Virtual design of IPS/IDS question.

Similar Questions

• Adding a physical device in a virtual design?

  Hi guys,.

  I have a question about how to plug a physical device into a virtual design.  I am trying to connect an inline webfilter between my switch and firewall, so it can filter traffic transparently.  The problem is that my firewall is virtual infrastructure vmware with multiple hosts running, so I can't just put between the two.  Here is an example of my physical/virtual design:

  http://i.imgur.com/4rFQj7E.jpg

  I was thinking about creating a port untagged on my 666 VLAN and assign the VLAN 666 IP to another port and plug the webfilter in between, but I do not think that traffic would be actually good cable.

  Someone has an idea?

  Thank you.

  HI -.

  Yes.  You need a physical connection to the bridge the VLAN, which is what will make the Barracuda.  Here is an example of the view:

  bumpinwire.PNG

  

  Assuming that it is the physical connections, the configuration side switch follows as:

  int vlan 222 ip address 192.168.254.2 255.255.255.248int range gi1/0/1, gi1/0/3 desc ESXi Host switch mode trunk switch trunk allow vlan remove 222 spanning-tree portfast trunkint gi1/0/10 desc To Barracuda Inside (or self on Gi1/0/16) switch mode access switch access vlan 222 spanning-tree bpdufilter enableint gi1/0/16 desc To Barracuda Outside (or self on Gi1/0/10) switch mode access switch acc vlan 333 spanning-tree bpdufilter enable

  The firewall is attached to 133 VLAN in ESX. PSC

• A physical server with 2 NETWORK interface card using a virtual machine as IPS (transparent VM) and everything should work normally?

  Hello guys.

  Is there a diagram that I made, using for my self this question.

  

  As you can see, I have a physical server with 2 NIC I don't want to use a VM (with Snort) as IPS / IDS system for inbound traffic on the management of VLANS. Is it possible to use this VM in this way (as an IPS/IDS, VM with two NIC without any routing work?)? Maybe you have a suggestion, how can I achieve this, as easy as possible? Maybe you have an opinion, what OS unix system do I use?

  Thank you for your time and your answers. Any useful information is much appreciated.

  Yes, it should work. You need to look out for, it's that the 'outgoing' NIC is not connected to the same physical switch as the entrant and that there is no link between these two physical switches, because this would create a loop of layer 2 on the network.

  I haven't worked much with Linux, but I don't see that you would have a problem to find some Linux/Unix with the possibility to bridge two network cards and use some software IPS to inspect the traffic.

• I want Docs on IPS / IDS

  Hello

  I am new to IPS /IDS, help with the Docs to read basic & MFIS on IPS / IDS.

  Concerning

  RAMU

  Here are some documents on the basis of the IPS product, IE: what it does, etc.:

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5729/ps5713/PS4077/prod_brochure0900aecd805baea7.html

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5729/ps5713/PS4077/product_data_sheet0900aecd805baef2.html

  You want to reserve a specific configuration documentation, here, you will:

  http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/IDM/idmguide7.html

  (Version 7.x is currently the latest version on IPS).

  Hope that helps.

• Design of left/HP4330 question

  We just bought a san Lefthand/HP4330, composed of 6 knots, 3 knots, each placed in 2 separate buildings, configured in a cluster of stretched metro, so raid network will distribute data
  on both sites, to all the nodes.  Useful ability is to 18.  We plan to create two LUNS to meet the requirement of heartbeat of storage; a small lun for the ISO and the 2nd
  pulsation of storage of about 300 GB in size and other balance of space, approximately 17 + TB, as a large number of logical unit for all the virtual machines.

  The hosts are the esxi/vsphere 5.1

  Did anyone see drawbacks to this plan?

  Please ask questions if more information is needed to comment.

  With a 6 cluster Lefthand node, I would consider to create multiple LUNS for a better distribution of the workload. Each LUN will have a management controller, and with only a single production LUN concentrate traffic on a node and therefore lose benefits left design. In this cluster of Mutli-Site you are considering, you will be usually 4 Directors (two from each site) and a Failover Manager (FOM), then I would say at least 4 Mon.

