I am just starting to look at Cisco's intrusion prevention feature. I'd like to implement it but I have a few questions. How complete is the SDF file provided by Cisco? Is there a recommended source for SDF files that are "importable". It seems that the number of signatures is limited by memory. If I use the Cisco SDF file (128) how many custom signatures can I add? How often are SDF files updated and how often should they be refreshed on the router? What kind of logging does this do and can entries be written to a syslog server just like the firewall log? How does intrusion prevention differ from intrusion detection as far as recognized attack signatures?
If there is an online tutorial somewhere that explains all this can someone point me to it? Cisco's documentation makes way too many assumptions about what I know about Intrusion Prevention and Decection. TIA.
If there is an online tutorial somewhere that explains all this can someone point me to it? Cisco's documentation makes way too many assumptions about what I know about Intrusion Prevention and Decection. TIA.