Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Signature Classes

Signature Classes

Mar 10,2010 by alperen

small font medium font large font
image

CIDS signatures fall into four classes. Signatures belong to one of the four classes, based on the type of attack the signature was designed to detect. As discussed in Chapter 23, there are three types of attacks: Reconnaissance, Access, and Denial of Service (DoS). Signature classes map to these three attack types and add one additional class. The four signature classes are as follows:

  • Reconnaissance

  • Access

  • Denial of Service

  • Informational

Reconnaissance Class Signatures

Reconnaissance class signatures are used to detect reconnaissance attacks against your network. Before intruders can launch an attack against your network resources, they must first map your network and network resources. Hackers have many different tools they can use to discover the type, location, and vulnerabilities of your network resources. Reconnaissance class signatures trigger as a result of analyzed activity known to be, or that could lead to, unauthorized discovery of systems, services, or vulnerabilities. Once triggered, these alarms alert security personnel when the sensors detect these tools are being used against your network. Common reconnaissance techniques used by hackers and detected by reconnaissance class signatures are as follows:

  • Ping Sweeps—Allow intruders to map the active IP addresses on your network.

  • Port Scans–Scan for open ports on ranges of network resources.

  • DNS Queries–Allow users and intruders to retrieve information about the topology of your network.

Access Class Signatures

Access class signatures are used to detect access attacks against your network systems. Access class signatures can detect attacks that could lead to unauthorized data retrieval, system access, or privileged escalation. Common access techniques used by hackers and detected by access class signatures are as follows:

  • Unix Tooltalk Database server attack

  • Internet Information Services (IIS) Unicode attack

  • Back Orifice or NetBus

Denial of Service (DoS) Class Signatures

Denial of service class signatures are used to detect DoS attacks against your network. These signatures trigger an activity used for the disablement of a network infrastructure, systems, or services. Common DoS techniques used by hackers and detected by DoS class signatures are as follows:

  • Ping of Death

  • Tribe Flood Network (TFN) attacks

  • Trinoo attacks

Informational Class Signatures

Informational class signatures are used to detect normal network activity, which, in itself, isn’t considered malicious, but the information can be used to judge the validity of an attack, as well as for forensic purposes. Common informational events detected by information class signatures are as follows:

  • ICMP echo requests

  • TCP connection requests

  • UDP connections


1037 times read

Related news
» Signature and Alarm Management Review
by alperen posted on Mar 20,2010
» IDS MC and Signatures
by admin posted on Nov 26,2008
» Configuring Signatures and Alarms
by admin posted on Nov 26,2008
» CIDS Signatures
by alperen posted on Mar 10,2010
» The Attack Types and Phases
by alperen posted on Feb 19,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.