Год выпуска: 2006
Автор: Dale Tesch, Greg Abelar
Издательство: Cisco Press
Качество: eBook (изначально компьютерное)
Количество страниц: 408
The Cisco Security Monitoring, Analysis, and Response System (CS-MARS) is a network appliance that takes security deployment to the next tier and provides automated threat recognition and mitigation to the existing security and network deployment. In nearly every case, enterprises will realize substantial cost savings and drastically change the effectiveness of their security responders by electing to deploy CS-MARS.
•CS-MARS consolidates and correlates security events and syslogs from the following Cisco and third-party hardware and software devices:
•Cisco and third-party network switches
•Cisco and third-party firewalls
•Cisco and third-party security appliances
•Cisco and third-party software-based security applications
•Industry-leading web servers
•Industry-leading application servers
•Windows and UNIX-style host operating systems
•Windows and UNIX-style network operating systems
The result of this consolidation and correlation is that CS-MARS accurately determines valid network and hosts attacks and then adds substantial value to that information by making recommendations on where you can mitigate these attacks on your network.
Goals and Methods
•The risks involved with using the Internet to do business
•The advantages of transitioning from a security-reporting system to an all-inclusive security and network threat recognition and mitigation system
•How CS-MARS works from a technical and procedural standpoint
•How to configure and deploy CS-MARS in your network
•The potential return on investment resulting from a successful CS-MARS deployment
This book is intended to be read cover to cover, but it is flexible enough that you can choose to read an individual chapter and first understand that CS-MARS topic before moving on to employ the information found within as you see fit.
The book is organized as follows:
Part I, "The Security Threat Identification and Response Challenge" Establishes a knowledge of existing reporting systems and calls out the advantages of an all-inclusive threat recognition and response system such as CS-MARS. This part also includes return-on-investment information that you can realize by deploying CS-MARS in your network. Part I includes the following chapters:
- Chapter 1, "Understanding SIM and STM" Explains the differences between a security information management (SIM) system and a security threat mitigation (STM) system. An STM is called out as a superior architecture because it includes information consolidated between security devices and your network infrastructure that can be used to help determine threats and to mitigate threats.
- Chapter 2, "Role of CS-MARS in Your Network" Provides an overview of how to protect your network with a concept called defense-in-depth and explains how an STM system such as CS-MARS can extend that protection.
- Chapter 3, "Deriving TCO and ROI" Uses some real-life examples to help you determine the cost of an attack if CS-MARS is deployed during a network attack versus the cost if CS-MARS is not deployed.
Part II, "CS-MARS Theory and Configuration" Explains the underlying technology that enables CS-MARS. It also provides a comprehensive step-by-step guide on how to deploy and configure CS-MARS in your network. Part II includes the following chapters:
- Chapter 4, "CS-MARS Technologies and Theory" Explains the theory and technology that lives under the covers in a CS-MARS device.
- Chapter 5, "CS-MARS Appliance Setup and Configuration" Offers a step-by-step guide explaining how to set up and configure a CS-MARS device out of the box and how to customize it for your environment.
- Chapter 6, "Reporting and Mitigative Device Configuration" Acts as a step-by-step deployment guide explaining how to configure CS-MARS to communicate with your existing hosts, servers, network devices, security appliances, and other devices in your network. This includes not only configuration information for Cisco devices, but also configuration information for supported third-party devices.
Part III, "CS-MARS Operation" Explains how to use CS-MARS to investigate reported threats. Part III includes the following chapters:
- Chapter 7, "CS-MARS Basic Operation" Explains how you use the CS-MARS device to investigate threats that are reported and how to use canned reports and queries to get additional information about events and devices in your network
- Chapter 8, "Advanced Operation and Security Analysis" Explains how to use custom reports and custom queries to generate almost any useful combination of device and event information possible about your network and security events
Part IV, "CS-MARS in Action" Shares success stories from existing CS-MARS customers. Part IV includes the following chapter:
- Chapter 9, "CS-MARS Uncovered" Shares stories from customers regarding how CS-MARS added value to their networks and, in one case, how CS-MARS even paid for itself "before" it was officially deployed on a customer network
Part V, "Appendixes" Provides valuable information that didn't fit within the context of the chapters of the book. Part V includes the following appendixes:
- Appendix A, "Useful Security Websites" Lists some of the authors' favorite websites that include information about attacks, attack tools, attack research, and general security information
- Appendix B, "CS-MARS Quick Data Sheets" Provides consolidated data sheets containing useful technical information about the CS-MARS product
- Appendix C, "CS-MARS Supplements" Includes worksheets that provide information useful for configuring and deploying CS-MARS
- Appendix D, "Command-Line Interface" Provides information about the commands that are available through the CS-MARS command-line interface
- Appendix E, "CS-MARS Reporting" Lists information about the canned reports available in CS-MARS 4.1
- Appendix F, "CS-MARS Console Access" Explains how to use a PC to connect to the CS-MARS serial console to access the CS-MARS command-line interface
- Appendix G, "CS-MARS Check Point Configuration" Provides critical information explaining how to configure your Check Point security appliance to communicate with your CS-MARS device.
[*]Cisco Network Admission Control, Volume II: NAC Framework Deploment and Troubleshooting -