Manage

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Mike Chapple, University of Notre Dame

We are setting up a project on signature-based intrusion detection systems. What are the best ways to maintain a database of known signatures? Where can we get updated signatures? Also, what are some common best practices when creating an IDS database?

From the tone of your question, it sounds like you might be trying to create your own intrusion detection software. If that's the case, I strongly recommend that you consider the alternatives. There are many excellent products on the market, as well as some free open source alternatives.

For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.

Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.

More information:

Is writing intrusion detection systems using Java a good idea?
Network intrusion prevention systems: Should enterprises deploy now?

This was last published in June 2008

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

intrusion detection system (IDS)

2019's top 5 free enterprise network intrusion detection tools

Evaluating enterprise intrusion detection system vendors

Snort Tutorial: How to use Snort intrusion detection resources

Related Q&A from Mike Chapple

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

How to prevent DoS attacks in the enterprise

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Top 6 cloud security analytics use cases

McAfee: Attacks on cloud accounts up 630% during COVID-19

Use these CCSK practice questions to prep for the exam

SearchNetworking

Cisco DNA Center's new features may mean more user headaches

Tips for setting up a home network

MLB uses NetBox automation for network configuration backup

SearchCIO

5 edge computing vendors for CIOs to watch

Now is the time to revisit and adjust your cloud strategy

Know how to secure your home network while working from home

SearchEnterpriseDesktop

New Quest Kace products make UEM easier for IT admins

New HP hardware directed at remote work

Ivanti updates its unified endpoint management

SearchCloudComputing

How to apply serverless in front-end cloud computing

AWS Marketplace update eases SaaS contract changes

AWS, Microsoft and Google should retire these cloud services

ComputerWeekly.com

NHS Covid-19 datastore contracts published under pressure from privacy groups

Third of UK internet users report worse service since lockdown

Businesses develop apps quickly to manage disruption of Covid-19