|[ LiB ]|
Terms you'll need to understand:
Global sensing parameters
IP packet reassembly
Attack signature groups
Service signature groups
Operating system (OS) signature groups
Layer 2, Layer 3, and Layer 4 (L2/L3/L4) signature groups
Techniques you'll need to master:
Configuring global sensing
Accessing signature groups
Configuring basic signatures
Setting signature response actions
Tuning a default signature
Creating custom signatures
The optimum use of signatures in sensor configuration is key in achieving peak capability from your Cisco Secure Intrusion Detection System (IDS). This chapter outlines the steps involved in configuring signature settings and tuning signatures for specific network characteristics. You can use signature filtering to exclude certain hosts from triggering specific signatures or to set minimum severity levels for alarm triggers.
The overall sensing profile of the Cisco IDS is determined by global sensing parameters , which affect overall sensing characteristics, and signature configuration , which affects settings specific to a particular signature or set of signatures.
In Chapter 9, "Cisco IDS Signatures, Alarms, and Signature Series," we reviewed the complete range of Cisco IDS signature engines, master signature parameters common to all signature engines, and local parameters specific to each signature engine. In this chapter, we outline the steps to configure high-level global sensing. Now that you are familiar with the Cisco IDS signature engines and their parameters, we go through the steps for signature configuration, whether tuning default signatures or creating custom ones.
As a final note, although you can perform most of these tasks using the IDS Management Center (MC) as well as the IDS Device Manager (IDM) and the command-line interface (CLI), this chapter focuses on configurations using the IDS MC. Configuration steps using the IDM are similar to those for the IDS MC; configurations using the CLI are covered in Chapter 7, "Cisco IDS Navigation and General Configuration Using the Command-Line Interface."
|[ LiB ]|