Foundation Summary

Basic signature configuration focuses on the following topics:

  • Signature groups

  • Alarm modes

  • Basic signature configuration

Signature groups enable you to view Cisco IPS signatures more efficiently, based on the following categories:

  • Attack

  • L2/L3/L4 Protocol

  • Operating System

  • Signature Release

  • Service

  • Signature Identification

  • Signature Name

  • Signature Action

  • Signature Engine

After locating signatures by using signature groups, you can then easily perform the following signature operations:

  • Viewing Network Security Database (NSDB) information

  • Enabling signatures

  • Creating new signatures

  • Editing existing signatures

  • Retiring signatures

  • Defining signature responses

When creating new signatures, you can start with an existing signature by using the Clone option, or you can create a signature from scratch by using the Add option.

Retiring signatures enables you to improve performance by removing unneeded signatures from the signature engines. The signatures can be easily activated if they are needed in the future.

You can configure one or more of the following signature responses (actions) to be performed when a signature is fired:

  • Deny Attacker Inline

  • Deny Connection Inline

  • Deny Packet Inline

  • Log Attacker Packets

  • Log Pair Packets

  • Log Victim Packets

  • Produce Alert

  • Produce Verbose Alert

  • Request Block Connection

  • Request Block Host

  • Request SNMP Trap

  • Reset TCP Connection

CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter © 2008-2017.
If you may any questions please contact us: