Table of Contents
Advertisement
Chapter 10: General BSC Operational Settings
Enable IDS
Mark this checkbox to activate the BSC Intrusion Detection System.
Thresholds
Violation Threshold: Enter the maximum number of violations a user host may accrue in
the Normal State. The default setting is 20. If a host exceeds the configured threshold, the
BSC IDS moves the host to the Pre-monitoring State.
Max Number of Violations: Enter the maximum number of violations a user host may
accrue while in the Pre-monitoring state.
The default setting is five. If a host exceeds the configured maximum, the BSC IDS moves
the host to the Monitoring State.
Ports to block before entering Blocked State: Enter the number of blocked ports a host
must accrue before the BSC IDS transitions the host from the Monitoring state to the
Blocked State.
User Settings
Select the Role into which users in the Blocked State will transition from the drop-down list.
There are two default IDS roles from which to select—Monitoring Mode (allow all traffic)
or Quarantined (deny all traffic). You may customize these roles or create your own IDS
role to assign to blocked users as described in "Defining User Roles to Enforce Network
Usage Policies" on page 8-2.
Timeouts
Enter the maximum number of seconds a user host may spend in the Pre-monitoring State
without accruing the configured maximum number of violation in the Pre-Monitoring
Timeout field. The default setting is 300 seconds. If the host does not accrue the
configured maximum number of pre-monitoring violations within this configured period,
the BSC IDS returns the user host to the Normal State. Note that the Monitoring Mode role
is designed to be used for test purposes as you adjust the BSC IDS settings.
Enter the seconds to block a user host's ports in the Blocked State Timeout field.
The default setting is 0—a user host's ports will remain blocked until explicitly unblocked
by a BSC Administrator. If a value is entered other than 0, the user's ports will remain
blocked until the specified period of time has elapsed.
Redirect
Enter the URL to redirect blocked users to in the URL to redirect detected devices field.
Typically, you will want to redirect a blocked user to a web page that informs them of
their blocked status and offers information and links (e.g., to download virus protection
software) to possibly remedy the situation.
Saving the
Click Save to save the IDS settings to the BSC database.
settings
You may be prompted to restart the BSC. We recommend that you do not restart the BSC
until you have completely finished configuring the BSC for use in your network.
See "Monitoring a User's IDS Status" on page 15-3 for information about monitoring user
host IDS states and activity, and the actions you may take to block or un-block hosts
manually. See "Defining MAC Address Authentication" on page 5-5 for information
about blocking and unblocking a device configured for MAC authentication.
SNMP Agent
To modify the settings for the BSC SNMP agent:
Displaying the
Click the General tab in the BSC administrator console, and then click the SNMP
1.
SNMP Settings
Agent tab. The SNMP Settings page appears as shown in Figure 10-4.
page
10-8
Figure 10-3: Intrusion Detection System Settings Page
Advertisement
Table of Contents
