Understanding Signature Databases

The signature database is one of the major components of the intrusion prevention system (IPS). This database includes signature definitions of attacks and applications that can be used to identify applications for tracking firewall policies, quality of service prioritization, and IPS.

The IPS signature database is stored on an IPS enabled device and contains definitions of predefined attack objects and groups. These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups as match conditions in IPS policy rules.

The following download options are available in the signature database for the signature download:

All of the downloaded signatures are created in the system domain in read-only mode. The configurations that are downloaded are also saved in the system domain.

Security Director sends the full signature database update if any one of the following scenarios is true:

You can perform an offline update of the signature database files by downloading the latest signature version from https://services.netscreen.com/space/2/latest/latest-space-update.zip and storing it locally.

You can configure the signature database settings to install the latest signature on to the device. Once the latest signatures are available, you can use them to configure application services.