I left a good antivirus in the city

Scanning with the signatures every night and day

And I never lost one minute of sleeping

Worrying about the viruses that might have been

Pattern files keep on loading

Real-Time keep on running

And were scanning…. scanning

Scanning every packet

Quarantined a lot of worms in Georgia

Cleaned a lot of files down in Santa-Fe

But I never saw the good side of the viruses

Til they choose to do antivirus out in the cloud

Pattern files keep on loading

Real-Time keep on running

And were scanning…. scanning

Scanning every packet

If you come down to Vegas

I bet you gonna find some people in July

They will make you worry even if your signature is updated

People at the Race to Zero can infect you anyway

After the ceremonious un-boxing of the Sourcefire 3D-1000 IPS in my bedroom (hey, it’s saturday morning, give me a break!) I did what any good techie would do, discard the fine-print manuals for the big shinny slick ‘Quick Start Guide’. In this lovely document everything seemed pretty rudimentary all except one section.

Safety and Regulatory Compliance: The 3D sensor should be installed and maintained by a qualified personnel only. Hmmm, I’ve been doing this stuff for some time now, but how qualified am I? I guess we were about to see.

After quickly running through the setup instructions on my secondary ethernet connection, adding the license file, and setting up the management port on my DMZ range (not necessarily in that order), I was set to put in in-line  in passive and start watching some data flow. REALLY? Wait, this only took me a few minutes to get to this point, why was this so simple? Should I be concerned. Not at all, Bravo to the folks at Sourcefire for compiling and producing a hardware IPS that is so straight forward! I was able to get this fully functional in passive mode with default settings reconfigured in less then 5 minutes. Bravo!

Equipment Used:

• Cisco PIX 515E Firewall
• Cisco 2800 Router
• Private T1 Internet Circuit
• Sourcefire 3D-1000 IPS