Select types of signatures to monitor, Figure 64 selecting signature types – Raritan Computer COMMANDCENTER NOC User Manual

C

HAPTER

3:

CONFIGURING INTRUSION DETECTION

51

Select Types of Signatures to Monitor

When in doubt, enable detection. There is no disadvantage to enabling extra detection, except that
you may receive extraneous events from your Intrusion Detection appliances. You should usually
never disable detection of General Security on the Network. This category includes a variety of
attacks that can affect any network, regardless of the devices and services on it. Some signatures
that affect multiple operating systems are always enabled, regardless of the signatures that you
select below.
If your network does not contain any devices or services of a type listed below, you may wish to
disable detection of signatures that only affect that device or service. For instance, if you have
Linux servers but none of them are running an FTP service, you may wish to disable detection of
signatures that only affect FTP services on Linux. Or, if you do not have any Windows 95/98/ME
workstations, you may want to disable General Security for those machines to reduce the
number of false-positive events that may be generated.

Figure 64 Selecting Signature Types

7. To enable detection of a type of signature, check the check box for the type of signature.
8. To disable detection, uncheck the check box.
9. When you have changed the settings to reflect the devices and services on your network,

click Finish.