Manage

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

University of Notre Dame

We are setting up a project on signature-based intrusion detection systems. What are the best ways to maintain a database of known signatures? Where can we get updated signatures? Also, what are some common best practices when creating an IDS database?

From the tone of your question, it sounds like you might be trying to create your own intrusion detection software. If that's the case, I strongly recommend that you consider the alternatives. There are many excellent products on the market, as well as some free open source alternatives.

For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.

Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.

More information:

Is writing intrusion detection systems using Java a good idea?
Network intrusion prevention systems: Should enterprises deploy now?

This was last published in June 2008

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Related Resources

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.