cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
140
Views
0
Helpful
2
Replies
Highlighted
Beginner

What determines signature settings

Is there a specific formula or criterea Cisco uses to determine what to set a signature to as far as level and if it is enabled ?

Thanks

2 REPLIES 2
Highlighted
Engager

Re: What determines signature settings

hello ktimm,

I think cisco has seen the threats regarding each vulnarability and associated each with a level. any new attack is added to the signature database and cisco releases this new signature update then & there.. this is the best thing about them.. they always keep us updated with the world !!

whatever it is, its you who decide the entire functionality of the IDS. cisco has setup the signature and disabled most of them by default. You, as an administrator, need to decide (taking your applications into consideration), which signature to enable and above all, which one to block !!! so, its all in your hands !!!

hope this helps !!

Highlighted
Beginner

Re: What determines signature settings

I know it is in my hands. I was wondering if there was a formula or if it was arbitrary. For instance why is the DHCP bug defaulted to medium. The impact is that it could shut down an interface on an internet router however it should not be running on most routers. I was looking for something like (Impact * Deployment * Fidelity * Likelihood / Age).

I have my own rating system that I try to adhere to. I was looking for formality and understanding.