38-27
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter3 8 Defining IPS Signatures
Configuring Signature Settings
Configuring Signature Settings
Use the Signature Settings page to define settings for IPS appliances and service modules (but not Cisco
IOS IPS devices). These settings define the following policies:
Application policy—Enable or disable HTTP, determine and specify the maximum number of
HTTP requests, specify AIC web ports, and enable or disable FTP.
Fragment reassembly policy—Configure the sensor to reassemble a datagram that has been
fragmented over more than one packet by selecting the IP reassembly mode.
Stream reass embly policy—Configure the sensor to monitor only TCP sessions that have been
established by a complete three-way handshake by specifying whether a TCP handshake is required
and by selecting the TCP reassembly mode.
IP logging policy—Configure the sensor to generate an IP session log when the sensor detects an
attack by determining and selecting the maximum allowable number of log packets, the IP log time
and the maximum allowable size of the IP log.
Tip All of these settings have default values, so configure this policy only if you need to use a non-default
value.
To configure the Signature Settings policy, do one of the following:
(Device view) Select IPS > Signatures > Settings from the Policy selector.
(Policy view) Select IPS > Signatures > Settings, then select an existing policy or create a new one.
You can then configure the options that are explained in the following table.
Table38-6 Signature Settings Page
Element Description
Enable HTTP Enables protection for web services. Select Yes to require the sensor to
inspect HTTP traffic for compliance with the RFC.
Max HTTP Requests The maximum number of outstanding HTTP requests per connection.
AIC Web Ports The ports on which to look for AIC traffic. Enter a comma-separated
list of port numbers or port list objects that define the ports. You can
click Select to select a port list object from a list or to create a new
object.
Enable FTP Enables protection for FTP services. Select Yes to require the sensor to
inspect FTP traffic.
IP Reassembly Mode The method the sensor uses to reassemble the fragments, based on the
operating system.
TCP Handshake Required Whether the sensor should only track sessions for which the three-way
handshake is completed.