- Главная
- Разное
- Дизайн
- Бизнес и предпринимательство
- Аналитика
- Образование
- Развлечения
- Красота и здоровье
- Финансы
- Государство
- Путешествия
- Спорт
- Недвижимость
- Армия
- Графика
- Культурология
- Еда и кулинария
- Лингвистика
- Английский язык
- Астрономия
- Алгебра
- Биология
- География
- Детские презентации
- Информатика
- История
- Литература
- Маркетинг
- Математика
- Медицина
- Менеджмент
- Музыка
- МХК
- Немецкий язык
- ОБЖ
- Обществознание
- Окружающий мир
- Педагогика
- Русский язык
- Технология
- Физика
- Философия
- Химия
- Шаблоны, картинки для презентаций
- Экология
- Экономика
- Юриспруденция
Signature and Intrusion Detection Configuration презентация
Содержание
- 1. Signature and Intrusion Detection Configuration
- 2. Objectives Upon completion of this chapter, you
- 3. Objectives (cont.) Configure signature filtering to reduce
- 4. Basic Signature Configuration
- 5. Viewing the Signature Settings Select Signature Template
- 6. Signature Names and Severities Severity Signature Name Select Signature Template
- 7. Enabling and Disabling Signatures Enable Checkbox Select Signature Template
- 8. Setting Signature Actions Double-click Action Select Signature Template
- 9. Connection Signature Type and Port Configuration TCP or UDP Port number Select Signature Template
- 10. String Signatures Configuration Number of Occurrences String
- 11. Signature Templates
- 12. What is a Signature Template? Sensor Signatures Templates
- 13. Creating a New Signature Template Select and Right Click Sensor Signatures Select New>Sensor Signature
- 14. Assigning the Signature Template Used by the
- 15. Applying the Signature Template to the Sensor
- 16. Signature Filtering
- 17. Setting the Minimum Level to Send to
- 18. Simple Signature Filtering Sub-signature Signature Address role
- 19. Advanced Signature Filtering Source Address Signature Subsignature
- 20. Advanced Signature Configuration
- 21. Signature Tuning Parameter names Parameter values Select
- 22. Signature Port Mapping Select the Sensor Select
- 23. ACL Signatures Configuration
- 24. Creating ACL Signatures Click OK Click Add Select Signature Template Select the ACL Signatures Tab
- 25. Defining Syslog Sources Select the Sensor Select the Monitoring Tab Click Add Click OK
- 26. Summary All signature severities and actions are
- 27. Lab Signatures Configuration
- 28. Pod P Your Pod Pod Q Peer
Objectives Upon completion of this chapter, you will be able to perform the following tasks: View Signature settings and configure their severities and actions. Enable or disable signatures. Configure connection and
Слайд 2Objectives
Upon completion of this chapter, you will be able to perform
the following tasks:
View Signature settings and configure their severities and actions.
Enable or disable signatures.
Configure connection and string signatures.
Create signature templates and change which one is used by a Sensor.
Configure the minimum alarm severity level a Sensor sends to the Director.
View Signature settings and configure their severities and actions.
Enable or disable signatures.
Configure connection and string signatures.
Create signature templates and change which one is used by a Sensor.
Configure the minimum alarm severity level a Sensor sends to the Director.
Слайд 3Objectives (cont.)
Configure signature filtering to reduce false positives and tune signature
triggering in the user environment.
Configure signature tuning parameters to customize triggers for the user environment.
Configure signature port mapping to customize it for the user environment.
Create ACL signatures that generate alarms when ACL violations are detected in a Cisco IOS router.
Configure signature tuning parameters to customize triggers for the user environment.
Configure signature port mapping to customize it for the user environment.
Create ACL signatures that generate alarms when ACL violations are detected in a Cisco IOS router.
Слайд 10String Signatures Configuration
Number of Occurrences
String pattern
TCP Port
Traffic Direction
Select
Signature
Template
Слайд 13Creating a New Signature Template
Select and Right Click
Sensor Signatures
Select New>Sensor Signature
Слайд 14Assigning the Signature Template Used by the Sensor
Choose the Signature Template
Select
the Sensor
Select the Sensing tab
Слайд 15Applying the Signature Template to the Sensor
Select the Sensor
Select the Command
tab
Check for errors
Click Approve Now
Слайд 17Setting the Minimum Level to Send to the Director
Minimum Event Level
Select
the Sensor
Select the Filtering tab
Слайд 18Simple Signature Filtering
Sub-signature
Signature
Address role
IP address and netmask
Select the Sensor
Select the Filtering
tab
Select the Simple Filtering tab
Слайд 19Advanced Signature Filtering
Source Address
Signature
Subsignature
Destination Address
Select the Sensor
Select the Filtering tab
Select the
Advanced Filtering tab
Слайд 21Signature Tuning
Parameter names
Parameter values
Select the Sensor
Select the Sensing tab
Select the Signature
Tuning Parameters tab
Слайд 22Signature Port Mapping
Select the Sensor
Select the Sensing tab
Select the Port Mapping
tab
Click OK
Слайд 24Creating ACL Signatures
Click OK
Click Add
Select Signature Template
Select the ACL Signatures Tab
Слайд 26Summary
All signature severities and actions are modified in the signature template
in CSPM.
Signatures can be enabled or disabled.
Connection and string signatures are configured in the signature template in CSPM.
Many signature templates can be created.
A given signature template is applied to one or many Sensors.
The minimum alarm severity level can be configured on a Sensor to limit the alarms sent to the Director.
Signature filtering reduces false positives and other undesired alarms.
Signature parameter tuning is used to customize signature triggers in the user environment.
Signature port mapping is used to customize port to signature settings in the user environment.
ACL signatures generate alarms when ACL violations are detected in a Cisco IOS router.
Signatures can be enabled or disabled.
Connection and string signatures are configured in the signature template in CSPM.
Many signature templates can be created.
A given signature template is applied to one or many Sensors.
The minimum alarm severity level can be configured on a Sensor to limit the alarms sent to the Director.
Signature filtering reduces false positives and other undesired alarms.
Signature parameter tuning is used to customize signature triggers in the user environment.
Signature port mapping is used to customize port to signature settings in the user environment.
ACL signatures generate alarms when ACL violations are detected in a Cisco IOS router.
Слайд 28Pod P
Your Pod
Pod Q
Peer Pod
CSPM
Lab Visual Objective
rP
e0/0
e0/1
10.0.P.0 /24
.P
.1
.4
rQ
e0/0
e0/1
.Q
.1
.4
10.0.Q.0 /24
172.30.1.0 /24
10.0.P.3
CSPM
10.0.Q.3
Host ID
= 3, Org ID = P
Host Name = directorP, Org Name = podP
Host Name = directorP, Org Name = podP
Host ID = 3, Org ID = Q
Host Name = directorQ, Org Name = podQ
.6
.6
sensorP
idsmP
sensorQ
idsmQ
