• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 889
  • Last Modified:

IDP/IPS

Dear Sir, i find IPS signatures very complex, how can i better understand these signatures in simplest way. could you please give me some sources explaining about IDP/IPS. how different they are from viruses.
0
shoeb_fbd
Asked:
shoeb_fbd
1 Solution
 
ciscoguy69Commented:
IDS / IPS signatures are used to mitigate viruses and vulnerabilities and in some cases to recognize malicious traffic / patterns. Unfortunately they are assembled and presented differently based on manufacturer so a single guide does not exist. If you post the model / manufacturer of the system you are using, there may be a document. Below is a link that explains the basics.


http://en.wikipedia.org/wiki/Intrusion-prevention_system
0
 
Rich RumbleSecurity SamuraiCommented:
They all work about the same, snort is an easy one to get started with...
http://doc.emergingthreats.net/bin/view/Main/GeneralFAQ
Some rules are easy to write... http://xinn.org/Snort-fgdump.html
Others are far more complex, and can span multiple packets and or protocols... But it's easy to capture the traffic, and try to write one yourself, or eve submit to a group who will look at the data. The sig linked above, simply look for the word fgdump.svc in a packet destined for the local network. There are quite a few different ways to make a sig, some better than others.
Good short examples: http://riosec.com/search/node/snort
http://www.snort.org/docs/writing_rules/chap2.html#tth_chAp2
-rich
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now