Global Sensing Configuration

Previous page
Table of content
Next page
[ LiB ]  

The global sensing parameters that affect overall sensing characteristics are

  • Internal networks

  • Reassembly options: IP fragment and TCP session

Internal Network

An internal network is a global sensing parameter that you can use to define a network or segment as trusted. When adding an internal network through the IDS MC, you can define the network as internal or trusted. You can add an internal network only using the IDS MC; you cannot define an internal network using the CLI or IDM for an individual sensor.

graphics/alert_icon.gif

An internal network can only be added using the IDS MC; you cannot add an internal network using the CLI or IDM.


To configure internal networks on the IDS MC, navigate to Configuration, Settings, Internal Networks, Add to display the Enter Network page, as shown in Figure 10.1.

Figure 10.1. Adding an internal network with IDS MC.

graphics/10fig01.jpg


Use this page to enter the IP address, network mask, and optional comments.

IP Packet Reassembly

IP packet reassembly , one of the global sensing parameters, determines how packets are reassembled; allowed values are NT, Solaris, BSD, and Linux. You can use the IDS MC and the IDM to configure IP fragment reassembly and Transmission Control Protocol (TCP) session reassembly options for a sensor. Figure 10.2 shows the Reassembly Options IDS 4 panel, which you reach by navigating to Configuration, Settings, Reassembly Options. You can set the Reassembly Options in this panel.

Figure 10.2. Navigate to Configuration, Settings, Reassembly Options to edit Reassembly options.

graphics/10fig02.gif


Table 10.1 shows the descriptions for the IDS reassembly settings.

Table 10.1. IDS Reassembly Settings

IDS Reassembly Settings

Description

IP Reassemble Mode

Allows you to set how the Sensor reassembles IP fragments . The available options are NT (the default), Solaris, LINUX, and BSD.

IP Reassemble Timeout

The time in seconds that the Sensor will wait for an IP fragment to reassemble before discarding the original fragment. The default is 120 seconds.

TCP Three-Way Handshake

If selected, the Sensor can reassemble a TCP session that has completed a three-way handshake.

TCP Reassemble Mode

Mode that the Sensor will use to reassemble TCP streams. The allowed options are strict or loose, with strict being the default.

TCP Open Establish Timeout

The time in seconds that the sensor will allow an established session to remain connected before timing out. The default is 120 seconds.

TCP Embryonic Timeout

The time in seconds that the sensor will allow a partially open connection to stay open before timing out. The default is 15 seconds.


[ LiB ]  

Previous page
Table of content
Next page
CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213
BUY ON AMAZON
Beginning Cryptography with Java
High-Speed Signal Propagation[c] Advanced Black Magic
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy