https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942090#M79748 <HTML><HEAD></HEAD><BODY><P>I'm not aware of any such recommendation or profile available on the IPS based on services deployed. But within the IPS you can arrange the current signatures 'view' based on Engines/Categories/Protocols etc. and you can use that functionality to disable/enable multiple signatures in one go.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html</A></P><P></P><P>Regards</P><P></P><P>Farrukh</P><P></P><P></P></BODY></HTML> Thu, 12 Jun 2008 01:18:07 GMT Farrukh Haroon 2008-06-12T01:18:07Z https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942089#M79744 <P>Hello,</P><P></P><P>Does anybody know if there is documentation regarding the recommended signatures to be activated depending of the network service being deployed?</P><P>Let's say that I have several servers behind a firewall, therefore, in theory I would only need to activate in my IPS the signatures related to those services, for example, ftp, https, aaa, etc...</P> Sun, 10 Mar 2019 11:09:05 GMT https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942089#M79744 javiercastro 2019-03-10T11:09:05Z https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942090#M79748 <HTML><HEAD></HEAD><BODY><P>I'm not aware of any such recommendation or profile available on the IPS based on services deployed. But within the IPS you can arrange the current signatures 'view' based on Engines/Categories/Protocols etc. and you can use that functionality to disable/enable multiple signatures in one go.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html</A></P><P></P><P>Regards</P><P></P><P>Farrukh</P><P></P><P></P></BODY></HTML> Thu, 12 Jun 2008 01:18:07 GMT https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942090#M79748 Farrukh Haroon 2008-06-12T01:18:07Z https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942091#M79751 <HTML><HEAD></HEAD><BODY><P>Hi there,</P><P></P><P>Depending on IPS, you should be able to disable signatures for Solaris, OSX, Windows, Linux if you are not using them in your network. The trick is getting the vendor to admit how many signatures the device can handle. They will almost always lye to you.</P><P></P><P>Also if you but sensors in front and behind your firewalls. You will see which are getting through the firewall, That then need to be install on the IPS to protect against.. if you add a 3rd sensor in back of the IPS. you can see how many made it past all your defenses</P><P></P><P>Let me know if that helps a little.</P><P>~TS</P></BODY></HTML> Fri, 11 Jul 2008 14:21:55 GMT https://community.cisco.com/t5/network-security/ips-relationship-between-signatures-and-network-service/m-p/942091#M79751 TradeSecrets 2008-07-11T14:21:55Z