Information Technology Reference
In-Depth Information
Simple Network Management Protocol (SNMP) thresholds and traps
■
CPU and interface statistics
■
Cisco Security MARS reporting
■
Figure 13-6 depicts an attacker sourcing from the Internet and targeting the internal net-
work and how to detect and mitigate the threat.
HTTP
FTP
Internet
Cisco
MARS
DMZ Switch
2) Attack identified
- use of granular
ACLs to further
identify attack
ISP Router
4) Attack can be blocked
via firewall
Internet WAN
Router
Stateful Firewall
1) Network load
increasing - spotted by
rising CPU, interface
stats, and NetFlow
3) Deep packet scanning
via IPS - determining
attack signature
NIPS
Campus
Internal User
Figure 13-6
Threat Detection and Mitigation
Cisco IronPort ESA
IronPort Email Security Appliances (ESA) are designed to protect networks from today's
and tomorrow's email threats. IronPort ESA is a firewall and threat-monitoring appliance
for S imple Mail Tran sfer P rotocol (SMTP; TCP por t 25)-bas ed t raffic. In the email deliver y
process, ESA acts as a SMTP gateway firewall for the enterprise. One of the advantages of
using IronPort ESA for your MTA is that ESA can determine the source IP address and
query that against the Cisco SensorBase to get the sender's reputation score. IronPort ESA
uses the reputation score to stop junk mail and various malware from arriving in users'
mailboxes.
Multiple deployment options are available depending on the number of interfaces used. It
