Manage

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Mike Chapple, University of Notre Dame

We are setting up a project on signature-based intrusion detection systems. What are the best ways to maintain a database of known signatures? Where can we get updated signatures? Also, what are some common best practices when creating an IDS database?

From the tone of your question, it sounds like you might be trying to create your own intrusion detection software. If that's the case, I strongly recommend that you consider the alternatives. There are many excellent products on the market, as well as some free open source alternatives.

For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.

Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.

More information:

Is writing intrusion detection systems using Java a good idea?
Network intrusion prevention systems: Should enterprises deploy now?

This was last published in June 2008

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Related Q&A from Mike Chapple

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading

How to prevent DoS attacks in the enterprise

It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading

How should HIPAA covered entities respond to healthcare ransomware?

The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Google Cloud security gets boost with Secret Manager

Google Cloud's new Secret Manager service augments its cloud security capabilities with an eye toward the needs of DevOps teams.

Microsoft misconfiguration exposed 250M customer service records

Microsoft exposed 250 million customer support records on five Elasticsearch servers that had misconfigured Azure security rules,...

Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset ...

SearchNetworking

Build a source of truth into your network automation strategy

Many network automation approaches rely on a source of truth repository to provide data on network behavior. But building this ...

SD-WAN explained: The ultimate guide to SD-WAN architecture

Evaluating SD-WAN architecture can be confusing, especially as the market grows. This guide helps IT pros learn SD-WAN basics, ...

VMware acquisition of Nyansa combines LAN, WAN analytics

The VMware acquisition of Nyansa is expected to provide network traffic analytics that cover the SD-WAN and the wired and ...

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being ...

What is the state of CIO tenure today?

CIO tenure remains significantly lower than other C-suite positions, and according to experts, it's a result of the age of ...

The evolution of RPA, from macros to process transformation

RPA evolved from technology debuted in the 1950s and '60s and was developed to today's standards by the industry's leading ...

SearchEnterpriseDesktop

Windows 7 sunset gives PC market a boost in 2019

Does the growth of the PC market in 2019 reflect an increased appetite for the devices? Experts discuss the PC's role in the ...

EG Enterprise v7 focuses on usability, user experience monitoring

New features in EG Enterprise v7, set to launch soon, enable simulated and real user monitoring, automated diagnosis and new ...

Managing Windows Defender Device Guard in Windows desktops

IT pros must understand how Windows Defender Device Guard uses a locked-down approach to desktop security and how this method ...

SearchCloudComputing

5 cloud database comparison tips to guide your data strategy

Catch up on these tips that compare the strengths, weakness and available integrations of popular public cloud database and ...

Reduce cloud latency for remote employees and offices

Latency remains an issue for cloud users with remote facilities. See how SD-WAN and satellites can improve network performance ...

AWS multi-account management best practices with Control Tower

With the help of AWS Control Tower, organizations who own and operate multiple cloud accounts can manage them all under one roof ...

ComputerWeekly.com

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

Sodinokibi hacking group steps up pressure on German automotive manufacturer by publishing information, including the CEO’s ...

SAP User Group launches Business One Academy

UK and Ireland SAP User Group setst up academy to provide training on SAP Business One, which is only available via resellers and...

Disaster recovery failover choices: Synchronous mirrors, P2V and the cloud

We survey the key options in disaster recovery: whether to failover to an on-site location or off-site facility. We also look at ...

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

2019's top 5 free enterprise network intrusion detection tools

Should an intrusion detection system (IDS) be written using Java?

How to train intrusion detection systems (IDS)

Can Snort stop application-layer attacks?

Related Q&A from Mike Chapple

The difference between AES and DES encryption

How to prevent DoS attacks in the enterprise

How should HIPAA covered entities respond to healthcare ransomware?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Google Cloud security gets boost with Secret Manager

Microsoft misconfiguration exposed 250M customer service records

Lyft's open source asset tracking tool simplifies security

SearchNetworking

Build a source of truth into your network automation strategy

SD-WAN explained: The ultimate guide to SD-WAN architecture

VMware acquisition of Nyansa combines LAN, WAN analytics

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

What is the state of CIO tenure today?

The evolution of RPA, from macros to process transformation

SearchEnterpriseDesktop

Windows 7 sunset gives PC market a boost in 2019

EG Enterprise v7 focuses on usability, user experience monitoring

Managing Windows Defender Device Guard in Windows desktops

SearchCloudComputing

5 cloud database comparison tips to guide your data strategy

Reduce cloud latency for remote employees and offices

AWS multi-account management best practices with Control Tower

ComputerWeekly.com

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

SAP User Group launches Business One Academy

Disaster recovery failover choices: Synchronous mirrors, P2V and the cloud

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

2019's top 5 free enterprise network intrusion detection tools

Should an intrusion detection system (IDS) be written using Java?

How to train intrusion detection systems (IDS)

Can Snort stop application-layer attacks?

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.