The Never
Block IP Addresses Setup
The Never Block Addresses tab is an answer
to the critical host issue mentioned earlier in this chapter. As we mentioned,
some systems on our networks should never be blocked like a DNS server or a
Cisco Secure IDS Director and sensors. This option allows us a safe
network-monitoring tool and allows these systems to function normally. The
following lists how we can configure these systems as Never
Block Addresses.
From the Network Topology Tree in the left pane of the CSPM,
select the sensor that is monitoring the network that a particular critical host
resides upon. Now select the Blocking tab as in the previous
exercise. We should now be looking at the Never Block
Addresses tab. If not, select the appropriate tab. This tab can be seen in
Figure
8.8.
Click the Add button to add the critical
host(s), or critical subnets of what we will never want to be blocked. These
hosts, or networks, will be identified by IP address and subnet mask. We will
need to select, add, and configure each host, or network, individually. Once
this list is complete, we can choose OK and then save our
settings. We then need to update our sensors as mentioned in the last exercise.
This is done by using the Update and Approve
Now buttons under the Command tab of our sensors. This
process will need to be repeated for each sensor on the network utilizing IP
blocking.
Sections
Comments (0 posted)
Syndication
