Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Intrution Detected, is that a bad sign?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Intrution Detected, is that a bad sign? - 6.Aug.2008 9:58:02 PM
|
|
|
xl@n3
Posts: 5
Joined: 5.Aug.2008
Status: offline
|
Hi everyone, I found a lot of intrution detected under Alerts on my isa2k4. The thing is, some of the ip's detected are sites that we do business with. It won't show up again when i block it on our DSL but the problem is, these sites needs to be access by our office...so i'm wondering what's causing these intrutions and how to solve it...does anyone have an idea?
thanks...
|
|
|
|
|
RE: Intrution Detected, is that a bad sign? - 7.Aug.2008 12:14:55 PM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
Hi,
What’s causing the alerts? You have enable IDS in ISA and it’s alerting you that one of or all of the seven attack types has been detected and triggered. This article link below describes the ISA feature. http://www.redline-software.com/eng/support/docs/isaserver/CMT_IntrusionIntro.php . You can also set actions based on the trigger if necessary.
Stopping it, well you could be in for a tedious task. Port scans for instance are a common thing and I probably would not go to the trouble of termination of service if it occurs. Blocking as you are doing is probably not good either. False positives do occur and blocking is probably not called for. If and an alert is triggered and determined to be malicious, then blocking may be called for. Penetration testing is always a good way to determine if you at risk for compromise. ISA does a pretty good job in protecting your IT assets but it’s only as secure as the person who configured it or the applications you have published behind it!
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Intrution Detected, is that a bad sign? - 7.Aug.2008 5:41:34 PM
|
|
|
xl@n3
Posts: 5
Joined: 5.Aug.2008
Status: offline
|
thanks for the infor david...the isa was already installed when i first started here.. i'm looking for ways to improve and strengthen our isa thru the help of this forum....and for sure does help.
thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