  André

• ASA 5505 IPS/IDS Module

  HI Experts,

  Can you please give me an idea on what this module IDS/IPS for ASA 5505?

  How much does it cost? How to install and configure to work with ASA 5505?

  We have also a few site to site of ASA 5505 VPN configuration. This would affect somehow?

  Thank you very much

  ANUP

  ANUP-

  You should be able to find the links that I provided for you with a general search on Cisco's Web site for 'ssc-5' and 'installation' and 'configure '.

  No, you should still ASA terminate Internet access. You want to have the SSC-5 module (IPS) to monitor the interfaces from the INSIDE, (always wanting to make IDS/IPS inside a firewall). This way you can see the traffic after it has been decrypted on your VPN, and after the traffic has been filtered to your firewall rules.

  -Bob

• Explanations of IPS/IDS signatures?

  Anyone know where I can find an explanation of the individual signatures that are used in a 4215?

  Thanks in advance!

  Hello

  All Signatures IDS/IPS can be found in the section My SDN. You can click on any of the Signature ID or release and enter the details of the information.

  You can visit my SDN (required ORC) at http://tools.cisco.com/MySDN/Intelligence/searchSignatures.x?currentPage=1&st=sd&so=d

  Hope that helps,

  Please rate if this can help.

  Kind regards

  Samuel Wilson

• NAC Vs IPS/IDS

  Hi all

  One of the clients has secured several locations. Each location has its own Internet access. Hand and DR data centers had ASA5510. Remote users use connections IPSEC RA and Citrix (ms principal then road to internal n/w). What is the best solution... NAC or IDS/IPS for security?  My guess is, with many internet, client access points may have to opt for the solution at each location. Also, is there any document that explains the differences between the NAC Vs IDS/IPS?

  TIA

  MS

  I always place the IPS sensor inside the firewall. In this way, just to inspect the traffic that gives thanks to the firewall policy and the sensor generates alerts will be most valuable in terms of actual intrustions, that you should be aware.

  If the traffic passing thought your DS3 router is encrypted in a VPN tunnel, a router based IPS will not be able to inspect traffic within the VPN.

  You will need to inspect, once it has been deciphered. This could be done in the ASAs or with a sensor of the external device, like a 4240.

  -Bob

• Consolidation of Virtual Machine disk is necessary question

  Today, I have one of my virtual downwards because the error message that says that "there is no more space for disk virtual xxxxx - 000018.vmdk.» you might be able to continue this session by freeing up disk space on the relevant volume by clicking on try again"

  I want to know why this happened if I make my virtual with 1.5 to and my server is new... so for the most part the server have 300 GB in use... I also had 750 GB available for an another virtual and that the question, why this virtual grow too much and too quickly?

  Also when this happened how can I do to solve this problem, how disk space if I did a single data store with al the available space.

  The suggestions will be welcome.

  Thanks for you comments.

  Concerning

  JP

  In the files you posted, it appears that 000002 and 000007 files are not in use by the virtual machine, but the others are. What I recommend you do is to open the Snapshot Manager, create a new snapshot and then run "Delete All". This should clean all the snapshots except for the two mentioned above. If this is the case, shut down the virtual computer and move the two snapshots listed in a subfolder (to be able to restore them in case I'm wrong), then power on the virtual machine again. If there is no error, you can delete the moved files.

  Unfortunately I can't see any rule, snapshots are used and that have been created just for adding hot backup not, so you should always have to understand this from scratch. At least for the moment until Acronis comes up with a fix, you need to delete snapshots manually on a daily basis since the Snapshot Manager (create a new cliché-> Delete All) to avoid any trouble with too many active snapshot on the virtual computer.

  You have another virtual computer that has NOT "changed block Tracking" on, to see if the problem is related to the CBT!

