Step 2: Select a signature that you want to retire or activate, and click Edit on the toolbar. The Signature Configuration panel is displayed. Step 1: Click Configuration and choose Policies > Signature Definitions > Sig0 > All Signatures. Follow these steps to retire or activate a signature: When this is done, the sensor rebuilds its configurations and the signature is once again added to the set of currently active signatures. You can activate signatures you have previously retired. For a signature to function, the signature must be both activated and enabled. After the signature is retired, it is removed from memory but stored in flash. Retiring a signature removes it from the set of currently available signatures, which are part of the signature database.
Signatures that are not being used are no longer applicable to the network resources being protected should be retired to improve sensor performance. * All Signatures: Displays all defined signatures * Web Server: Enables you to display signatures based on web servers * Viruses/Worms/Trojans: Displays signatures based on malware that is defined as these three types * UC Protection: Displays Cisco Unified Communications-based signatures * Telepresence: Enables you to display Telepresence-based signatures
GNS3 VERSION 1.3.9 UPDATE
* Releases: Enables you to view signatures grouped by signature update releases * Reconnaissance: Display signatures based on discovery protocols, such as Internet Control Message Protocol (ICMP) sweeps * P2P: Displays signatures based on different peer-to-peer file-sharing applications * Other Services: Displays signatures based on application layer services, such as FTP, HTTP, and others * OS: Displays signatures grouped by operating system type * Network Services: Displays signatures that are based on network service protocols, such as DHCP * L2/元/L4 Protocol: Displays signatures grouped by network protocol type, including Address Resolution Protocol (ARP), IP fragment, IP version 6 (IPv6), and others * Instant Messaging: Displays instant messaging (IM) signatures grouped by IM application * IOS IPS: Displays signatures in the IOS IPS * Email: Displays email signatures by protocol, such as Internet Message Access Protocol (IMAP) or Simple Mail Transfer Protocol (SMTP) * DoS: Displays denial of service signatures * DDoS: Displays distributed denial of service (DDoS) signatures * Configurations: Displays configuration-based signatures that mitigate atacks typically because of misconfiguration * Attack: Displays attack-based signatures that are grouped by attack types * Adware/Spyware: Displays signatures that are designed to address adware and spyware issues * Active Signatures: Displays all non-retired signatures The All Signature database view displays all signatures available in the sensor signature set when each signature set is clicked on, it displays the list of signatures grouped under it in the view pane. By default, the signature configuration panel displays signatures that are lissted by signature ID number. The All Signatures view is only visible when the Sig0 is expanded. The signatures in the Cisco IPS Sensor can be accessed through the Cisco IDM by choosing Configuration > Policies > Signature Definitions > sig0 and then clicking All Signatures to access the Signature Configuration panel.
0 kommentar(er)
