Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

What are security signatures? How do they help in averting threat?

What are security signatures? How do they help in averting threat?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi,Cisco devices use

Hi,

Cisco devices use signature-based technology to detect network intrusions(attacks).
These signatures detect the network intrusion type with the help of its Sensors as they scans network packets while scanning packets they uses their signatures to detect the intrusion type like: denail-of-service attack (DoS).

The Sensor works like virus checking programs. The IPS carries a set of different signatures that sensor uses to with network activity. when a match is found, the sensor will take necessary action like logging or as defined in policies.

We can also modify the signatures according to our need.
To configure a sensor to monitor traffic for a particular signature, you must enable the signature. By default the most critical signatures are enabled. when an attack is detected that matches an enabled signature, the sensor generates an alert.

Cisco IPS contains 10,000 in-built signatures which you can not edit or delete.

Regards,
Rahul Chhabra
Network Engineer
Spooster IT Services

 

 

1 REPLY
New Member

Hi,Cisco devices use

Hi,

Cisco devices use signature-based technology to detect network intrusions(attacks).
These signatures detect the network intrusion type with the help of its Sensors as they scans network packets while scanning packets they uses their signatures to detect the intrusion type like: denail-of-service attack (DoS).

The Sensor works like virus checking programs. The IPS carries a set of different signatures that sensor uses to with network activity. when a match is found, the sensor will take necessary action like logging or as defined in policies.

We can also modify the signatures according to our need.
To configure a sensor to monitor traffic for a particular signature, you must enable the signature. By default the most critical signatures are enabled. when an attack is detected that matches an enabled signature, the sensor generates an alert.

Cisco IPS contains 10,000 in-built signatures which you can not edit or delete.

Regards,
Rahul Chhabra
Network Engineer
Spooster IT Services

 

 

86
Views
0
Helpful
1
Replies
CreatePlease to create content