Re: Creating a list of signatures to apply to an outside interfa

blakem · ‎01-05-2006

I'm trying to create a list of signatures to apply to an outside interface of my 2851. It's connected to the Internet, and all I'm allowing is ICMP echo, esp, ahp, udp (non-500-isakmp & isakmp), and tcp (ssh).

What I'm trying to do is create a list which will only scan for vulnerabilities associated with the protocols/ports I have opened on the router.

Does anyone have any advice on how to go about maintaining a list (at the moment all I have is the SDM and CLI).

Many thanks,

Michael

mchin345 · ‎01-11-2006

The signature list displays the signatures available in the SDF. Review the signatures and choose the ones you want to import. If you want to import all the signatures, click Select All. The signature list area has three columns:Name: This is the name of the signature, for example, Cisco IOS Interface DoS.Deployed: If the signature is already loaded on the router, this column says Yes; if not it says No.Import: To import the signature, check the box.

For more information refer to the following url:

http://www.cisco.com/application/pdf/en/us/guest/products/ps5318/c1225/ccmigration_09186a008053a3f0.pdf

blakem · ‎01-12-2006

Thanks for the info and the link. I guess my next question is how do I decide which signatures are worth applying if I'm only allowing VPN tunnels and icmp?

Do you know if there are any docs which give advice on how to choosing signatures?

Many thanks,

Michael

Creating a list of signatures to apply to an outside interface