Hi,
I wanted to figure out the best way to add signatures to protect a particular service, and make sure I have everything included.
For example how could I filter or IPS signatures to properly secure OWA? Or to protect web servers?
Thanks
Generally you need to know what attacks are applicable for a specific environment.
Sometimes, the server is already patched against 90% of attacks and vulnerable to only few attacks (you would know that from their bulletins)
This often means a lot of work to isolate and keep the ips sensor updated with the most recent signatures, so another approach is common: filtering the IPS signatures by categories (you have predefined some categories when you add the signatures: by target client/server, by severity of the attack, by protocol, by OS,by application).
For example, for an OWA server (mail server), you can use the "MS_Exchange" application filter, or the OS "Windows" filter, or even the "SMTP" or "SMTPS" protocol filter. You can add more of these filters in the same IPS profile.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
