Idp signatures, Idp signature selection – Amer Networks E5Web GUI User Manual

ordered by group. However, its purpose is for reference only and it is not possible to add rule
signatures through this tree. A screen shot of the list from the Web Interface is shown below.

Figure 6.12. IDP Signatures

In the Web Interface or InControl, associating signatures with an IDP rule is done by selecting the
Action for the rule. A screenshot of selecting signatures in the Web Interface is shown below.

Figure 6.13. IDP Signature Selection

There is a choice of either entering signatures in the upper text box or selecting them through
the tree underneath which collects the signatures together into their respective groups. When
collections of signatures are selected in the tree, the equivalent wildcard definition will
automatically appear in the box above. Individual signatures cannot be selected through the tree
and can only be entered in the text box.

What appears in the upper text box is equivalent to the way signatures are specified when using
the CLI to define an IDP rule.

HTTP Normalization

Each IDP rule has a section of settings for HTTP normalization. This allows the administrator to
choose the actions that should be taken when IDP finds inconsistencies in the URIs embedded in
incoming HTTP requests. Some server attacks are based on creating URIs with sequences that
can exploit weaknesses in some HTTP server products.

The URI conditions which IDP can detect are as follows:

•

Invalid UTF8

This looks for any invalid UTF8 characters in a URI.

Chapter 6: Security Mechanisms

472