Manage

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Mike Chapple, University of Notre Dame

We are setting up a project on signature-based intrusion detection systems. What are the best ways to maintain a database of known signatures? Where can we get updated signatures? Also, what are some common best practices when creating an IDS database?

From the tone of your question, it sounds like you might be trying to create your own intrusion detection software. If that's the case, I strongly recommend that you consider the alternatives. There are many excellent products on the market, as well as some free open source alternatives.

For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.

Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.

More information:

Is writing intrusion detection systems using Java a good idea?
Network intrusion prevention systems: Should enterprises deploy now?

This was last published in June 2008

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

intrusion detection system (IDS)

2019's top 5 free enterprise network intrusion detection tools

Evaluating enterprise intrusion detection system vendors

Snort Tutorial: How to use Snort intrusion detection resources

Related Q&A from Mike Chapple

Stateful vs. stateless firewalls: Understanding the differences

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

SearchCloudSecurity

Google forms cyber insurance pact with Allianz, Munich Re

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

SearchNetworking

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

SearchCIO

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

SearchEnterpriseDesktop

Microsoft makes Productivity Score useful to tech buyers

Microsoft makes Universal Print generally available

Microsoft bolsters data security in 365

SearchCloudComputing

Microsoft ACS going GA with preview of Teams integration

Modernize and migrate mainframe apps to the cloud

How to create snapshots for Azure VMs and managed disks

ComputerWeekly.com

T-Mobile targets post-pandemic workplace with remote working suite

Connectivity the ‘unsung hero’ of the future of work

Williams F1 car launch disrupted by data leak