What Is a Signature Type?
When an IDS device analyzes traffic that is compared against signature patterns, the device is not just looking at single packets. The IDS device can look at a single packet or at multiple packets. As you might be aware, a traffic stream can consist of many, many packets. Those packets might also be fragmented with only a portion of the actual data in the payload of a packet.
Therefore, it is essential that the IDS device be able to analyze both single packets against signatures and multiple packets against signatures. Given this single-packet-versus-multiple-packet scenario, Cisco classifies signatures into two types: atomic signatures and compound signatures.
An atomic signature is a signature that matches a pattern ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
