Symantec 10521146 Administration Guide - Page 179
Configuring signature detection, About Symantec signatures - removal tool
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 179 highlights
Detecting 179 Configuring signature detection To delete port mappings 1 In the Network Security console, click Configuration > Node > Port Mapping. 2 In Select Node, select the software or appliance node for which you want to delete the mappings. 3 In Port Mapping, click a port mapping row, and click Delete. 4 Do one of the following: ■ Click OK to save and exit. ■ Click Cancel > Yes to undo your changes and exit. Caution: Removing a port mapping can affect any PAD detection that relies on the mapping. Do not remove any pre-defined port mappings. Configuring signature detection Symantec Network Security provides the functionality to begin detection immediately by applying protection policies. In addition to this initial ability, detection can also be enhanced and tuned to a particular network environment by creating and applying user-defined signatures. This section includes the following topics: ■ About Symantec signatures ■ About user-defined signatures ■ Managing signatures About Symantec signatures Symantec Network Security uses network pattern matching, or signatures, to provide a powerful layer of detection. Signature detection involves detecting threats by looking for a specific pattern or fingerprint of a known bad or harmful thing. This known-bad pattern is called a signature. These patterns are traditionally based on the observed network behavior of a specific tool or tools. Signature detection operates on the basic premise that each threat has some observable property that can be used to uniquely identify it. This can be based on any property of the particular network packet or packets that carry the threat. In some cases, this may be a literal string of characters found in one packet, or it may be a known sequence of packets that are seen together. In any case, every packet is compared against the pattern. Matches trigger an alert, while failure to match is processed as non-threatening traffic.