Summary

Previous page
Table of content
Next page

Cisco Security MARS is a monitoring and reporting component of a self-defending network. Cisco Security MARS can also mitigate or generate configurations that can stop certain attacks and can allow the network to be self-defending. Some of the configurations that can be generated by Cisco Security MARS include the CLI to shut a LAN port, enable an IPS signature on an IOS ISR or an access control list (ACL) rule. Cisco Security MARS can automatically generate CLI to reduce the risk of an attack, or Cisco Security MARS can recommend the CLI to be manually deployed by SSH (Secure Shell) or the Cisco Security Manager. Cisco Security MARS will only recommend and will not deploy the CLI to configure an access control list (ACL) rule.

Cisco Security MARS contains a high-level summary dashboard that includes incidents, hotspot graphs, and attack diagrams. An incident can be an indication that a high-level security attack, such as a Nimda attack, has been detected on the network. An incident is composed of security events and monitoring data that is received from known devices in the self-defending network, including routers, LAN switches, firewalls, IPS devices, hosts, databases, and storage appliances. Netflow data can be used to establish a baseline of normal traffic on a network. Netflow can be used to identify and filter false positives from valid security incidents. Rules are used to trigger a security incident. Cisco Security MARS contains many default or system inspection rules. Cisco Security MARS also features the ability to create custom or user-defined rules.

The dashboard lists actionable, high-level security incidents. A hotspot graph and attack diagram are also created for a significant security incident. A hotspot graph contains the path of the network attack, including the source, destination, and known devices within the attack path. The attack diagram displays the session IDs reported by devices for the incident. Cisco Security MARS and Cisco Security Manager are components of the Cisco Security Management suite. Cisco Security MARS contains linkages with Cisco Security Manager. For example, a user can select a syslog from an incident and see the access control list (ACL) rule policy in Cisco Security Manager that generated the syslog.


Previous page
Table of content
Next page
Setf-Defending Networks(c) The Next Generation of network Security
Self-Defending Networks: The Next Generation of Network Security
ISBN: 1587052539
EAN: 2147483647
Year: N/A
Pages: 112
Authors: Duane De Capite
BUY ON AMAZON
Java I/O
Project Management JumpStart
Systematic Software Testing (Artech House Computer Library)
Developing Tablet PC Applications (Charles River Media Programming)
Java Concurrency in Practice
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy