Manage

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Mike Chapple, University of Notre Dame

We are setting up a project on signature-based intrusion detection systems. What are the best ways to maintain a database of known signatures? Where can we get updated signatures? Also, what are some common best practices when creating an IDS database?

From the tone of your question, it sounds like you might be trying to create your own intrusion detection software. If that's the case, I strongly recommend that you consider the alternatives. There are many excellent products on the market, as well as some free open source alternatives.

For example, the Snort IDS is extremely popular. It's an open source network intrusion detection system that is widely used in the enterprise. As an open source product, Snort is available at no cost and has a large community of developers creating rules.

Sourcefire, the company behind Snort, makes an official ruleset available to Snort users either in real-time (for paid subscribers) or on a 30-day delay (at no charge). This is the best way to obtain a reliable, timely ruleset. If you're using a different IDS product, consult the vendor for details on rulebase subscriptions.

More information:

Is writing intrusion detection systems using Java a good idea?
Network intrusion prevention systems: Should enterprises deploy now?

This was last published in June 2008

Best practices for IDS creation and signature database maintenance

Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

intrusion detection system (IDS)

2019's top 5 free enterprise network intrusion detection tools

Evaluating enterprise intrusion detection system vendors

Snort Tutorial: How to use Snort intrusion detection resources

Related Q&A from Mike Chapple

Stateful vs. stateless firewalls: Understanding the differences

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Cloud security quiz: Application security best practices

The importance of security, data encryption for cloud

Cloud workload protection platform security benefits, features

SearchNetworking

5G for enterprises requires other tech to reap full benefits

What IT pros can expect from 5G core network architecture

5 edge computing basics you need to know

SearchCIO

How to hire a data scientist with AI skills during pandemic

Use of virtual digital assistants for enterprise applications

Why ISO 56000 Innovation Management matters to CIOs

SearchEnterpriseDesktop

Microsoft puts Universal Print in preview

How to fix a Windows 10 boot loop

Learn native Windows 10 virtual memory management methods

SearchCloudComputing

4 tips to pick the right cloud database service

Google, Microsoft add to their cloud migration toolkits

Public cloud vs. private cloud: Key benefits and differences

ComputerWeekly.com

NHS seeks new national data guardian for health and care

Business leaders banking on technology to drive coronavirus recovery

Gartner: Three questions CIOs must ask before updating strategy post-pandemic