Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Understanding signatures better

I have a 4210 sensor behind the PIX firewall. I have had just a few alarms so far and of course they come from inside the network. An example was a 5232 when and internal private address was accessing a website. I understand what would be happening if this was from the outside to the inside but when it is someone on the inside simply accessing a website, what is actually happening. I also checked the NSDB and it said there were no benign triggers. Please forgive my niavity but I am just learning security and IDS so bear with me.

  • Other Security Subjects
5 REPLIES
Bronze

Re: Understanding signatures better

5232 is looking for "

New Member

Re: Understanding signatures better

sdesbrough,

Do you know of any good white papers, check lists, or documented processes to familiarize yourself with that would ultimately help you investigate suspicious activity? It would certainly help a newbie.

Anonymous
N/A

Re: Understanding signatures better

New Member

Re: Understanding signatures better

I haven't been able to find anything but have been looking. I only got CSPM and the sensor about two weeks ago. I used the Cisco Press book to install but it of course doesn't tell me what to do with it now that I have it installed and working.

New Member

Re: Understanding signatures better

Here's a good read on the vulnerabilities associated with cross site scripting:

http://www.cgisecurity.com/articles/xss-faq.shtml

90
Views
0
Helpful
5
Replies
This widget could not be displayed.