Chapter 13. Cisco IDS Alarms and Signatures

Upon completion of this chapter, you will be able to perform the following tasks:

  • Identify the major categories of signature engines

  • Explain the different alarming modes

  • Identify the master signature parameters

  • Explain regular expression string matching

  • Identify the Atomic signature engines

  • Identify the Flood signature engines

  • Identify the Service signature engines

  • Identify the State signature engines

  • Identify the Sweep signature engines

To identify malicious activity, Cisco IDS monitors network traffic and generates alarms when traffic matching specific signatures is detected. A signature is basically a description of network traffic that attackers use while conducting network-based attacks. To support a wide ...

Get CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.