Host and network IPS signature rules

Attacks can follow a signature pattern of characters. This signature can identify and prevent malicious activity. For example, a signature is set to look for the string ../ in a web URL. If the signature is enabled and the system encounters this string, an event is triggered.

A signature-based approach, with both host and network IPS signatures, accounts for the majority of detection schemes used in intrusion detection and is one mechanism that Host Intrusion Prevention uses. A database of signature rules is installed with every agent and is updated as new attacks types are discovered.

Signatures are categorized by severity level and by description of the danger an attack poses. They are designed for specific applications and for specific operating systems. The majority protect the entire operating system, while some protect specific applications.

Host Intrusion Prevention offers mostly host IPS signatures with a few additional network IPS signatures

Copyright © 2006 McAfee, Inc. All Rights Reserved.