Information Technology Reference
In-Depth Information
IOS firewall: Cisco IOS software feature set
■
IPS sensor appliance: NIPS
■
IPS: Intrusion prevention system (IOS feature)
■
NAC: Cisco NAC Appliance
■
Cisco Traffic Anomaly Detector Module: Detects high-speed DoS attacks
■
Cisco IronPort Web Security Appliance (Cisco WSA)
■
Cisco IronPort Email Security Appliance (Cisco ESA)
■
Network management protocols and solutions
■
NetFlow:
Stats on packets flowing through router (IOS feature)
■
Syslog:
Logging data (IOS feature)
■
SNMP:
Simple Network Management Protocol (IOS feature)
■
Cisco MARS:
Monitoring, Analysis, and Response System
■
Cisco Security Manager
■
Cisco NAC Manager
■
Threat-Detection and Threat-Mitigation Solutions
Threat-detection and threat-mitigation solutions are deployed throughout the network
and can serve as an effective layered defense for secure network communications. For ex-
ample, suppose your network is being attacked from the Internet (for example, via a worm
or virus outbreak). The Internet WAN routers are your first line of protection and can be
used to spot increasing network load or suspicious NetFlow data. After some information
has been collected, you can use specific granular ACLs to further identify the attack.
The NIPS appliances can provide deep packet inspection to determine the additional de-
tails about the attack's signature. The IPS signature information, along with other data that
is collected, can be used to correlate a solution to prevent and stop the attack.
Firewalls can perform stateful packet inspections and can ultimately block unwanted net-
work traffic in the event of an attack. However, it is preferable to engage the ISP and have
them block the attack from even entering your network.
To s u c c e s s f u l l y d e t e c t t h r e a t s a n d m i t i g a t e t h e m , i t i s i m p o r t a n t t o u n d e r s t a n d w h e r e t o
look for potential threats. The following are good sources of information for detecting
and mitigating threats:
NetFlow
■
Syslog
■
Remote Monitor (RMON) events
■
