Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
1
Replies

How to select Signatures for IDS/IPS

Deepak Khemani
Level 1
Level 1

‎01-29-2011 10:38 PM - edited ‎03-10-2019 05:15 AM

Hi Everyone

There are number of signature that are available for use in IDS/IPS and we can select a signature if we want to generate alarm for the signature or not?

I want to know what is the basis of selecting which signatures to enable and which signatures to disable in IDS/IPS?  I know there is no "One size fits all" concept in security, but still what is criterion in general for selecting signatures? Or is that we enable all signatures on IDS and IPS.

I have tried to google on this but not much luck.

Many thanks in advance.

Cheers

Deepak Khemani

Labels:
0 Helpful
1 Reply 1

johan.kellerman
Level 1
Level 1

‎01-30-2011 12:36 AM

Hi

The very first thing I would do is to make inventory of the network that you are protecting and identify OS, applications, systems etc. When that is in place I would disable/tune all signatures that are written to detect attacks against systems, operating systems or applications that you don’t have. This approach will ease your burden of detecting all the false positives that that you run into when you make a fresh start with an IDS/IPS installation.

Best regards

Johan Kellerman

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card