Configuring signature detection
About Symantec signatures
To delete port mappings
1
In the Network Security console, click Configuration >
Mapping.
2
In Select Node, select the software or appliance node for which you want to
delete the mappings.
3
In Port Mapping, click a port mapping row, and click Delete.
4
Do one of the following:
Click OK to save and exit.
■
Click Cancel > Yes to undo your changes and exit.
■
Caution: Removing a port mapping can affect any PAD detection that relies
on the mapping. Do not remove any pre-defined port mappings.
Symantec Network Security provides the functionality to begin detection
immediately by applying protection policies. In addition to this initial ability,
detection can also be enhanced and tuned to a particular network environment
by creating and applying user-defined signatures.
This section includes the following topics:
About Symantec signatures
■
About user-defined signatures
■
Managing signatures
■
Symantec Network Security uses network pattern matching, or signatures, to
provide a powerful layer of detection. Signature detection involves detecting
threats by looking for a specific pattern or fingerprint of a known bad or
harmful thing. This known-bad pattern is called a signature. These patterns are
traditionally based on the observed network behavior of a specific tool or tools.
Signature detection operates on the basic premise that each threat has some
observable property that can be used to uniquely identify it. This can be based
on any property of the particular network packet or packets that carry the
threat. In some cases, this may be a literal string of characters found in one
packet, or it may be a known sequence of packets that are seen together. In any
case, every packet is compared against the pattern. Matches trigger an alert,
while failure to match is processed as non-threatening traffic.
Detecting
Configuring signature detection
> Port
Node
179