can run the full IPS 5.0 operating system, which by default contains more than 1500 signatures and also provides protocol misuse protection.

The reports from these attacks could become very handy for you at some point. Many administrators use these reports to justify to their management that security threats are real and that attacks are launched against your network all the time. As a result, these reports can be used, if necessary, as a tool to justify return on investment to purchase a full-blown intrusion prevention system that has several hundred signatures and can be more effective at mitigating network and host attacks.

If you want to learn more about IPS and IPS best practices, read the white paper titled "SAFE: IDS Deployment, Tuning, and Logging in Depth," located on the Cisco SAFE web page. This page is specifically for larger intrusion detection system deployment, but it does contain a lot of information that might prove helpful if you need to learn more about IPS deployment.