From the course: Cisco Network Security: Intrusion Detection and Prevention
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Managing IPS alarms - Cisco Routers Tutorial
From the course: Cisco Network Security: Intrusion Detection and Prevention
Managing IPS alarms
- [Instructor] When there is a signature match the device executes the corresponding action, alert, or logging function. The alarm can be false positives or false negatives, which may have to be modified or tuned to get a more accurate result. There are four types of alarms. A false positive alarm is when the system generates an alarm when processing normal benign traffic. A false negative is when an intrusion system fails to generate an alarm after processing attack traffic that the system is configured to detect. False negatives are dangerous, as the system is not detecting known attacks. A true positive is when the system generates an alarm in response to known malicious traffic. A true negative is normal network traffic that does not generate an alarm. The goal is to generate true positive alarms. To minimize false positives and false negatives the administrator should study existing network traffic, and then tune the signatures to better recognize intrusion patterns. A signature…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.