response action vs action

livenliven Posts: 918Member
Is there really a difference between

response action and just a plain old action?

Sorry if this is a silly question, but as I build my own study guide off of the exam blue print I am struggling with some of the things listed. The reason I am struggling is because it is difficult to get clear cut definitions for some of the things on the blue print from cisco.com.

I am talking about this:

* Configure response actions for a signature

that is straight from the IPS exam blue print on cisco.com

I am thinking they are asking how do you configure things like this:

deny attacker inline
deny packet inline
log attacker packets

etc.....

anyone?
encrypt the encryption, never mind my brain hurts.

Comments

  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member ■■■■■■■■□□
    A response action is anything that is initiated when a signature/anomaly detection fires, whether it be full blown host blocking/connection-denies or just an alert. I think they make the distinction because you can pro-actively/manually block hosts or perform captures without a signature firing, in that case it's just a 'plain old action'.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • livenliven Posts: 918Member
    thanks
    encrypt the encryption, never mind my brain hurts.
Sign In or Register to comment.