This chapter covers the following subjects:
The heart of the Cisco IPS is the signatures that the sensor uses to identify intrusive traffic on your network. Viewing signatures by using signature groups enables you to efficiently configure the numerous Cisco IPS signatures to match your unique network configuration.
Your Cisco IPS sensors check network traffic against signatures of known intrusive traffic. It is important to understand how to locate the signatures available as well as to determine which signatures are most important in your unique network environment. This chapter explains how you can use IPS Device Manager (IDM) to view the different signatures by signature group and to enable the numerous signatures that are available. Advanced signature configuration operations, such as signature tuning and creating custom signatures, will be covered in Chapter 7, "Advanced Signature Configuration."
"Do I Know This Already?" Quiz
The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.
Table 5-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.
The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows: