TMS zl Management and Configuration Guide ST.1.1.100430
6-32
Intrusion Detection and Prevention
Configure IDS/IPS
The Intrusion Prevention (Detection) > Signatures > View windows lists the
following information about each signature:
• Name—Name of the attack, usually an industry-standard name
• Threat Level—A preconfigured indicator of the attack’s severity level
• Protection—The type of device the associated attack targets. This
column displays one of the following values:
– Client—The signature detects attacks that target clients.
– Server—The signature detects attacks that target servers.
– Client & Server—The signature detects attacks that target both
clients and servers.
• Action—Displays the action that is taken when the attack is detected
(routing mode only). See “Configure IPS Actions (Routing Mode
Only)” on page 6-35.
• ID—Identifies the vendor who created the signature; this value is
included in the log file when the attack is detected.
• Industry ID—Some signatures have a Common Vulnerabilities and
Exposures identifier (CVE ID), which is a unique identifier for pub-
licly known information security vulnerabilities.Signatures might
also have a Nessus plugin number or a Bugtraq ID.
• Enable—Select or clear the Enable check box or clear it, to enable or
disable a specific signature. See “Enable or Disable Signatures” on
page 6-34.
2. To find out more about a particular signature, click the name (which is
underlined). A pop-up box is displayed, providing information about the
signature’s capabilities.
Figure 6-11. Additional Information about a Signature
Click OK to close the information box.
3. Use filters to view a subset of signatures:
• Status—Select Any to view all signatures, Enabled to view only enabled
signatures, or Disabled to view only disabled signatures.