network security news, articles, tools, links...
Dropped here by your search engine? Use the same keyword in the google box below to search this site.
Signature Types
Signatures fall into one of the following two basic categories depending on their functionality:
# Atomic signatures
# Stateful signatures
This section examines these signature types in further detail. Furthermore, the triggering mechanisms explained later in this chapter can be used with both of these base signature types. The major distinction between these two base signature types is whether or not the inspection process requires the IPS device to maintain state about previous actions that have been observed.
Atomic Signatures
Atomic signatures represent the simplest signature type. For an atomic signature, a single packet, activity, or event is examined to determine if the signature should trigger a signature action. Because these signatures trigger on a single event, they do not require your intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities.
STATE
State refers to situations in which you need to analyze multiple pieces of information that are not available at the same time. It also refers to tracking established TCP connections (connections that have gone through the initial three-way handshake). Valid TCP traffic also refers to traffic that has the correct sequence numbers for an established connection. For Network IPSs, state signatures usually refer to signatures that require analyzing traffic from multiple packets. Intrusion Prevention Fundamentals: Signatures and Actions
| Intrusion Prevention Fundamentals: Signatures and Actions |
Signatures fall into one of the following two basic categories depending on their functionality:
# Atomic signatures
# Stateful signatures
This section examines these signature types in further detail. Furthermore, the triggering mechanisms explained later in this chapter can be used with both of these base signature types. The major distinction between these two base signature types is whether or not the inspection process requires the IPS device to maintain state about previous actions that have been observed.
Atomic Signatures
Atomic signatures represent the simplest signature type. For an atomic signature, a single packet, activity, or event is examined to determine if the signature should trigger a signature action. Because these signatures trigger on a single event, they do not require your intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities.
STATE
State refers to situations in which you need to analyze multiple pieces of information that are not available at the same time. It also refers to tracking established TCP connections (connections that have gone through the initial three-way handshake). Valid TCP traffic also refers to traffic that has the correct sequence numbers for an established connection. For Network IPSs, state signatures usually refer to signatures that require analyzing traffic from multiple packets. Intrusion Prevention Fundamentals: Signatures and Actions
More News
- How to Use Honeypots to Improve Your Network Security
- Microsoft Patch Tuesday Targets 26 Application Flaws
- SSL VPNs might not be as secure as you think
- 8 tips to filter spam effectively
- Onus on IP address owner to prove innocence
- How to install an SSH Server in Windows Server 2008.
- Several vulnerabilities closed in the Linux kernel
- 8 Best Practices for Encryption Key Management and Data Security
- Free Honeypot Client Could Sting Malware
- What Firewalls Do & Donot Do
- Symantec fingers D Link for bot attacks
- WhiteHat: 90% of Sites Still Vulnerable
- Red Hat releases free security code
- A new type of Bluetooth security
- Dude, where is my perimeter?
- Scaring users into IT security
- VMware fixes security bugs
- The top 10 security land mines
- Encrypt volumes through a cross platform GUI with TrueCrypt 5.0
- The threat of the Ajax Super Worm
You are browsing the old version of "The Network Security. Org", Please
click here to visit the
new version.
Categories
Web Security
Basic Security
Network Tools
Archived Articles
Wireless Security
Networking Basics
Disaster Recovery
Enterprise Security
Intrusion Detection
More Archived Articles
Exploits & Vulnerabilities
Viruses & other Malware
Basic Security
Network Tools
Archived Articles
Wireless Security
Networking Basics
Disaster Recovery
Enterprise Security
Intrusion Detection
More Archived Articles
Exploits & Vulnerabilities
Viruses & other Malware
Warning: main(ad_network_213.php) [function.main]: failed to open stream: No such file or directory in /home/thenetw/public_html/news/View.php on line 282
Warning: main(ad_network_213.php) [function.main]: failed to open stream: No such file or directory in /home/thenetw/public_html/news/View.php on line 282
Warning: main(ad_network_213.php) [function.main]: failed to open stream: No such file or directory in /home/thenetw/public_html/news/View.php on line 282
Warning: main() [function.include]: Failed opening 'ad_network_213.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php:../:../../:../../../:../../../../') in /home/thenetw/public_html/news/View.php on line 282