Chapter 10. Global Sensing and Signature Configuration

[ LiB ]  

Terms you'll need to understand:

  • Global sensing parameters

  • Signature configuration

  • Internal network

  • IP packet reassembly

  • Attack signature groups

  • Service signature groups

  • Operating system (OS) signature groups

  • Layer 2, Layer 3, and Layer 4 (L2/L3/L4) signature groups

  • Signature filtering

  • Filter exceptions

Techniques you'll need to master:

  • Configuring global sensing

  • Accessing signature groups

  • Configuring basic signatures

  • Setting signature response actions

  • Filtering signatures

  • Tuning a default signature

  • Creating custom signatures

The optimum use of signatures in sensor configuration is key in achieving peak capability from your Cisco Secure Intrusion Detection System (IDS). This chapter outlines the steps involved in configuring signature settings and tuning signatures for specific network characteristics. You can use signature filtering to exclude certain hosts from triggering specific signatures or to set minimum severity levels for alarm triggers.

The overall sensing profile of the Cisco IDS is determined by global sensing parameters , which affect overall sensing characteristics, and signature configuration , which affects settings specific to a particular signature or set of signatures.

In Chapter 9, "Cisco IDS Signatures, Alarms, and Signature Series," we reviewed the complete range of Cisco IDS signature engines, master signature parameters common to all signature engines, and local parameters specific to each signature engine. In this chapter, we outline the steps to configure high-level global sensing. Now that you are familiar with the Cisco IDS signature engines and their parameters, we go through the steps for signature configuration, whether tuning default signatures or creating custom ones.

As a final note, although you can perform most of these tasks using the IDS Management Center (MC) as well as the IDS Device Manager (IDM) and the command-line interface (CLI), this chapter focuses on configurations using the IDS MC. Configuration steps using the IDM are similar to those for the IDS MC; configurations using the CLI are covered in Chapter 7, "Cisco IDS Navigation and General Configuration Using the Command-Line Interface."

[ LiB ]  

CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
Year: 2004
Pages: 213 © 2008-2017.
If you may any questions please contact us: