11-15-2004 07:36 AM - edited 03-09-2019 09:26 AM
Is there a specific formula or criterea Cisco uses to determine what to set a signature to as far as level and if it is enabled ?
Thanks
11-16-2004 11:02 PM
hello ktimm,
I think cisco has seen the threats regarding each vulnarability and associated each with a level. any new attack is added to the signature database and cisco releases this new signature update then & there.. this is the best thing about them.. they always keep us updated with the world !!
whatever it is, its you who decide the entire functionality of the IDS. cisco has setup the signature and disabled most of them by default. You, as an administrator, need to decide (taking your applications into consideration), which signature to enable and above all, which one to block !!! so, its all in your hands !!!
hope this helps !!
11-17-2004 11:33 AM
I know it is in my hands. I was wondering if there was a formula or if it was arbitrary. For instance why is the DHCP bug defaulted to medium. The impact is that it could shut down an interface on an internet router however it should not be running on most routers. I was looking for something like (Impact * Deployment * Fidelity * Likelihood / Age).
I have my own rating system that I try to adhere to. I was looking for formality and understanding.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide