response action vs action
liven
Member Posts: 918
Is there really a difference between
response action and just a plain old action?
Sorry if this is a silly question, but as I build my own study guide off of the exam blue print I am struggling with some of the things listed. The reason I am struggling is because it is difficult to get clear cut definitions for some of the things on the blue print from cisco.com.
I am talking about this:
* Configure response actions for a signature
that is straight from the IPS exam blue print on cisco.com
I am thinking they are asking how do you configure things like this:
deny attacker inline
deny packet inline
log attacker packets
etc.....
anyone?
response action and just a plain old action?
Sorry if this is a silly question, but as I build my own study guide off of the exam blue print I am struggling with some of the things listed. The reason I am struggling is because it is difficult to get clear cut definitions for some of the things on the blue print from cisco.com.
I am talking about this:
* Configure response actions for a signature
that is straight from the IPS exam blue print on cisco.com
I am thinking they are asking how do you configure things like this:
deny attacker inline
deny packet inline
log attacker packets
etc.....
anyone?
encrypt the encryption, never mind my brain hurts.
Comments
-
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
A response action is anything that is initiated when a signature/anomaly detection fires, whether it be full blown host blocking/connection-denies or just an alert. I think they make the distinction because you can pro-actively/manually block hosts or perform captures without a signature firing, in that case it's just a 'plain old action'.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?