2 Replies Latest reply on Apr 8, 2008 2:46 PM by Rugby_Anderson

    Disable the NIC

      I tried posting this in another section of the site but didn't get a response. Maybe I'm just drawing a complete blank, it has been a while since I touched HIPs signatures. Just tell me if I'm overlooking the obvious.

      Is there a way to have HIPs disable the clients NIC card based on a signature being triggered?
        • 1. RE: Disable the NIC


          No way to do this.

          However, if the signature is being triggered, that means HIPS caught the attack, and disabling the NIC would seem redundant.

          Also, once a NIPS signature is logged, the attacker is automatically block for x amount of minutes depending on what you set in policy.
          • 2. RE: Disable the NIC
            Thanks for the response chuck. I see where you are going with the whole blocking of the attack. However, we are looking at it more from a preventative measure. Lets say a virus definition hasn't been updated for x number of days because the user hasn't plugged in their machine in a while. We'd like to be able to take away their network connectivity until they bring it back for us to update. Yes it'll be a hassle but they're learn to plug in their machines from time to time.