IDP/IPS

Dear Sir, i find IPS signatures very complex, how can i better understand these signatures in simplest way. could you please give me some sources explaining about IDP/IPS. how different they are from viruses.
shoeb_fbdAsked:
Who is Participating?
 
ciscoguy69Connect With a Mentor Commented:
IDS / IPS signatures are used to mitigate viruses and vulnerabilities and in some cases to recognize malicious traffic / patterns. Unfortunately they are assembled and presented differently based on manufacturer so a single guide does not exist. If you post the model / manufacturer of the system you are using, there may be a document. Below is a link that explains the basics.


http://en.wikipedia.org/wiki/Intrusion-prevention_system
0
 
Rich RumbleSecurity SamuraiCommented:
They all work about the same, snort is an easy one to get started with...
http://doc.emergingthreats.net/bin/view/Main/GeneralFAQ
Some rules are easy to write... http://xinn.org/Snort-fgdump.html
Others are far more complex, and can span multiple packets and or protocols... But it's easy to capture the traffic, and try to write one yourself, or eve submit to a group who will look at the data. The sig linked above, simply look for the word fgdump.svc in a packet destined for the local network. There are quite a few different ways to make a sig, some better than others.
Good short examples: http://riosec.com/search/node/snort
http://www.snort.org/docs/writing_rules/chap2.html#tth_chAp2
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.