Manage

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Mike Chapple, University of Notre Dame

We are setting up a project on signature-based intrusion detection systems. What are the best ways to maintain a database of known signatures? Where can we get updated signatures? Also, what are some common best practices when creating an IDS database?

From the tone of your question, it sounds like you might be trying to create your own intrusion detection software. If that's the case, I strongly recommend that you consider the alternatives. There are many excellent products on the market, as well as some free open source alternatives.

For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.

Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.

More information:

Is writing intrusion detection systems using Java a good idea?
Network intrusion prevention systems: Should enterprises deploy now?

This was last published in June 2008

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

2019's top 5 free enterprise network intrusion detection tools Snort is one of the industry's top network intrusion detection tools, but plenty of other open source alternatives are available. Discover new and old favorites for packet sniffing and more.

Should an intrusion detection system (IDS) be written using Java? There's no reason that you couldn't implement intrusion detection functionality in any higher-level programming language, Java included. Network security expert Mike Chapple, however, explains why Java may not be the best choice.

How to train intrusion detection systems (IDS) Learn how to train your intrusion detection systems (IDS) from network security expert Michael Gregg.

Can Snort stop application-layer attacks? Even though Snort can add an important layer of defense for applications, it won't fix the underlying problem of poorly written ones. Michael Cobb reveals a more efficient technique for patching up XSS and SQL injection vulnerabilities.

How to run IDS Snort on Red Hat Enterprise Linux 5 Learn how to create an intrusion detection system and intrusion prevention system for your clients using the open source IDS sensor called Snort.

Working with Snort's unified output In this edition of the Snort Report, IDS expert Richard Bejtlich demonstrates how to use unified output, the preferred method for high-performance Snort operation.

Related Q&A from Mike Chapple

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading

How to prevent DoS attacks in the enterprise

It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading

How should HIPAA covered entities respond to healthcare ransomware?

The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

McAfee launches security tool Mvision Cloud for Containers

Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in ...

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to ...

AWS Access Analyzer aims to limit S3 bucket exposures

Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid ...

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

New technologies are transforming how organizations plan network management and monitoring, introducing questions about legacy ...

Cisco's Silicon One networking chip targets cloud data centers

Cisco's Silicon One chip launch demonstrates a willingness to embrace white box routers in the hyperscale data centers of cloud ...

7 factors to consider in network redundancy design

Network pros have multiple factors to consider when it comes to adding redundancy in network design, including network equipment,...

SearchCIO

Transforming operations for successful cloud adoption

Still considering making the move to the cloud? Here are best practices and cloud-centric processes CIOs should follow to enable ...

IT workforce skews younger, says analysis of US data

The IT workforce is getting younger, according to government IT workforce data. The reasons for this are subject to a debate that...

Top edge computing trends to watch in 2020

Edge computing is still an evolving technology domain and enterprises should expect continued evolution in the year ahead. Here ...

SearchEnterpriseDesktop

How to shut down and restart a remote computer

Shutting down or restarting a computer remotely is often a necessary process. Explore the multiple ways to do so, using methods ...

Setting up Windows 10 kiosk mode with 4 different methods

For desktop admins, setting up Windows 10 kiosk mode can be a confusing process. IT should learn these four methods and choose ...

Microsoft extends Office 365 benefit to nonprofit volunteers

Thursday's announcement extends the company's September offering of 10 free Microsoft 365 Business licenses for nonprofits' ...

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Developers still lean on the public cloud to simplify Kubernetes deployments, but that won't always be the case. See how ...

Evaluate general and niche cloud service use cases

Can't decide between a niche cloud provider or a hyperscaler? Review some real-world examples to help weigh the options and find ...

Compare niche cloud services to the hyperscale offerings

Consider your enterprise's specific needs when choosing between niche clouds and hyperscale clouds. Here's an overview of what ...

ComputerWeekly.com

Alarm bells ring, the IoT is listening

With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security...

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Contracting groups and trade associations say prime minister Boris Johnson must deliver on his party’s pledge to review the IR35 ...

Future fashion: does that dress come in digital?

A visit to a technology-fuelled fashion pop-up paints a picture of a world where retailers and brands sell virtual clothes for ...

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Related Q&A from Mike Chapple

The difference between AES and DES encryption

How to prevent DoS attacks in the enterprise

How should HIPAA covered entities respond to healthcare ransomware?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchCIO

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

SearchEnterpriseDesktop

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

ComputerWeekly.com

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.