Sensor Maintenance

As discussed so far, most IDSs are signature-based systems and require a level of maintenance. In particular, to detect recent attacks accurately, the sensor needs to install new signatures as they become available.

Signature updates, which also contain network security database (NSDB) updates, occur every two months. Service packs are released as needed to address software bugs or improvements to the core IDS software components (analysis engine, web software, and so on).

There are two ways to automate this process:

• Automatic updates (Auto Update Server) A configuration option for some IDS sensors, providing the functionality to have signature updates applied automatically to the sensor.

• Active update notification A service available at Cisco.com. Using this service, the subscriber receives updates on changes to IDS signatures as well as information on how to obtain changes.