  André

• design of table size question of data modeling

  Hi Experts,
  Sorry if I put my question in a wrong forum please suggest an appropriate forum.
  
  need your opinion on the current design of our data warehouse of 10 years.
  There is a dimension table with the structure as follows
  
  Dimension table
  --------------------
  Number of dimension key (THIS IS NOT a PRIMARY KEY)
  Natural key (from source) number
  the source name character
  current record indicator e Char (1)
  date of form_date
  TO_DATE date
  several other columns, which, if change a new current record is created and the previous one is marked as H-historical
  
  Data are stored in the table of size like this
  Dimension_key natural key Source name current record ind from_date to to_date
  1 10001 Source1: 1 January 2005 May 31, 2005
  1 10001 Source1: 1 - jun - 20005 12-dec-2011
  1 10001 Source1 C 13-dec-2011 NULL
  
  2 20002 Source1: 1 - jun - 20001 12-dec-2011
  2 20002 Source1 C 13-dec-2011 NULL
  
  The problem I see in this design is that if any attribute is changed there is no surrogate key, the new record is inserted first taking the key dimension based on the (natural_key, source_name, current_record_ind).
  Shouldn't it be kept as follows based on the principles of data warehousing.
  
  Dimension_key natural key Source name current record ind from_date to to_date
  1 10001 Source1: 1 January 2005 May 31, 2005
  2 10001 Source1: 1 - jun - 20005 12-dec-2011
  3 10001 Source1 C 13-dec-2011 NULL
  
  4-20002 Source1: 1 - jun - 20001 12-dec-2011
  5 20002 Source1 C 13-dec-2011 NULL
  
  Please let me know the advantages and disadvantages of the current design.
  
  Published by: Rous Sharma on December 15, 2011 20:28

  Correct, your second example for example by using a surrogate key is design to go with.

  Flaws with the original design:

  -There is a relationship one between Dimension_Key and Natural_Key, no need to keep both.
  -Si Dimension_Key is the FK with a fact table, there will be a number of many relationships between fact and Dimension.
  -Additional processing to search for Dimension_Key rather than simply for example use a sequence.

• Oracle Database 11 g RAC 2: role of the Public, private, virtual, and SCAN IPs.

  Hi Experts,
  
  1 can you please let me know why we need to set up under IP addresses for the RAC configuration and what is the role that each plays?
  
  
  -Public
  -Private
  -Virtual
  -SCAN
  
  2. What is the relationship between IP SCAN and virtual IPs?
  
  Concerning

  Hello

  859875 wrote:
  Hi Experts,

  1 can you please let me know why we need to set up under IP addresses for the RAC configuration and what is the role that each plays?

  -Public

  Configured before installation for each node and can be resolved at this node before installing.
  Role:
  Enable Virtual/SCAN configuration/communication between the nodes in the cluster. Do not start the Clusterware without public IP Interface/address.
  Virtual/SCAN will work as an alias IP on the public Interface on the Public network.

  -Private or interconnection

  Configured before installation, but on a separate private network, with its own subnet, which is not resolved except by other nodes in the cluster member
  Role:
  Clusterware uses for cluster synchronization (network heartbeat) interconnection and communication of demon among the nodes in the cluster.
  RAC uses the interconnect for cache fusion (UDP) and inter-process communication (TCP).
  Cache Fusion is the remote Oracle buffers, shared memory mapping between the caches of the members of the cluster nodes.

  -Virtual

  Configured before installation for each node, but not currently in use. IP, VIP and treats public SCAN addresses than any other addresses on the same subnet.
  Role:
  The goal is the availability of the applications. If add or remove nodes as your remove VIP client config (with SCAN, it is not necessary)
  When a node fails, the VIP associated with it is automatically failed over to another node.
  Without using VIPs or FAN, clients connected to a node who died often wait a TCP timeout (which can be up to 10 min) before getting an error.
  So, you don't have really a good HA solution without using VIPs and FAN. The best way to use the FAN is to use a client integrated with fast connection failover (FCF) such as JDBC, OCI, or ODP.NET.

