TMS zl Management and Configuration Guide ST.1.1.100226
6-32
Intrusion Detection and Prevention
Configuring IDS/IPS
The Intrusion Prevention (Detection) > Signatures > View windows lists the
following information about each signature:
• Name—Name of the attack, usually an industry-standard name
• Threat Level—A preconfigured indicator of the attack’s severity
level
• Action—The action that is taken when the attack is detected (routing
mode only). (See “Configuring IPS Actions (Routing Mode Only)” on
page 6-33.)
• ID—Identifies the vendor who created the signature; this value is
included in the log file when the attack is detected.
• Industry ID—Some signatures have a Common Vulnerabilities and
Exposures identifier (CVE ID), which is a unique identifier for pub-
licly known information security vulnerabilities.Signatures might
also have a Nessus plugin number or a Bugtraq ID.
• Enable—Select or clear the Enable check box or clear it, to enable or
disable a specific signature. See “Enable or Disable Signatures” on
page 6-32.
2. To find out more about a particular signature, click the name (which is
underlined). A pop-up box is displayed, providing information about the
signature’s capabilities.
Figure 6-11. Additional Information about a Signature
3. Click OK to close the box.
Enable or Disable Signatures
By default, all the signatures are enabled. To disable a particular signature,
clear its Enable check box.
You can also click Enable All or Disable All for each signature family. However,
you cannot disable signatures in the protocol anomaly family.