Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
2
Replies

What determines signature settings

ktimm
Level 1
Level 1

‎11-15-2004 07:36 AM - edited ‎03-09-2019 09:26 AM

Is there a specific formula or criterea Cisco uses to determine what to set a signature to as far as level and if it is enabled ?

Thanks

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎11-16-2004 11:02 PM

hello ktimm,

I think cisco has seen the threats regarding each vulnarability and associated each with a level. any new attack is added to the signature database and cisco releases this new signature update then & there.. this is the best thing about them.. they always keep us updated with the world !!

whatever it is, its you who decide the entire functionality of the IDS. cisco has setup the signature and disabled most of them by default. You, as an administrator, need to decide (taking your applications into consideration), which signature to enable and above all, which one to block !!! so, its all in your hands !!!

hope this helps !!

0 Helpful

ktimm
Level 1
Level 1
In response to sachinraja

‎11-17-2004 11:33 AM

I know it is in my hands. I was wondering if there was a formula or if it was arbitrary. For instance why is the DHCP bug defaulted to medium. The impact is that it could shut down an interface on an internet router however it should not be running on most routers. I was looking for something like (Impact * Deployment * Fidelity * Likelihood / Age).

I have my own rating system that I try to adhere to. I was looking for formality and understanding.

0 Helpful
Customers Also Viewed These Support Documents