  -SCAN

  Three static IP addresses that are configured on the server (DNS) domain names prior to installation so that the three IP addresses are associated with the name provided as the SCAN, and all three addresses are returned in random order by the DNS to the applicant
  Configured prior to installation in the DNS to resolve the addresses that are not currently in use. Addresses on the same subnet than all other IP addresses, addresses VIP and public SCAN
  Role:
  The goal is the availability of the applications before clients establish communication with CARS and make the whole of the Cluster completely transparent.
  IP SCANNER is a new 'layer' (oracle) with high availability network that allows to modify the characteristics of your cluster (IE add/remove nodes) without having to change the configuration in their concept of customers 'grid '.
  >

  2. What is the relationship between IP SCAN and virtual IPs?

  IP SCANNER is used to receive new connection requests and redirects to the VIP IP.
  The virtual IP address sets and allow failover of connections after connection is established.

  When the client requests a connection, Oracle Client 11 GR 2 find for IP addresses and create a list of all IP SCAN available for this host-scan, the first attempt to connect to RAC uses one of the available SCAN IP addresses.
  The listener ANALYSIS will receive this connection and re - direct to one of the available using LOCAL_LISTENER nodes from that time the connection is made by using the virtual IP (VIP).

  All SCAN/VIP must be resolved by the DNS.

  The customer knows that there is only the Hostname SCAN, which is configured in the connection string.
  Once the connection is requested Oracle Clusterware redirects the connection to one of the VIP host name must be resolved by the DNS.

  Kind regards
  Levi Pereira

• To be or not to be virtual memory; is this a question?

  Some people claim that systems with 8 GB of RAM or more do not need more than 800 MB of virtual memory to cover failures of the system. Others claim that virtual memory is used for something else that the permutation and must therefore be kept to the suggested amount. Some people claim that virtual memory is essential to protect against leaks of memory, but that wouldn't be delaying the inevitable. I've built systems with 16 GB of RAM and only 800 MB of virtual memory and never had a problem because she.

  It gives 8 or even 16 GB of RAM, virtual memory is the computer equivalent of a human appendage, that is, it used to be important a long time ago, but now it's just an object of ridicule?

  P.S. If the virtual memory is important, please give specific examples.

  PC

  In the case of a computer crash if there is little or not the cause of the accident of virtual memory cannot be written to disk so to diagnose a computer problem is made more difficult without it.

• Adobe Design Standard CS6 language question

  I have Adobe Design Standard CS6 (Korean), but I want Siu English version. Can I change the language to Adobe Design Standard CS6 (Korean)?

  Exchange https://helpx.adobe.com/x-productkb/policy-pricing/exchange-product-language-os.html

• VMware certified Design Expert, 5 - VTC - Question Design Review

  Hi team,

  I just started working on preparation VCDX5-VTC. I finished VCP5/VCAP-DCA/VCAP-DCD in vSphere 5.0 and I would like to know if my VCDX5-VTC design should be based on vSphere 5.0, or it can also rely on the vSphere 5.5 infrastructure as well.

  Kind regards

  Chaary

  I understand that a drawing of VCDX5 can be any version 5

  • 5.0
  • 5.1
  • 5.5

  I believe you can also submit a version 6 design, although you are not awarded a VCDX5.

• Design of Network\VLAN question

  I have a network completely flat and Im not a networking guy, but I have two ESX host, I need to build with a Lefthand SAN

  and I want to create a VLAN for vmotion traffic segmentation. Anyone know where I could find instructions to create the VLAN?

  I have 6 NETWORK adapters per ESX host and plan on using iSCSI software. I have also dedicated physical switches for my iSCSI traffic.

  How you prefer to use the 6-port network card?

  Awared points to answers.

  Hello

  You can assign a VLAN on each port group. VSphere Client, click on ESX / I have server you want to configure > click on the Configuration tab > then click on link networking in the hardware Section. Then click on the properties link in one of the vSwitch > select one port group, and then click on edit. Finally, you can assign a VLAN in the VLAN ID properties.

  The best way to use the NIC ports available, I think that there depends on your preferred configuration. For example, what kind of features you need to activate, the requirement for a network for each virtual computer speed, etc. But, basically, I have the same perception with the previous suggestion. You can allocate one or two ports for specific traffic.